CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-32710

Shopware is an open source eCommerce platform. Potential session hijacking of store customers in versions below 6.3.5.2. We recommend to update to the current version 6.3.5.2. You can get the update t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：22 | 回复：0
CVE-2021-32711

Shopware is an open source eCommerce platform. Versions prior to 6.3.5.1 may leak of information via Store-API. The vulnerability could only be fixed by changing the API system, which involves a non-b ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：34 | 回复：0
CVE-2021-35448

Emote Interactive Remote Mouse 3.008 on Windows allows attackers to execute arbitrary programs as Administrator by using the Image Transfer Folder feature to navigate to cmd.exe. It binds to local por ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：30 | 回复：0
CVE-2021-32712

Shopware is an open source eCommerce platform. Versions prior to 5.6.10 are vulnerable to system information leakage in error handling. Users are recommend to update to version 5.6.10. You can get the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：30 | 回复：0
CVE-2021-32713

Shopware is an open source eCommerce platform. Versions prior to 5.6.10 suffer from an authenticated stored XSS in administration vulnerability. Users are recommend to update to the version 5.6.10. Yo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：13 | 回复：0
CVE-2021-32716

Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 the admin api has exposed some internal hidden fields when an association has been loaded with a to many reference. Users ar ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：25 | 回复：0
CVE-2021-32717

Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 private files publicly accessible with Cloud Storage providers when the hashed URL is known. Users are recommend to first ch ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：19 | 回复：0
CVE-2021-35475

SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server. The XSS will prompt when editing the Configuration Properties.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：20 | 回复：0
CVE-2021-28958

Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：22 | 回复：0
CVE-2021-31615

Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 may permit an adjacent device to inject a crafted packet during the receive window of the listening dev ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：35 | 回复：0
CVE-2021-35047

Vulnerability in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with user level access to the CLI to inject root level commands into the compone ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：30 | 回复：0
CVE-2021-35048

Vulnerability in Fidelis Network and Deception CommandPost enables unauthenticated SQL injection through the web interface. The vulnerability could lead to exposure of authentication tokens in some ve ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：32 | 回复：0
CVE-2021-35049

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface. The vulnerability could allow a specially crafted HTTP request to execute ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：34 | 回复：0
CVE-2021-35050

User credentials stored in a recoverable format within Fidelis Network and Deception CommandPost. In the event that an attacker gains access to the CommandPost, these values could be decoded and used ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：32 | 回复：0
CVE-2020-26801

A stored cross-site scripting (XSS) vulnerability was discovered in /Forms/device_vars_1 on TrippLite SU2200RTXL2Ua with firmware version 12.04.0055. This vulnerability allows authenticated attackers ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：28 | 回复：0
CVE-2021-27040

A maliciously crafted DWG file can be forced to read beyond allocated boundaries when parsing the DWG file. This vulnerability can be exploited to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：33 | 回复：0
CVE-2021-27041

A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：32 | 回复：0
CVE-2021-27042

A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. The vulnerability exists because the application fails to handle a crafted DWG file, which caus ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：23 | 回复：0
CVE-2021-27043

An Arbitrary Address Write issue in the Autodesk DWG application can allow a malicious user to leverage the application to write in unexpected paths. In order to exploit this the attacker would need t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：28 | 回复：0
CVE-2021-33895

ETINET BACKBOX E4.09 and H4.09 mismanages password access control. When a user uses the User ID of the process running BBSV to login to the Backbox UI application, the system procedure (USER_AUTHENTIC ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：35 | 回复：0
CVE-2021-34183

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：29 | 回复：0
CVE-2021-34184

Miniaudio 0.10.35 has a Double free vulnerability that could cause a buffer overflow in ma_default_vfs_close__stdio in miniaudio.h.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：29 | 回复：0
CVE-2021-34185

Miniaudio 0.10.35 has an integer-based buffer overflow caused by an out-of-bounds left shift in drwav_bytes_to_u32 in miniaudio.h……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：29 | 回复：0
CVE-2021-34074

PandoraFMS =7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager. To bypass the built-in protection, a relative path is used in the requests.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：29 | 回复：0
CVE-2021-35501

PandoraFMS =7.54 allows Stored XSS by placing a payload in the name field of a visual console. When a user or an administrator visits the console, the XSS payload will be executed.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：32 | 回复：0
CVE-2021-3314

** UNSUPPORTED WHEN ASSIGNED ** Oracle GlassFish Server 3.1.2.18 and below allows /common/logViewer/logViewer.jsf XSS. A malicious user can cause an administrator user to supply dangerous content to t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：27 | 回复：0
CVE-2021-32702

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before and including `1.4.1` are vulnerable to reflected XSS. An attacker can execute arbitrar ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：33 | 回复：0
CVE-2020-4609

IBM Security Sevret Server (IBM Security Verify Privilege Manager 10.8.2) is vulnerable to a buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and execute a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：32 | 回复：0
CVE-2020-4610

IBM Security Secret Server (IBM Security Verify Privilege Manager 10.8.2 ) could allow a local user to execute code due to improper integrity checks. IBM X-Force ID: 184919.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：22 | 回复：0
CVE-2021-20583

IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) could disclose sensitive information through an HTTP GET request by a privileged user due to improper input validation.. IBM X-Force I ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：30 | 回复：0
CVE-2021-29676

IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to link injection. By persuading a victim to click on a specially-crafted URL link, a remote attacker could exploit this ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：33 | 回复：0
CVE-2021-29677

IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：30 | 回复：0
CVE-2021-21002

In Phoenix Contact FL COMSERVER UNI in versions 2.40 a invalid Modbus exception response can lead to a temporary denial of service.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：28 | 回复：0
CVE-2021-21003

In Phoenix Contact FL SWITCH SMCS series products in multiple versions fragmented TCP-Packets may cause a Denial of Service of Web-, SNMP- and ICMP-Echo services. The switching functionality of the de ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：91 | 回复：0
CVE-2021-21004

In Phoenix Contact FL SWITCH SMCS series products in multiple versions an attacker may insert malicious code via LLDP frames into the web-based management which could then be executed by the client.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：31 | 回复：0
CVE-2021-21005

In Phoenix Contact FL SWITCH SMCS series products in multiple versions if an attacker sends a hand-crafted TCP-Packet with the Urgent-Flag set and the Urgent-Pointer set to 0, the network stack will c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：22 | 回复：0
CVE-2021-33528

In Weidmueller Industrial WLAN devices in multiple versions an exploitable privilege escalation vulnerability exists in the iw_console functionality. A specially crafted menu selection string can caus ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：14 | 回复：0
CVE-2021-33529

In Weidmueller Industrial WLAN devices in multiple versions the usage of hard-coded cryptographic keys within the service agent binary allows for the decryption of captured traffic across the network ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：23 | 回复：0
CVE-2021-33530

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the devices. A specially crafted diagn ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：22 | 回复：0
CVE-2021-33531

In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities. The device operating system contains an undocu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：18 | 回复：0