CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-33532

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted diagnostic script file name can caus ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：25 | 回复：0
CVE-2021-33533

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted iw_serverip parameter can cause user ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：23 | 回复：0
CVE-2021-33534

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the hostname functionality. A specially crafted entry to network configuration info ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：20 | 回复：0
CVE-2021-33535

In Weidmueller Industrial WLAN devices in multiple versions an exploitable format string vulnerability exists in the iw_console conio_writestr functionality. A specially crafted time server entry can ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：34 | 回复：0
CVE-2021-33536

In Weidmueller Industrial WLAN devices in multiple versions an exploitable denial-of-service vulnerability exists in ServiceAgent functionality. A specially crafted packet can cause an integer underfl ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：19 | 回复：0
CVE-2021-33537

In Weidmueller Industrial WLAN devices in multiple versions an exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality. A specially crafted user name ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：21 | 回复：0
CVE-2021-33538

In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iw_webs account settings functionality. A specially crafted user name ent ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：21 | 回复：0
CVE-2021-33539

In Weidmueller Industrial WLAN devices in multiple versions an exploitable authentication bypass vulnerability exists in the hostname processing. A specially configured device hostname can cause the d ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：16 | 回复：0
CVE-2021-33540

In certain devices of the Phoenix Contact AXL F BK and IL BK product families an undocumented password protected FTP access to the root directory exists.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：29 | 回复：0
CVE-2021-33541

Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all versions/variants are affected by a Denial-of-Service vulnerability. The communication protocols and device access do not feature auth ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：23 | 回复：0
CVE-2021-33542

Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 and below is affected by a remote code execution vulnerability. Manipulated PC Worx or Config+ projects could lead to a remote co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：38 | 回复：0
CVE-2021-34427

In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running inst ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：34 | 回复：0
CVE-2021-1073

NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability in the login flow when a user tries to log in by using a browser, while, at the same time, any other web page is loaded ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：20 | 回复：0
CVE-2021-25654

An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local user to execute specially crafted scripts. Affects 7.0 through 8.1.4.0 version ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：40 | 回复：0
CVE-2021-35502

app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp in MISP 2.4.144 does not sanitize certain data related to generic-template:index.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：27 | 回复：0
CVE-2021-35513

Mermaid before 8.11.0 allows XSS when the antiscript feature is used.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：34 | 回复：0
CVE-2021-20740

Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions prior to 6.4.3-09, and NEC Storage M Series NAS Gateway Nh4a/Nh8a versions prior to FOS 5.5.3-08(NEC2.5.4a) and Nh4b/Nh8b, Nh4c/Nh ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：30 | 回复：0
CVE-2021-20745

Inkdrop versions prior to v5.3.1 allows an attacker to execute arbitrary OS commands on the system where it runs by loading a file or code snippet containing an invalid iframe into Inkdrop.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：19 | 回复：0
CVE-2021-20746

Cross-site scripting vulnerability in WordPress Popular Posts 5.3.2 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：24 | 回复：0
CVE-2021-20749

Cross-site scripting vulnerability in Fudousan plugin ver5.7.0 and earlier, Fudousan Plugin Pro Single-User Type ver5.7.0 and earlier, and Fudousan Plugin Pro Multi-User Type ver5.7.0 and earlier allo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：32 | 回复：0
CVE-2021-20750

Cross-site scripting vulnerability in EC-CUBE EC-CUBE 3.0.0 to 3.0.18-p2 (EC-CUBE 3 series) and EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series) allows a remote attacker to inject an arbitrary script by l ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：28 | 回复：0
CVE-2021-20751

Cross-site scripting vulnerability in EC-CUBE EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series) allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：35 | 回复：0
CVE-2021-23399

This affects all versions of package wincred. If attacker-controlled user input is given to the getCredential function, it is possible for an attacker to execute arbitrary commands. This is due to use ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：37 | 回复：0
CVE-2021-20099

Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows exe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：34 | 回复：0
CVE-2021-20100

Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows exe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：39 | 回复：0
CVE-2018-1138

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: Assigned as a duplicate of CVE-2019-14827.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：27 | 回复：0
CVE-2021-29157

Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：25 | 回复：0
CVE-2021-32496

SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inadequate Encryption Strength vulnerability concerning the internal SSH interface solely used by SICK for recovering returned devices ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：19 | 回复：0
CVE-2021-35514

Narou (aka Narou.rb) before 3.8.0 allows Ruby Code Injection via the title name or author name of a novel.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：33 | 回复：0
CVE-2020-15303

Infoblox NIOS before 8.5.2 allows entity expansion during an XML upload operation, a related issue to CVE-2003-1564.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：20 | 回复：0
CVE-2020-28200

The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：18 | 回复：0
CVE-2021-31337

The Telnet service of the SIMATIC HMI Comfort Panels system component in affected products does not require authentication, which may allow a remote attacker to gain access to the device if the servic ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：28 | 回复：0
CVE-2021-33515

The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：24 | 回复：0
CVE-2021-21083

AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by an Improper Access Control vulnerability. An unauthenticated atta ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：29 | 回复：0
CVE-2021-21084

AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：34 | 回复：0
CVE-2021-21090

Adobe InCopy version 16.0 (and earlier) is affected by an path traversal vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve remote code ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：23 | 回复：0
CVE-2021-21098

Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve remo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：27 | 回复：0
CVE-2021-21099

Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve remo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：24 | 回复：0
CVE-2021-21101

Adobe Illustrator version 25.2 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：25 | 回复：0
CVE-2021-21102

Adobe Illustrator version 25.2 (and earlier) is affected by a Path Traversal vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achie ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：35 | 回复：0