CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-33557

An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：13 | 回复：0
CVE-2021-32695

Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.16.1, a malicious app on the same device could have gotten access to the shared preferences of the Nextcloud Android a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：14 | 回复：0
CVE-2021-32424

In TrendNet TW100-S4W1CA 2.3.32, due to a lack of proper session controls, a threat actor could make unauthorized changes to an affected router via a specially crafted web page. If an authenticated us ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：16 | 回复：0
CVE-2021-32426

In TrendNet TW100-S4W1CA 2.3.32, it is possible to inject arbitrary JavaScript into the router's web interface via the echo command.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：11 | 回复：0
CVE-2021-32694

Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.15.1, a malicious application on the same device is possible to crash the Nextcloud Android Client due to an uncaught ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：16 | 回复：0
CVE-2021-32693

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. A vulnerability related to firewall authentication is in Symfony starting with version 5.3.0 and prior ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：18 | 回复：0
CVE-2021-34553

Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been grant ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：16 | 回复：0
CVE-2021-34808

Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：9 | 回复：0
CVE-2021-34809

Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote aut ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：18 | 回复：0
CVE-2021-34810

Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：13 | 回复：0
CVE-2021-34811

Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspeci ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：10 | 回复：0
CVE-2021-34812

Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：13 | 回复：0
CVE-2021-21669

Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：23 | 回复：0
CVE-2021-32536

The login page in the MCUsystem does not filter with special characters, which allows remote attackers can inject JavaScript without privilege and thus perform reflected XSS attacks.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：12 | 回复：0
CVE-2021-33347

An issue was discovered in JPress v3.3.0 and below. There are XSS vulnerabilities in the template module and tag management module. If you log in to the background by means of weak password, the stora ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：14 | 回复：0
CVE-2021-33576

An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：14 | 回复：0
CVE-2021-33577

An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for the sender of an AS2 message to identify themselves (via encryption and signing of the message) can be bypassed by changing the Con ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：21 | 回复：0
CVE-2021-26834

A cross-site scripting (XSS) vulnerability exists in Znote 0.5.2. An attacker can insert payloads, and the code execution will happen immediately on markdown view mode.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：16 | 回复：0
CVE-2021-26835

No filtering of cross-site scripting (XSS) payloads in the markdown-editor in Zettlr 1.8.7 allows attackers to perform remote code execution via a crafted file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：15 | 回复：0
CVE-2021-34815

CheckSec Canopy before 3.5.2 allows XSS attacks against the login page via the LOGIN_PAGE_DISCLAIMER parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：21 | 回复：0
CVE-2005-0394

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：15 | 回复：0
CVE-2007-3733

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：22 | 回复：0
CVE-2021-21997

VMware Tools for Windows (11.x.y prior to 11.3.0) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest operating system, w ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：30 | 回复：0
CVE-2018-14639

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：8 | 回复：0
CVE-2021-23845

This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：12 | 回复：0
CVE-2021-23846

When using http protocol, the user password is transmitted as a clear text parameter for which it is possible to be obtained by an attacker through a MITM attack. This will be fixed starting from Firm ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：16 | 回复：0
CVE-2021-32954

Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：20 | 回复：0
CVE-2021-32956

Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious we ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：19 | 回复：0
CVE-2005-2795

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：16 | 回复：0
CVE-2020-18442

Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value zzip_file_read in the function unzzip_cat_file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：15 | 回复：0
CVE-2021-3604

Secure 8 (Evalos) does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. An attacker could exploit this vulnerability in order to extract information ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：21 | 回复：0
CVE-2021-33818

An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：15 | 回复：0
CVE-2021-33820

An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67.Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted. Then the web server is ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：11 | 回复：0
CVE-2021-33822

An issue was discovered on 4GEE ROUTER HH70VB Version HH70_E1_02.00_22. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to fini ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：7 | 回复：0
CVE-2021-21282

Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In versions prior to 4.5, buffer overflow can be triggered by an input packet when using either of Contiki ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：9 | 回复：0
CVE-2021-32696

The npm package striptags is an implementation of PHP's strip_tags in Typescript. In striptags before version 3.2.0, a type-confusion vulnerability can cause `striptags` to concatenate unsanitized ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：12 | 回复：0
CVE-2021-33823

An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted. Then the web server is denial ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：11 | 回复：0
CVE-2021-33824

An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to fin ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：20 | 回复：0
CVE-2021-21257

Contiki-NG is an open-source, cross-platform operating system for internet of things devices. The RPL-Classic and RPL-Lite implementations in the Contiki-NG operating system versions prior to 4.6 do n ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：32 | 回复：0
CVE-2021-21279

Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In verions prior to 4.6, an attacker can perform a denial-of-service attack by triggering an infinite loop ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：17 | 回复：0