CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-24367

The WP Config File Editor WordPress plugin through 1.7.1 was affected by an Authenticated Stored Cross-Site Scripting (XSS) vulnerability.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：8 | 回复：0
CVE-2021-24369

In the GetPaid WordPress plugin before 2.3.4, users with the contributor role and above can create a new Payment Form, however the Label and Help Text input fields were not getting sanitized properly. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：10 | 回复：0
CVE-2021-24370

The Fancy Product Designer WordPress plugin before 4.6.9 allows unauthenticated attackers to upload arbitrary files, resulting in remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：15 | 回复：0
CVE-2021-24372

The WP Hardening â€“ Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the $_SERVER before outputting it in an attribute, leading to a reflected Cross-Site Script ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：5 | 回复：0
CVE-2021-24373

The WP Hardening â€“ Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the historyvalue GET parameter before outputting it in a Javascript block, leading to a ref ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：14 | 回复：0
CVE-2021-24374

The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a carousel type image gallery and allows users to comment on the images. A security vulnerability was foun ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：9 | 回复：0
CVE-2021-24376

The Autoptimize WordPress plugin before 2.7.8 attempts to delete malicious files (such as .php) form the uploaded archive via the Import Settings feature, after its extraction. However, the extracted ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：5 | 回复：0
CVE-2021-24377

The Autoptimize WordPress plugin before 2.7.8 attempts to remove potential malicious files from the extracted archive uploaded via the 'Import Settings' feature, however this is not sufficient ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：5 | 回复：0
CVE-2021-24378

The Autoptimize WordPress plugin before 2.7.8 does not check for malicious files such as .html in the archive uploaded via the 'Import Settings' feature. As a result, it is possible for a high ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：5 | 回复：0
CVE-2021-24379

The Comments Like Dislike WordPress plugin before 1.1.4 allows users to like/dislike posted comments, however does not prevent them from replaying the AJAX request to add a like. This allows any user ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：6 | 回复：0
CVE-2021-24383

The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, validate of escape the Map Name when output in the Map List of the admin dashboard, leading to an authenticated Stored Cross-Site Sc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：10 | 回复：0
CVE-2021-29061

A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Vfsjfilechooser2 version 0.2.9 and below which occurs when the application attempts to validate crafted URIs.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：8 | 回复：0
CVE-2021-29063

A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Mpmath v1.0.0 when the mpmathify function is called.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：14 | 回复：0
CVE-2021-35066

An XXE vulnerability exists in ConnectWise Automate before 2021.0.6.132.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：16 | 回复：0
CVE-2021-32698

eLabFTW is an open source electronic lab notebook for research labs. This vulnerability allows an attacker to make GET requests on behalf of the server. It is blind because the attacker cannot see the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：14 | 回复：0
CVE-2021-34386

Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the calloc size calculation can cause the multiplication of count and size can overflow, which might lead to h ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：9 | 回复：0
CVE-2021-34387

The ARM TrustZone Technology on which Trusty is based on contains a vulnerability in access permission settings where the portion of the DRAM reserved for TrustZone is identity-mapped by TLK with read ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：8 | 回复：0
CVE-2021-34388

Bootloader contains a vulnerability in NVIDIA TegraBoot where a potential heap overflow might allow an attacker to control all the RAM after the heap block, leading to denial of service or code execut ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：11 | 回复：0
CVE-2021-34389

Trusty contains a vulnerability in NVIDIA OTE protocol message parsing code, which is present in all the TAs. An incorrect bounds check can allow a local user through a malicious client to access memo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：19 | 回复：0
CVE-2010-0413

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：19 | 回复：0
CVE-2010-1432

Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 1.5 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：14 | 回复：0
CVE-2010-1433

Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：17 | 回复：0
CVE-2010-1434

Joomla! Core is prone to a session fixation vulnerability. An attacker may leverage this issue to hijack an arbitrary session and gain access to sensitive information, which may help in launching furt ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：20 | 回复：0
CVE-2010-1435

Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently retrieve password reset tokens from the dat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：13 | 回复：0
CVE-2021-35196

** DISPUTED ** Manuskript through 0.12.0 allows remote attackers to execute arbitrary code via a crafted settings.pickle file in a project file, because there is insecure deserialization via the pickl ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：18 | 回复：0
CVE-2021-20733

Improper authorization in handler for custom URL scheme vulnerability in ????????? (asken diet) for Android versions from v.3.0.0 to v.4.2.x allows a remote attacker to lead a user to access an arbitr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：20 | 回复：0
CVE-2021-20734

Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary script or HTML via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：19 | 回复：0
CVE-2021-20735

Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earli ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：10 | 回复：0
CVE-2021-20736

NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to obtain and/or alter the information stored in the database via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：16 | 回复：0
CVE-2021-20737

Improper authentication vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to view the unauthorized pages without access privileges via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：17 | 回复：0
CVE-2021-20741

Cross-site scripting vulnerability in Hitachi Application Server Help (Hitachi Application Server V10 Manual (Windows) version 10-11-01 and earlier and Hitachi Application Server V10 Manual (UNIX) ver ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：22 | 回复：0
CVE-2021-20742

Cross-site scripting vulnerability in EC-CUBE Business form output plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.1 allows a remote attacker to inject an arbitrary script via unspecifie ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：22 | 回复：0
CVE-2021-20743

Cross-site scripting vulnerability in EC-CUBE Email newsletters management plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.4 allows a remote attacker to inject an arbitrary script by lea ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：17 | 回复：0
CVE-2021-20744

Cross-site scripting vulnerability in EC-CUBE Category contents plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.1 allows a remote attacker to inject an arbitrary script by leading an adm ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：17 | 回复：0
CVE-2010-2475

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：26 | 回复：0
CVE-2010-2485

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：29 | 回复：0
CVE-2010-2486

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：26 | 回复：0
CVE-2021-0534

In permission declarations of DeviceAdminReceiver.java, there is a possible lack of broadcast protection due to an insecure default value. This could lead to local escalation of privilege with no addi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：20 | 回复：0
CVE-2021-0535

In wpas_ctrl_msg_queue_timeout of ctrl_iface_unix.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges ne ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：17 | 回复：0
CVE-2021-0554

In isBackupServiceActive of BackupManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interac ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：19 | 回复：0