CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-28815

Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by acces ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：17 | 回复：0
CVE-2020-9493

A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：16 | 回复：0
CVE-2021-21441

There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending speci ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：30 | 回复：0
CVE-2021-20093

A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions 7.21a. An unauthenticated remote attacker can exploit this issue to disclose heap memory contents or crash the CodeMeter Run ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：21 | 回复：0
CVE-2021-20094

A denial of service vulnerability exists in Wibu-Systems CodeMeter versions 7.21a. An unauthenticated remote attacker can exploit this issue to crash the CodeMeter Runtime Server.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：27 | 回复：0
CVE-2021-27481

ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：5 | 回复：0
CVE-2021-27487

ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products contain credentials stored in plaintext. This could allow an attacker to gain access to sensitive information.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：13 | 回复：0
CVE-2021-27489

ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allows a non-administrative user to upload a malicious file. This file could allow an attacker to remotely execute arbitrary commands.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：7 | 回复：0
CVE-2021-28979

SafeNet KeySecure Management Console 8.12.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to retu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：6 | 回复：0
CVE-2021-30468

A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CP ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：13 | 回复：0
CVE-2021-32033

Protectimus SLIM NFC 70 10.01 devices allow a Time Traveler attack in which attackers can predict TOTP passwords in certain situations. The time value used by the device can be set independently from ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：19 | 回复：0
CVE-2021-32612

The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：13 | 回复：0
CVE-2021-33813

An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：24 | 回复：0
CVE-2021-34683

An issue was discovered in EXCELLENT INFOTEK CORPORATION (EIC) E-document System 3.0. A remote attacker can use kw/auth/bbs/asp/get_user_email_info_bbs.asp to obtain the contact information (name and ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：18 | 回复：0
CVE-2021-27479

ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product’s web application could allow a low privilege user to inject parameters to contain malicious scripts to be executed by higher privile ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：12 | 回复：0
CVE-2021-27483

ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products contain insecure filesystem permissions that could allow a lower privilege user to escalate privileges to an administrative level use ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：13 | 回复：0
CVE-2021-27485

ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to retrieve the credentials from the web brows ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：12 | 回复：0
CVE-2021-31159

Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：18 | 回复：0
CVE-2021-31857

In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for non-website resource types.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：13 | 回复：0
CVE-2021-32928

The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prior) adds a firewall rule named “Sentinel License Manager” that allows incoming connections from private networks using TCP Port 1 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：20 | 回复：0
CVE-2020-8299

Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：23 | 回复：0
CVE-2020-8300

Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：22 | 回复：0
CVE-2021-21667

Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter names shown in job configuration forms, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：24 | 回复：0
CVE-2021-21668

Jenkins Scriptler Plugin 3.1 and earlier does not escape script content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：28 | 回复：0
CVE-2021-22914

Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Such i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：9 | 回复：0
CVE-2021-27610

SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and d ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：14 | 回复：0
CVE-2021-34801

Valine 1.4.14 allows remote attackers to cause a denial of service (application outage) by supplying a ua (aka User-Agent) value that only specifies the product and version.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：20 | 回复：0
CVE-2021-34803

TeamViewer before 14.7.48644 on Windows loads untrusted DLLs in certain situations.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：26 | 回复：0
CVE-2020-20444

Jact OpenClinic 0.8.20160412 allows the attacker to read server files after login to the the admin account by an infected 'file' GET parameter in '/shared/view_source.php' which could ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：14 | 回复：0
CVE-2020-22198

SQL Injection vulnerability in DedeCMS 5.7 via mdescription parameter to member/ajax_membergroup.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：6 | 回复：0
CVE-2020-24939

Prototype pollution in Stampit supermixer 1.0.3 allows an attacker to modify the prototype of a base object which can vary in severity depending on the implementation.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：30 | 回复：0
CVE-2020-27339

In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. Th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：21 | 回复：0
CVE-2020-35759

bloofoxCMS 0.5.2.1 is infected with a CSRF Attack that leads to an attacker editing any file content (Locally/Remotely).……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：18 | 回复：0
CVE-2020-35760

bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that allows attackers to upload malicious files (ex: php files).……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：15 | 回复：0
CVE-2020-35761

bloofoxCMS 0.5.2.1 is infected with XSS that allows remote attackers to execute arbitrary JS/HTML Code.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：30 | 回复：0
CVE-2020-35762

bloofoxCMS 0.5.2.1 is infected with Path traversal in the 'fileurl' parameter that allows attackers to read local files.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：17 | 回复：0
CVE-2020-22199

SQL Injection vulnerability in phpCMS 2007 SP6 build 0805 via the digg_mod parameter to digg_add.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：25 | 回复：0
CVE-2020-22200

Directory Traversal vulnerability in phpCMS 9.1.13 via the q parameter to public_get_suggest_keyword.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：15 | 回复：0
CVE-2020-22201

phpCMS 2008 sp4 allowas remote malicious users to execute arbitrary php commands via the pagesize parameter to yp/product.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：19 | 回复：0
CVE-2021-20483

IBM Security Identity Manager 6.0.2 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obt ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：14 | 回复：0