CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-20488

IBM Security Identity Manager 6.0.2 could allow an authenticated malicious user to change the passwords of other users in the Windows AD environment when IBM Security Identity Manager Windows Password ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：20 | 回复：0
CVE-2021-20566

IBM Resilient SOAR V38.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 199238.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：20 | 回复：0
CVE-2021-20567

IBM Resilient SOAR V38.0 could allow a local privileged attacker to obtain sensitive information due to improper or nonexisting encryption.IBM X-Force ID: 199239.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：17 | 回复：0
CVE-2021-29702

Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT state ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：30 | 回复：0
CVE-2020-22203

SQL Injection in phpCMS 2008 sp4 via the genre parameter to yp/job.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：21 | 回复：0
CVE-2020-22204

SQL Injection in ECShop 2.7.6 via the goods_number parameter to flow.php. .……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：16 | 回复：0
CVE-2020-22205

SQL Injection in ECShop 3.0 via the id parameter to admin/shophelp.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：13 | 回复：0
CVE-2020-22206

SQL Injection in ECShop 3.0 via the aid parameter to admin/affiliate_ck.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：13 | 回复：0
CVE-2020-22208

SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajax_street.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：22 | 回复：0
CVE-2020-22209

SQL Injection in 74cms 3.2.0 via the query parameter to plus/ajax_common.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：17 | 回复：0
CVE-2020-22210

SQL Injection in 74cms 3.2.0 via the x parameter to ajax_officebuilding.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：18 | 回复：0
CVE-2020-22211

SQL Injection in 74cms 3.2.0 via the key parameter to plus/ajax_street.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：38 | 回复：0
CVE-2020-22212

SQL Injection in 74cms 3.2.0 via the id parameter to wap/wap-company-show.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：24 | 回复：0
CVE-2021-1395

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：23 | 回复：0
CVE-2021-1524

A vulnerability in the API of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because r ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：33 | 回复：0
CVE-2021-1541

Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：20 | 回复：0
CVE-2021-1542

Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：16 | 回复：0
CVE-2021-1543

Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：20 | 回复：0
CVE-2021-1566

A vulnerability in the Cisco Advanced Malware Protection (AMP) for Endpoints integration of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco Web Security Appliance (WSA) could allow an ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：32 | 回复：0
CVE-2021-1567

A vulnerability in the DLL loading mechanism of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：25 | 回复：0
CVE-2021-1568

A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. This vulnerabili ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：13 | 回复：0
CVE-2021-1569

Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for Mac, and Cisco Jabber for mobile platforms could allow an attacker to access sensitive information or cause a denial of service ( ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：21 | 回复：0
CVE-2021-1570

Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for Mac, and Cisco Jabber for mobile platforms could allow an attacker to access sensitive information or cause a denial of service ( ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：26 | 回复：0
CVE-2021-1571

Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：17 | 回复：0
CVE-2021-34551

PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：21 | 回复：0
CVE-2021-34813

Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client (while it is attempting to retrieve an Olm encrypted room key backup from the homeserver) because olm_pk_decrypt has a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：26 | 回复：0
CVE-2020-25752

An issue was discovered on Enphase Envoy R3.x and D4.x devices. There are hardcoded web-panel login passwords for the installer and Enphase accounts. The passwords for these accounts are hardcoded val ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：30 | 回复：0
CVE-2020-25753

An issue was discovered on Enphase Envoy R3.x and D4.x devices with v3 software. The default admin password is set to the last 6 digits of the serial number. The serial number can be retrieved by an u ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：9 | 回复：0
CVE-2020-25754

An issue was discovered on Enphase Envoy R3.x and D4.x devices. There is a custom PAM module for user authentication that circumvents traditional user authentication. This module uses a password deriv ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：11 | 回复：0
CVE-2020-25755

An issue was discovered on Enphase Envoy R3.x and D4.x (and other current) devices. The upgrade_start function in /installer/upgrade_start allows remote authenticated users to execute arbitrary comman ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：17 | 回复：0
CVE-2021-32659

Matrix-appservice-bridge is the bridging service for the Matrix communication program's application services. In versions 2.6.0 and earlier, if a bridge has room upgrade handling turned on in the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：10 | 回复：0
CVE-2021-34202

There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640) 1.01B04. Ordinary permissions can be elevated to administrator permissions, resulting in local arbitrary c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：8 | 回复：0
CVE-2021-34201

D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640). Local ordinary users can overwrite the globa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：11 | 回复：0
CVE-2021-34203

D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 (dir-2640-us), when setting PPPoE, will start quagga process in the way of whole network monitoring, and this functi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：6 | 回复：0
CVE-2021-34204

D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. D-Link AC2600(DIR-2640) stores the device system account password in plain text. It does not use linux user management. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：11 | 回复：0
CVE-2021-32243

FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated).……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：25 | 回复：0
CVE-2021-32244

Cross Site Scripting (XSS) in Moodle 3.10.3 allows remote attackers to execute arbitrary web script or HTML via the Description field.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：14 | 回复：0
CVE-2021-32245

In PageKit v1.0.18, a user can upload SVG files in the file upload portion of the CMS. These SVG files can contain malicious scripts. This file will be uploaded to the system and it will not be stripp ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：13 | 回复：0
CVE-2021-32690

Helm is a tool for managing Charts (packages of pre-configured Kubernetes resources). In versions of helm prior to 3.6.1, a vulnerability exists where the username and password credentials associated ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：23 | 回复：0
CVE-2021-32691

Apollos Apps is an open source platform for launching church-related apps. In Apollos Apps versions prior to 2.20.0, new user registrations are able to access anyone's account by only knowing thei ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：25 | 回复：0