CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-28689

x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests 32-bit x86 PV guest kernels run in ring 1. At the time when Xen was developed, this area of the i386 architecture was rarely used ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：12 | 回复：0
CVE-2021-29754

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trust Association Interceptor (TAI). IBM X-Force ID: 20200 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：24 | 回复：0
CVE-2020-28907

Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to download of an untrusted update package in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：14 | 回复：0
CVE-2020-28908

Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to nagios.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：18 | 回复：0
CVE-2020-28909

Incorrect File Permissions in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root via modification of scripts. Low-privileges users are able to modify files that can be executed by ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：21 | 回复：0
CVE-2020-28910

Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and earlier allows for Privilege Escalation via creation of symlinks, which are mishandled in getprofile.sh.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：13 | 回复：0
CVE-2020-28911

Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage fused servers via the test_server command in ajaxhelper.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：17 | 回复：0
CVE-2021-32075

Re-Logic Terraria before 1.4.2.3 performs Insecure Deserialization.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：23 | 回复：0
CVE-2020-4990

IBM Security Guardium 11.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：15 | 回复：0
CVE-2021-20385

IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：22 | 回复：0
CVE-2021-20386

IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：18 | 回复：0
CVE-2021-20389

IBM Security Guardium 11.2 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 195770.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：17 | 回复：0
CVE-2021-20419

IBM Security Guardium 11.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196280.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：17 | 回复：0
CVE-2021-20426

IBM Security Guardium 11.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：19 | 回复：0
CVE-2021-20428

IBM Security Guardium 11.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：15 | 回复：0
CVE-2021-20557

IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 199184.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：26 | 回复：0
CVE-2021-3485

An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint Security Tools for Linux allows a man-in-the-middle attacker to abuse the DownloadFile function of the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：17 | 回复：0
CVE-2021-33516

An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into trigger ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：24 | 回复：0
CVE-2019-12348

An issue was discovered in zzcms 2019. SQL Injection exists in user/ztconfig.php via the daohang or img POST parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：37 | 回复：0
CVE-2021-29300

The @ronomon/opened library before 1.5.2 is vulnerable to a command injection vulnerability which would allow a remote attacker to execute commands on the system if the library was used with untrusted ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：19 | 回复：0
CVE-2021-32629

Cranelift is an open-source code generator maintained by Bytecode Alliance. It translates a target-independent intermediate representation into executable machine code. There is a bug in 0.73 of the C ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：17 | 回复：0
CVE-2021-33502

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URL ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：13 | 回复：0
CVE-2021-32624

Keystone 5 is an open source CMS platform to build Node.js applications. This security advisory relates to a newly discovered capability in our query infrastructure to directly or indirectly expose th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：12 | 回复：0
CVE-2020-20907

MetInfo 7.0 beta is affected by a file modification vulnerability. Attackers can delete and modify ini files in app/system/language/admin/language_general.class.php and app/system/include/function/fil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：19 | 回复：0
CVE-2020-21041

Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend in libavcodec/pngenc.c, which could let a remote malicious user cause a Denial of Service……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：26 | 回复：0
CVE-2020-26555

Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing withou ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：12 | 回复：0
CVE-2020-26556

Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful brute-force attack on an insufficiently random AuthValue before the provisioning ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：16 | 回复：0
CVE-2020-26557

Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (without possession of the AuthValue used in the provisioning protocol) to determine the AuthValue via a brute- ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：11 | 回复：0
CVE-2020-26558

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authen ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：32 | 回复：0
CVE-2020-26559

Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (participating in the provisioning protocol) to identify the AuthValue used given the Provisioner’s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：21 | 回复：0
CVE-2020-26560

Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, reflecting the authentication evidence from a Provisioner, to complete authentication without posses ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：19 | 回复：0
CVE-2021-29256

. The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：14 | 回复：0
CVE-2021-30081

An issue was discovered in emlog 6.0.0stable. There is a SQL Injection vulnerability that can execute any SQL statement and query server sensitive data via admin/navbar.php?action=add_page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：15 | 回复：0
CVE-2021-30082

An issue was discovered in Gris CMS v0.1. There is a Persistent XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML via admin/dashboard.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：34 | 回复：0
CVE-2021-30083

An issue was discovered in Mediat 1.4.1. There is a Reflected XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML without authentication via the 'return' par ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：29 | 回复：0
CVE-2020-20178

Ethereum 0xe933c0cd9784414d5f278c114904f5a84b396919#code.sol latest version is affected by a denial of service vulnerability in the affected payout function. Once the length of this array is too long, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：19 | 回复：0
CVE-2021-23387

The package trailing-slash before 2.0.1 are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint (such as https://example.com//attacker. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：22 | 回复：0
CVE-2021-30108

Feehi CMS 2.1.1 is affected by a Server-side request forgery (SSRF) vulnerability. When the user modifies the HTTP Referer header to any url, the server can make a request to it.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：19 | 回复：0
CVE-2021-33525

EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execution (by authenticated users) via shell metacharacters in the nagios_path parameter to lilac/export.php, as demonstrated by %26%26+curl t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：25 | 回复：0
CVE-2021-33561

A stored cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via customer_name in various forms of store administration. I ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：30 | 回复：0