CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-33562

A reflected cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via the ref parameter to a page about an arbitrary product ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：20 | 回复：0
CVE-2021-33563

Koel before 5.1.4 lacks login throttling, lacks a password strength policy, and shows whether a failed login attempt had a valid username. This might make brute-force attacks easier.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：13 | 回复：0
CVE-2020-9450

An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe exposes a REST API that can be used by everyone, even unprivileged users. This API is used to communicate fro ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：34 | 回复：0
CVE-2020-9451

An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe keeps a log in a folder where unprivileged users have write permissions. The logs are generated in a predicta ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：44 | 回复：0
CVE-2020-9452

An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe includes functionality to quarantine files by copying a suspected ransomware file from one directory to anoth ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：25 | 回复：0
CVE-2021-20096

Cross-site request forgery in OpenOversight 0.6.4 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：29 | 回复：0
CVE-2021-30187

CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：36 | 回复：0
CVE-2021-30186

CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：38 | 回复：0
CVE-2021-30188

CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：36 | 回复：0
CVE-2021-30189

CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：32 | 回复：0
CVE-2021-30190

CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：46 | 回复：0
CVE-2021-30191

CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：29 | 回复：0
CVE-2021-30192

CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：26 | 回复：0
CVE-2021-30193

CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：25 | 回复：0
CVE-2021-30194

CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：22 | 回复：0
CVE-2021-30195

CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：25 | 回复：0
CVE-2021-27821

The Web Interface for OpenWRT LuCI version 19.07 and lower has been discovered to have a cross-site scripting vulnerability which can lead to attackers carrying out arbitrary code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：13 | 回复：0
CVE-2021-27823

An information disclosure vulnerability was discovered in /index.class.php (via port 8181) on NetWave System 1.0 which allows unauthenticated attackers to exfiltrate sensitive information from the sys ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：23 | 回复：0
CVE-2021-29201

A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE Simp ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：28 | 回复：0
CVE-2021-29202

A local buffer overflow vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen1 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：27 | 回复：0
CVE-2021-29204

A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE Simp ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：23 | 回复：0
CVE-2021-29205

A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE Simp ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：32 | 回复：0
CVE-2021-29206

A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE Simp ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：38 | 回复：0
CVE-2021-29207

A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE Simp ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：23 | 回复：0
CVE-2021-33425

A stored cross-site scripting (XSS) vulnerability was discovered in the Web Interface for OpenWRT LuCI version 19.07 which allows attackers to inject arbitrary Javascript in the OpenWRT Hostname via t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：17 | 回复：0
CVE-2021-29208

A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：29 | 回复：0
CVE-2021-29209

A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：30 | 回复：0
CVE-2021-29210

A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：21 | 回复：0
CVE-2021-29211

A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE Simp ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：34 | 回复：0
CVE-2020-10064

Improper Input Frame Validation in ieee802154 Processing. Zephyr versions = v1.14.2, = v2.2.0 contain Stack-based Buffer Overflow (CWE-121), Heap-based Buffer Overflow (CWE-122). For more information, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：39 | 回复：0
CVE-2020-10065

Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions = v1.14.2, = v2.2.0 contain Improper Handling of Length Parameter Inconsistency (CWE-130). For more information, see https://github.com/z ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：30 | 回复：0
CVE-2020-10066

Incorrect Error Handling in Bluetooth HCI core. Zephyr versions = v1.14.2, = v2.2.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：47 | 回复：0
CVE-2020-10069

Zephyr Bluetooth unchecked packet data results in denial of service. Zephyr versions = v1.14.2, = v2.2.0 contain Improper Handling of Parameters (CWE-233). For more information, see https://github.com ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：41 | 回复：0
CVE-2020-10072

Improper Handling of Insufficient Permissions or Privileges in zephyr. Zephyr versions = v1.14.2, = v2.2.0 contain Improper Handling of Insufficient Permissions or Privileges (CWE-280). For more infor ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：25 | 回复：0
CVE-2020-13598

FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat. Zephyr versions = v1.14.2, = v2.3.0 contain Stack-based Buffer Overflow (CWE-121). For more information, see https://gi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：31 | 回复：0
CVE-2020-13599

Security problem with settings and littlefs. Zephyr versions = 1.14.2, = 2.3.0 contain Incorrect Default Permissions (CWE-276). For more information, see https://github.com/zephyrproject-rtos/zephyr/s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：19 | 回复：0
CVE-2020-13600

Malformed SPI in response for eswifi can corrupt kernel memory. Zephyr versions = 1.14.2, = 2.3.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproje ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：19 | 回复：0
CVE-2020-13601

Possible read out of bounds in dns read. Zephyr versions = 1.14.2, = 2.3.0 contain Out-of-bounds Read (CWE-125). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisor ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：17 | 回复：0
CVE-2020-13602

Remote Denial of Service in LwM2M do_write_op_tlv. Zephyr versions = 1.14.2, = 2.2.0 contain Improper Input Validation (CWE-20), Loop with Unreachable Exit Condition ('Infinite Loop') (CWE-835 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：18 | 回复：0
CVE-2020-13603

Integer Overflow in memory allocating functions. Zephyr versions = 1.14.2, = 2.4.0 contain Integer Overflow or Wraparound (CWE-190). For more information, see https://github.com/zephyrproject-rtos/zep ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：17 | 回复：0