CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-1900

Possible use after free in Display due to race condition while creating an external display in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：15 | 回复：0
CVE-2021-1937

Reachable assertion is possible while processing peer association WLAN message from host and nonstandard incoming packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Con ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：11 | 回复：0
CVE-2021-34364

The Refined GitHub browser extension before 21.6.8 might allow XSS via a link in a document. NOTE: github.com sends Content-Security-Policy headers to, in general, address XSS and other concerns.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：24 | 回复：0
CVE-2021-26313

Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrec ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：19 | 回复：0
CVE-2021-26314

Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：28 | 回复：0
CVE-2021-33829

A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：18 | 回复：0
CVE-2021-33841

SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle some requests correctly, allowing a remote attacker to inject code into the operating system with maximum privileges.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：26 | 回复：0
CVE-2021-33842

Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware version 0.9.2b allows an attacker to perform operations as an authenticated user. In order to exploit thi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：27 | 回复：0
CVE-2021-34369

** DISPUTED ** portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensitive information via a modified contactSeqNumber value. NOTE: the v ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：13 | 回复：0
CVE-2021-34370

** DISPUTED ** Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS. NOTE: the vendor states there are configurable security flags and we are unable to reproduce them wi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：34 | 回复：0
CVE-2021-3532

A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory. Any secret information in an async ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：14 | 回复：0
CVE-2021-3533

A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：13 | 回复：0
CVE-2021-33668

Due to improper input sanitization, specially crafted LDAP queries can be injected by an unauthenticated user. This could partially impact the confidentiality of the application.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：12 | 回复：0
CVE-2021-21473

SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRM_RFC_SUBMIT_REPORT which fails to validate authorizatio ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：26 | 回复：0
CVE-2021-21490

SAP NetWeaver AS for ABAP (Web Survey), versions - 700, 702, 710, 711, 730, 731, 750, 750, 752, 75A, 75F, does not sufficiently encode input and output parameters which results in reflected cross site ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：9 | 回复：0
CVE-2021-27597

SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：7 | 回复：0
CVE-2021-27606

SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：8 | 回复：0
CVE-2021-27607

SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERN ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：14 | 回复：0
CVE-2021-27615

SAP Manufacturing Execution versions - 15.1, 1.5.2, 15.3, 15.4, does not contain some HTTP security headers in their HTTP response. The lack of these headers in response can be exploited by the attack ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：13 | 回复：0
CVE-2021-27620

SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：9 | 回复：0
CVE-2021-27621

Information Disclosure vulnerability in UserAdmin application in SAP NetWeaver Application Server for Java, versions - 7.11,7.20,7.30,7.31,7.40 and 7.50 allows attackers to access restricted informati ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：17 | 回复：0
CVE-2021-27622

SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：9 | 回复：0
CVE-2021-27623

SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：11 | 回复：0
CVE-2021-27624

SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：7 | 回复：0
CVE-2021-27625

SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：26 | 回复：0
CVE-2021-27626

SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：11 | 回复：0
CVE-2021-27627

SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：11 | 回复：0
CVE-2021-27628

SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERN ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：8 | 回复：0
CVE-2021-27629

SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：6 | 回复：0
CVE-2021-27630

SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：10 | 回复：0
CVE-2021-27631

SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：8 | 回复：0
CVE-2021-27632

SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：13 | 回复：0
CVE-2021-27633

SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：10 | 回复：0
CVE-2021-27634

SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：15 | 回复：0
CVE-2021-27635

SAP NetWeaver AS for JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker authenticated as an administrator to connect over a network and submit a specially crafted XML file in the applic ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：7 | 回复：0
CVE-2021-27637

Under certain conditions SAP Enable Now (SAP Workforce Performance Builder - Manager), versions - 1.0, 10 allows an attacker to access information which would otherwise be restricted leading to inform ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：16 | 回复：0
CVE-2021-27638

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated JT file received from untrusted sources which results in crashing of the application and becoming temporarily unavailabl ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：17 | 回复：0
CVE-2021-27639

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated JT file received from untrusted sources which results in crashing of the application and becoming temporarily unavailabl ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：11 | 回复：0
CVE-2021-27640

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PSD file received from untrusted sources which results in crashing of the application and becoming temporarily unavailab ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：14 | 回复：0
CVE-2021-27641

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated TIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailab ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：5 | 回复：0