CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-1548

Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：22 | 回复：0
CVE-2021-1549

Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：19 | 回复：0
CVE-2021-1550

Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：23 | 回复：0
CVE-2021-1551

Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：15 | 回复：0
CVE-2021-1552

Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：16 | 回复：0
CVE-2021-1553

Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：23 | 回复：0
CVE-2021-1554

Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：17 | 回复：0
CVE-2021-1555

Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：27 | 回复：0
CVE-2021-1557

Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. The ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：23 | 回复：0
CVE-2021-1558

Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. The ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：16 | 回复：0
CVE-2021-1559

Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected device. These vulnerabilities are due to insuf ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：11 | 回复：0
CVE-2021-1560

Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected device. These vulnerabilities are due to insuf ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：6 | 回复：0
CVE-2021-20713

Privilege escalation vulnerability in QND Advance/Premium/Standard Ver.11.0.4i and earlier allows an attacker who can log in to the PC where the product's Windows client is installed to gain admin ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：12 | 回复：0
CVE-2021-20722

Untrusted search path vulnerability in the installers of ScanSnap Manager prior to versions V7.0L20 and the Software Download Installer prior to WinSSInst2JP.exe and WinSSInst2iX1500JP.exe allows an a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：19 | 回复：0
CVE-2021-20723

Reflected cross-site scripting vulnerability in free edition (versions which the last updated date listed at the top of descriptions in the program file is from 2014 December 12 to 2018 July 27) allo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：18 | 回复：0
CVE-2021-20724

Reflected cross-site scripting vulnerability in the admin page of free edition ver1.0.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：24 | 回复：0
CVE-2021-20725

Reflected cross-site scripting vulnerability in the admin page of free edition ver1.0.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：37 | 回复：0
CVE-2021-20726

Untrusted search path vulnerability in The Installer of Overwolf 2.168.0.n and earlier allows an attacker to gain privileges and execute arbitrary code with the privilege of the user invoking the inst ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：21 | 回复：0
CVE-2021-33496

Dutchcoders transfer.sh before 1.2.4 allows XSS via an inline view.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：8 | 回复：0
CVE-2021-33497

Dutchcoders transfer.sh before 1.2.4 allows Directory Traversal for deleting files.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：11 | 回复：0
CVE-2021-21000

On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：13 | 回复：0
CVE-2021-21001

On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：13 | 回复：0
CVE-2021-24294

The dsgvoaio_write_log AJAX action of the DSGVO All in one for WP WordPress plugin before 4.0 did not sanitise or escape some POST parameter submitted before outputting them in the Log page in the adm ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：16 | 回复：0
CVE-2021-24296

The WP Customer Reviews WordPress plugin before 3.5.6 did not sanitise some of its settings, allowing high privilege users such as administrators to set XSS payloads in them which will then be trigger ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：29 | 回复：0
CVE-2021-24297

The Goto WordPress theme before 2.1 did not properly sanitize the formvalue JSON POST parameter in its tl_filter AJAX action, leading to an unauthenticated Reflected Cross-site Scripting (XSS) vulnera ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：9 | 回复：0
CVE-2021-24298

The method and share GET parameters of the Giveaway pages were not sanitised, validated or escaped before being output back in the pages, thus leading to reflected XSS……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：12 | 回复：0
CVE-2021-24300

The slider import search feature of the PickPlugins Product Slider for WooCommerce WordPress plugin before 1.13.22 did not properly sanitised the keyword GET parameter, leading to reflected Cross-Site ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：22 | 回复：0
CVE-2021-24301

The Hotjar Connecticator WordPress plugin through 1.1.1 is vulnerable to Stored Cross-Site Scripting (XSS) in the 'hotjar script' textarea. The request did include a CSRF nonce that was proper ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：24 | 回复：0
CVE-2021-24302

The Hana Flv Player WordPress plugin through 3.1.3 is vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) vulnerability within the 'Default Skin' field.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：38 | 回复：0
CVE-2021-24305

The Target First WordPress Plugin v2.0, also previously known as Watcheezy, suffers from a critical unauthenticated stored XSS vulnerability. An attacker could change the licence key value through a P ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：38 | 回复：0
CVE-2021-24306

The Ultimate Member â€“ User Profile, User Registration, Login Membership Plugin WordPress plugin before 2.1.20 did not properly sanitise, validate or encode the query string when generating a lin ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：25 | 回复：0
CVE-2021-24307

The All in One SEO – Best WordPress SEO Plugin – Easily Improve Your SEO Rankings before 4.1.0.2 enables authenticated users with aioseo_tools_settings privilege (most of the time admin) to execute ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：25 | 回复：0
CVE-2021-24308

The 'State' field of the Edit profile page of the LMS by LifterLMS – Online Course, Membership Learning Management System Plugin for WordPress plugin before 4.21.1 is not properly sanitised ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：22 | 回复：0
CVE-2021-24332

The Autoptimize WordPress plugin before 2.8.4 was missing proper escaping and sanitisation in some of its settings, allowing high privilege users to set XSS payloads in them, leading to stored Cross-S ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：21 | 回复：0
CVE-2021-25938

In ArangoDB, versions v2.2.6.2 through v3.7.10 are vulnerable to Cross-Site Scripting (XSS), since there is no validation of the .zip file name and filtering of potential abusive characters which zip ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：16 | 回复：0
CVE-2021-21987

VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (TTC Parser). A malicious acto ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：17 | 回复：0
CVE-2021-21988

VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (JPEG2000 Parser). A malicious ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：20 | 回复：0
CVE-2021-21989

VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (TTC Parser). A malicious acto ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：16 | 回复：0
CVE-2021-3559

A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0. It only affects hosts with a PCI device and driver that supports mediated devices (e.g., GRID driver). Thi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：16 | 回复：0
CVE-2020-25408

A Cross-Site Request Forgery (CSRF) vulnerability exists in ProjectWorlds College Management System Php 1.0 that allows a remote attacker to modify, delete, or make a new entry of the student, faculty ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：9 | 回复：0