CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2007-5967

A flaw in Mozilla's embedded certificate code might allow web sites to install root certificates on devices without user approval.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：15 | 回复：0
CVE-2021-29048

Cross-site scripting (XSS) vulnerability in the Layout module's page administration page in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.2 before fix pack 11 and 7.3 before fix pack 1 allows remo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：7 | 回复：0
CVE-2021-29051

Cross-site scripting (XSS) vulnerability in the Asset module's Asset Publisher app in Liferay Portal 7.2.1 through 7.3.5, and Liferay DXP 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 bef ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：7 | 回复：0
CVE-2021-29052

The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 does not check permissions in DataDefinitionResourceImpl.getSiteDataDefinitionByContentTypeByDataDef ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：23 | 回复：0
CVE-2021-3483

A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. Th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：9 | 回复：0
CVE-2021-27342

An authentication brute-force protection mechanism bypass in telnetd in D-Link Router model DIR-842 firmware version 3.0.2 allows a remote attacker to circumvent the anti-brute-force cool-down delay p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：6 | 回复：0
CVE-2021-31727

Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 where IOCTL's 0x80002014, 0x80002018 expose unrestricted disk read/write capabilities respectively. A non-priv ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：13 | 回复：0
CVE-2021-31728

Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 allows a non-privileged process to open a handle to \.\ZemanaAntiMalware, register itself with the driver by sendi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：14 | 回复：0
CVE-2021-32402

Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of validation and insecure configurations in inputs and modules.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：8 | 回复：0
CVE-2021-32403

Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of security mechanisms for token protection and unsafe inputs and modules.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：20 | 回复：0
CVE-2021-27734

Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01 allow remote attackers to change the credentials of existing users.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：26 | 回复：0
CVE-2019-14827

A vulnerability was found in Moodle where javaScript injection was possible in some Mustache templates via recursive rendering from contexts. Mustache helper tags that were included in template contex ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：18 | 回复：0
CVE-2020-13667

Access bypass vulnerability in of Drupal Core Workspaces allows an attacker to access data without correct permissions. The Workspaces module doesn't sufficiently check access permissions when swi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：17 | 回复：0
CVE-2020-4669

IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：10 | 回复：0
CVE-2020-4670

IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote host is not protected by password authentication. A remote attac ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：6 | 回复：0
CVE-2021-24288

When subscribing using AcyMailing, the 'redirect' parameter isn't properly sanitized. Turning the request from POST to GET, an attacker can craft a link containing a potentially malicious ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：6 | 回复：0
CVE-2021-24289

There is functionality in the Store Locator Plus for WordPress plugin through 5.5.14 that made it possible for authenticated users to update their user meta data to become an administrator on any site ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：9 | 回复：0
CVE-2021-24290

There are several endpoints in the Store Locator Plus for WordPress plugin through 5.5.15 that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：8 | 回复：0
CVE-2021-24292

The Happy Addons for Elementor WordPress plugin before 2.24.0, Happy Addons Pro for Elementor WordPress plugin before 1.17.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：13 | 回复：0
CVE-2021-24295

It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. The update_log funct ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：8 | 回复：0
CVE-2021-24299

The ReDi Restaurant Reservation WordPress plugin before 21.0426 provides the functionality to let users make restaurant reservations. These reservations are stored and can be listed on an 'Upcomin ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：15 | 回复：0
CVE-2021-24314

The Goto WordPress theme before 2.1 did not sanitise, validate of escape the keywords GET parameter from its listing page before using it in a SQL statement, leading to an Unauthenticated SQL injectio ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：13 | 回复：0
CVE-2021-24315

The GiveWP â€“ Donation Plugin and Fundraising Platform WordPress plugin before 2.10.4 did not sanitise or escape the Background Image field of its Stripe Checkout Setting and Logo field in its Ema ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：19 | 回复：0
CVE-2021-24323

When taxes are enabled, the Additional tax classes field was not properly sanitised or escaped before being output back in the admin dashboard, allowing high privilege users such as admin to use XSS p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：8 | 回复：0
CVE-2021-24324

The 404 SEO Redirection WordPress plugin through 1.3 is lacking CSRF checks in all its settings, allowing attackers to make a logged in user change the plugin's settings. Due to the lack of saniti ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：19 | 回复：0
CVE-2021-24325

The tab parameter of the settings page of the 404 SEO Redirection WordPress plugin through 1.3 is vulnerable to a reflected Cross-Site Scripting (XSS) issue as user input is not properly sanitised or ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：15 | 回复：0
CVE-2021-24326

The tab parameter of the settings page of the All 404 Redirect to Homepage WordPress plugin before 1.21 was vulnerable to an authenticated reflected Cross-Site Scripting (XSS) issue as user input was ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：16 | 回复：0
CVE-2021-24327

The SEO Redirection Plugin â€“ 301 Redirect Manager WordPress plugin before 6.4 did not sanitise the Redirect From and Redirect To fields when creating a new redirect in the dashboard, allowing hig ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：19 | 回复：0
CVE-2021-25264

In multiple versions of Sophos Endpoint products for MacOS, a local attacker could execute arbitrary code with administrator privileges.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：45 | 回复：0
CVE-2021-29747

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain highly sensitive information due to a vulnerability in the authentication mechanism. IBM X-Force ID: 201775.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：15 | 回复：0
CVE-2021-32453

SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network, to access via HTTP to the internal configuration database of the device without any authentication. An attack ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：15 | 回复：0
CVE-2021-32455

SITEL CAP/PRX firmware version 5.2.01, allows an attacker with access to the device´s network to cause a denial of service condition on the device. An attacker could exploit this vulnerability by sen ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：16 | 回复：0
CVE-2021-33041

vmd through 1.34.0 allows 'div class=markdown-body' XSS, as demonstrated by Electron remote code execution via require('child_process').execSync('calc.exe') on Windows and a si ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：12 | 回复：0
CVE-2021-3524

A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The ne ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：16 | 回复：0
CVE-2020-21813

A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via output_TEXT ../../programs/dwg2SVG.c:114.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：6 | 回复：0
CVE-2021-23384

The package koa-remove-trailing-slashes before 2.0.2 are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint (such as https://example.c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：15 | 回复：0
CVE-2021-32454

SITEL CAP/PRX firmware version 5.2.01 makes use of a hardcoded password. An attacker with access to the device could modify these credentials, leaving the administrators of the device without access.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：16 | 回复：0
CVE-2021-32456

SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network of the device to obtain the authentication passwords by analysing the network traffic.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：20 | 回复：0
CVE-2021-32617

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An inefficient algorithm (quadratic complexity) was found in Exiv2 versions v ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：19 | 回复：0
CVE-2021-32618

The Python Flask-Security-Too package is used for adding security features to your Flask application. It is an is an independently maintained version of Flask-Security based on the 3.0.0 version of Fl ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：19 | 回复：0