CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2017-17678

BMC Remedy Mid Tier 9.1SP3 is affected by cross-site scripting (XSS). A DOM-based cross-site scripting vulnerability was discovered in a legacy utility.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：30 | 回复：0
CVE-2021-3421

A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to caus ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：16 | 回复：0
CVE-2021-3445

A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an R ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：13 | 回复：0
CVE-2021-3517

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affect ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：12 | 回复：0
CVE-2021-31930

Persistent cross-site scripting (XSS) in the web interface of Concerto through 2.3.6 allows an unauthenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into the Fi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：13 | 回复：0
CVE-2021-33204

In the pg_partman (aka PG Partition Manager) extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit search_path is not set.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：28 | 回复：0
CVE-2020-36364

An issue was discovered in Smartstore (aka SmartStoreNET) before 4.1.0. Administration/Controllers/ImportController.cs allows path traversal (for copy and delete actions) in the ImportController.Creat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：9 | 回复：0
CVE-2020-36365

Smartstore (aka SmartStoreNET) before 4.1.0 allows CommonController.ClearCache, ClearDatabaseCache, RestartApplication, and ScheduleTaskController.Edit open redirect.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：6 | 回复：0
CVE-2021-25644

An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect commands to the REST API can result in leaked authentication information being stored in cleartext in th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：6 | 回复：0
CVE-2021-27925

An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6.6.1. When using the View Engine and Auditing is enabled, a crash condition can (depending on a race condition) cause an internal u ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：14 | 回复：0
CVE-2021-31158

In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, Common Table Expression queries were not correctly checking the user's permissions, allowing read-access to resources beyond ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：11 | 回复：0
CVE-2020-4646

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5, 6.0.0.0 through 6.0.3.3, and 6.1.0.0 through 6.1.0.2 could allow an authenticated user to view pages they shoiuld not have access ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：13 | 回复：0
CVE-2020-4765

IBM Cloud Pak for Multicloud Management prior to 2.3 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 188902.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：6 | 回复：0
CVE-2021-20374

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended fu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：11 | 回复：0
CVE-2021-20528

IBM Control Center 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：24 | 回复：0
CVE-2021-20529

IBM Control Center 6.2.0.0 could allow a user to obtain sensitive version information that could be used in further attacks against the system. IBM X-Force ID: 198763.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：16 | 回复：0
CVE-2021-27924

An issue was discovered in Couchbase Server 6.x through 6.6.1. The Couchbase Server UI is insecurely logging session cookies in the logs. This allows for the impersonation of a user if the log files a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：19 | 回复：0
CVE-2021-29503

HedgeDoc is a platform to write and share markdown. HedgeDoc before version 1.8.2 is vulnerable to a cross-site scripting attack using the YAML-metadata of a note. An attacker with write access to a n ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：15 | 回复：0
CVE-2021-29622

Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new red ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：7 | 回复：0
CVE-2021-29624

fastify-csrf is an open-source plugin helps developers protect their Fastify server against CSRF attacks. Versions of fastify-csrf prior to 3.1.0 have a double submit mechanism using cookies with an a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：6 | 回复：0
CVE-2021-29625

Adminer is open-source database management software. A cross-site scripting vulnerability in Adminer versions 4.6.1 to 4.8.0 affects users of MySQL, MariaDB, PgSQL and SQLite. XSS is in most cases pre ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：10 | 回复：0
CVE-2021-20718

mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：7 | 回复：0
CVE-2020-29321

The D-Link router DIR-868L 3.01 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：12 | 回复：0
CVE-2020-29322

The D-Link router DIR-880L 1.07 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：15 | 回复：0
CVE-2020-29323

The D-link router DIR-885L-MFC 1.15b02, v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：16 | 回复：0
CVE-2020-29324

The DLink Router DIR-895L MFC v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmwa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：8 | 回复：0
CVE-2021-29500

bubble fireworks is an open source java package relating to Spring Framework. In bubble fireworks before version 2021.BUILD-SNAPSHOT there is a vulnerability in which the package did not properly veri ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：13 | 回复：0
CVE-2021-26928

** DISPUTED ** BIRD through 2.0.7 does not provide functionality for password authentication of BGP peers. Because of this, products that use BIRD (which may, for example, include Tigera products in s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：33 | 回复：0
CVE-2021-31249

A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter redirect= available on multiple ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：13 | 回复：0
CVE-2021-31250

Multiple storage XSS vulnerabilities were discovered on BF-430, BF-431 and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of sanitization of the input on the components man.c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：15 | 回复：0
CVE-2021-31251

An authentication bypass in telnet server in BF-430 and BF431 232/422 TCP/IP Converter, BF-450M and SEMAC from CHIYU Technology Inc allows obtaining a privileged connection with the target device by s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：16 | 回复：0
CVE-2021-31252

An open redirect vulnerability exists in BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, and SEMAC devices from CHIYU Technology that can be exploited by sending a link that has a speciall ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：13 | 回复：0
CVE-2021-32641

auth0-lock is Auth0's signin solution. Versions of nauth0-lock before and including `11.30.0` are vulnerable to reflected XSS. An attacker can execute arbitrary code when the library's `flashM ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：7 | 回复：0
CVE-2021-31701

Mintty before 3.4.7 mishandles Bracketed Paste Mode.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：21 | 回复：0
CVE-2021-32198

EmTec ZOC through 8.02.4 allows remote servers to cause a denial of service (Windows GUI hang) by telling the ZOC window to change its title repeatedly at high speed, which results in many SetWindowTe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：13 | 回复：0
CVE-2021-33880

The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：22 | 回复：0
CVE-2021-33881

On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a write operation (aka conduct a tear off attack) over RFID to bypass a Monotonic Counter protection mechanism. The impact depends on ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：11 | 回复：0
CVE-2021-33879

Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A malicious attacker in an MITM position could spoof the contents of an XML document describing an update package ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：21 | 回复：0
CVE-2017-20005

NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date fa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：12 | 回复：0
CVE-2021-33898

In Invoice Ninja before 4.4.0, there is an unsafe call to unserialize() in app/Ninja/Repositories/AccountRepository.php that may allow an attacker to deserialize arbitrary PHP classes. In certain cont ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：9 | 回复：0