CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-25849

An integer underflow was discovered in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, improper validation of the PortID TLV leads to Denial of Service via a crafted lldp packet ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：9 | 回复：0
CVE-2021-31520

A weak session token authentication bypass vulnerability in Trend Micro IM Security 1.6 and 1.6.5 could allow an remote attacker to guess currently logged-in administrators' session session token ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：16 | 回复：0
CVE-2021-24011

A privilege escalation vulnerability in FortiNAC version below 8.8.2 may allow an admin user to escalate the privileges to root by abusing the sudo privileges.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：9 | 回复：0
CVE-2020-22809

In Windscribe v1.83 Build 20, 'WindscribeService' has an Unquoted Service Path that facilitates privilege escalation.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：10 | 回复：0
CVE-2021-22672

Delta Electronics' CNCSoft ScreenEditor in versions prior to v1.01.30 could allow the corruption of data, a denial-of-service condition, or code execution. The vulnerability may allow an attacker ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：15 | 回复：0
CVE-2021-25645

An issue was discovered in Couchbase Server before 6.0.5, 6.1.x through 6.5.x before 6.5.2, and 6.6.x before 6.6.1. An internal user with administrator privileges, @ns_server, leaks credentials in cle ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：17 | 回复：0
CVE-2021-26583

A potential security vulnerability was identified in HPE iLO Amplifier Pack. The vulnerabilities could be remotely exploited to allow remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：10 | 回复：0
CVE-2021-23008

On version 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and all versions of 16.0.x and 11.6.x., BIG-IP APM AD (Active Directory) authentication can be bypass ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：7 | 回复：0
CVE-2021-23011

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, when the BIG-IP system is buffering packet fragm ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：6 | 回复：0
CVE-2021-23013

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, the Traffic Management Microkernel (TMM) may stop responding ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：14 | 回复：0
CVE-2021-32056

Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：14 | 回复：0
CVE-2021-23009

On BIG-IP version 16.0.x before 16.0.1.1 and 15.1.x before 15.1.3, malformed HTTP/2 requests may cause an infinite loop which causes a Denial of Service for Data Plane traffic. TMM takes the configure ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：14 | 回复：0
CVE-2021-23010

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and 12.1.x before 12.1.5.3, when the BIG-IP ASM/Advanced WAF system processes WebSocket reques ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：9 | 回复：0
CVE-2021-28899

Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Strea ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：36 | 回复：0
CVE-2021-30027

md_analyze_line in md4c.c in md4c 0.4.7 allows attackers to trigger use of uninitialized memory, and cause a denial of service via a malformed Markdown document.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：31 | 回复：0
CVE-2021-30218

samurai 1.2 has a NULL pointer dereference in writefile() in util.c via a crafted build file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：47 | 回复：0
CVE-2021-30219

samurai 1.2 has a NULL pointer dereference in printstatus() function in build.c via a crafted build file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：38 | 回复：0
CVE-2021-30224

Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows attackers to create an admin user with an arbitrary credentials.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：42 | 回复：0
CVE-2021-20228

A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This f ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：30 | 回复：0
CVE-2021-20294

A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：41 | 回复：0
CVE-2021-25810

Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0.5 devices, via crafted values to the 'src_dport_start', 'src_dport_end', and 'dest_port' parameters. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：30 | 回复：0
CVE-2021-25811

MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a crafted value to the POST listen_http_lan parameter. Upon subsequent device restarts after this vulnerability is exploted the device w ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：30 | 回复：0
CVE-2021-25812

Command injection vulnerability in China Mobile An Lianbao WF-1 1.01 via the 'ip' parameter with a POST request to /api/ZRQos/set_online_client.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：57 | 回复：0
CVE-2021-27802

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-24177. Reason: This candidate is a duplicate of CVE-2021-24177. Notes: All CVE users should reference CVE-2021-24177 instead of this ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：43 | 回复：0
CVE-2021-29350

SQL injection in the getip function in conn/function.php in ??100-???????? 1.1 allows remote attackers to inject arbitrary SQL commands via the X-Forwarded-For header to admin/product_add.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：31 | 回复：0
CVE-2021-30227

Cross Site Scripting (XSS) vulnerability in the article comments feature in emlog 6.0.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：30 | 回复：0
CVE-2021-30228

The api/ZRAndlink/set_ZRAndlink interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the iandlink_proc_enable parame ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：30 | 回复：0
CVE-2021-30229

The api/zrDm/set_zrDm interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the dm_enable, AppKey, or Pwd parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：48 | 回复：0
CVE-2021-30230

The api/ZRFirmware/set_time_zone interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the zonename parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：29 | 回复：0
CVE-2021-30231

The api/zrDm/set_ZRElink interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the bssaddr, abiaddr, devtoken, devid, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：33 | 回复：0
CVE-2021-30232

The api/ZRIGMP/set_IGMP_PROXY interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the IGMP_PROXY_WAN_CONNECT parame ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：39 | 回复：0
CVE-2021-30233

The api/ZRIptv/setIptvInfo interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the iptv_vlan parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：36 | 回复：0
CVE-2021-30234

The api/ZRIGMP/set_MLD_PROXY interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the MLD_PROXY_WAN_CONNECT paramete ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：38 | 回复：0
CVE-2020-21101

Cross Site Scriptiong vulnerabilityin Screenly screenly-ose all versions, including v1.8.2 (2019-09-25-Screenly-OSE-lite.img), in the 'Add Asset' page via manipulation of a 'URL' field ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：57 | 回复：0
CVE-2020-21452

An issue was discovered in uniview ISC2500-S. This is an upload vulnerability where an attacker can upload malicious code via /Interface/DevManage/EC.php?cmd=upload……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：35 | 回复：0
CVE-2020-35430

SQL Injection in com/inxedu/OS/edu/controller/letter/AdminMsgSystemController in Inxedu v2.0.6 via the ids parameter to admin/letter/delsystem.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：36 | 回复：0
CVE-2021-21415

Prisma VS Code a VSCode extension for Prisma schema files. This is a Remote Code Execution Vulnerability that affects all versions of the Prisma VS Code extension older than 2.20.0. If a custom binary ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：35 | 回复：0
CVE-2021-21417

fluidsynth is a software synthesizer based on the SoundFont 2 specifications. A use after free violation was discovered in fluidsynth, that can be triggered when loading an invalid SoundFont file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：30 | 回复：0
CVE-2021-30048

Directory Traversal in the fileDownload function in com/java2nb/common/controller/FileController.java in Novel-plus (?????-plus) 3.5.1 allows attackers to read arbitrary files via the filePath paramet ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：34 | 回复：0
CVE-2021-31417

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：26 | 回复：0