CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-31926

AMP Application Deployment Service in CubeCoders AMP 2.1.x before 2.1.1.2 allows a remote, authenticated user to open ports in the local system firewall by crafting an HTTP(S) request directly to the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：34 | 回复：0
CVE-2020-18084

Cross Site Scripting (XSS) in yzmCMS v5.2 allows remote attackers to execute arbitrary code by injecting commands into the referer field of a POST request to the component /member/index/login.html whe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：26 | 回复：0
CVE-2021-21227

Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：33 | 回复：0
CVE-2021-21228

Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：18 | 回复：0
CVE-2021-21229

Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：23 | 回复：0
CVE-2021-21230

Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：22 | 回复：0
CVE-2021-21231

Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：22 | 回复：0
CVE-2021-21232

Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：35 | 回复：0
CVE-2021-21233

Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：28 | 回复：0
CVE-2021-21507

Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. A remote ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：31 | 回复：0
CVE-2021-21530

Dell OpenManage Enterprise-Modular (OME-M) versions prior to 1.30.00 contain a security bypass vulnerability. An authenticated malicious user with low privileges may potentially exploit the vulnerabil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：30 | 回复：0
CVE-2021-21531

Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. A local authenticated malicious user with monitor role may exploit this vulnerability to perform un ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：24 | 回复：0
CVE-2021-21539

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：48 | 回复：0
CVE-2021-21540

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a stack-based overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to overwrite configuration infor ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：35 | 回复：0
CVE-2021-21541

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：43 | 回复：0
CVE-2021-21542

Dell EMC iDRAC9 versions prior to 4.40.10.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：52 | 回复：0
CVE-2021-21543

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：45 | 回复：0
CVE-2021-21544

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：50 | 回复：0
CVE-2021-21547

Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. The credentials ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：61 | 回复：0
CVE-2021-31933

A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filen ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：60 | 回复：0
CVE-2020-28943

OX App Suite 7.10.4 and earlier allows SSRF via a snippet.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：64 | 回复：0
CVE-2020-28944

OX Guard 2.10.4 and earlier allows a Denial of Service via a WKS server that responds slowly or with a large amount of data.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：52 | 回复：0
CVE-2021-31792

XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：82 | 回复：0
CVE-2021-31934

OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object (payload in the position or company field) that is mishandled in the App Suite UI on a smartphone.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：88 | 回复：0
CVE-2021-31935

OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list (payload in the common name) that is mishandled in the scheduling view.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：97 | 回复：0
CVE-2021-1498

Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. Fo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：12 | 回复：0
CVE-2021-1499

A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. This vulnerability is d ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：11 | 回复：0
CVE-2021-1505

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：16 | 回复：0
CVE-2021-1506

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：12 | 回复：0
CVE-2021-1507

A vulnerability in an API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the application web-base ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：7 | 回复：0
CVE-2021-1508

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：6 | 回复：0
CVE-2021-1509

Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary code as the root user or cause a denial of service (DoS) condition on an affected device. For more ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：21 | 回复：0
CVE-2021-1510

Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary code as the root user or cause a denial of service (DoS) condition on an affected device. For more ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：17 | 回复：0
CVE-2021-1511

Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary code as the root user or cause a denial of service (DoS) condition on an affected device. For more ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：16 | 回复：0
CVE-2021-1512

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system of an affected system. This vulnerability is ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：22 | 回复：0
CVE-2021-1513

A vulnerability in the vDaemon process of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to cause a device to reload, resulting in a denial of service (DoS) condition. This vuln ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：11 | 回复：0
CVE-2021-1514

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with Administrator privileges on the underlying operating s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：8 | 回复：0
CVE-2021-1515

A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to gain access to sensitive information. This vulnerability is due to improper access controls on API ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：15 | 回复：0
CVE-2021-1516

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA), Cisco Email Security Appliance (ESA), and Cisco Web Security Appl ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：17 | 回复：0
CVE-2021-1519

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to overwrite VPN profiles on an affecte ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：6 | 回复：0