CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-1520

A vulnerability in the internal message processing of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, local attacker to run arbitrary commands with ro ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：13 | 回复：0
CVE-2021-1521

A vulnerability in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause an affected IP camera to r ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：5 | 回复：0
CVE-2021-1530

A vulnerability in the web-based management interface of Cisco BroadWorks Messaging Server Software could allow an authenticated, remote attacker to access sensitive information or cause a partial den ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：6 | 回复：0
CVE-2021-1532

A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, remote attacker to read arbitrary fi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：7 | 回复：0
CVE-2021-1535

A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be affected ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：15 | 回复：0
CVE-2021-21505

Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 1906 – 2011, contain an undocumented default iDRAC account. A remote unauthenticated attacker, with the knowledge of the default cre ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：5 | 回复：0
CVE-2021-21527

Dell PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability may allow an authenticated user with ISI_PRIV_LOGIN_SSH ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：13 | 回复：0
CVE-2021-21550

Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability can allow an authenticated user with ISI_PRIV_LOGIN ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：13 | 回复：0
CVE-2021-22211

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7. GitLab Dependency Proxy, under certain circumstances, can impersonate a user resulting in possibly incorrect acc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：12 | 回复：0
CVE-2021-24178

The Business Directory Plugin â€“ Easy Listing Directories for WordPress WordPress plugin before 5.11.1 suffered from Cross-Site Request Forgery issues, allowing an attacker to make a logged in adm ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：16 | 回复：0
CVE-2021-24179

The Business Directory Plugin â€“ Easy Listing Directories for WordPress WordPress plugin before 5.11 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in admi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：43 | 回复：0
CVE-2021-24214

The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue do ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：20 | 回复：0
CVE-2021-24236

The Imagements WordPress plugin through 1.2.5 allows images to be uploaded in comments, however only checks for the Content-Type in the request to forbid dangerous files. This allows unauthenticated a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：28 | 回复：0
CVE-2021-24243

An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.6 did not have capability checks nor sanitization, allowing low privilege users (subscrib ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：17 | 回复：0
CVE-2021-24244

An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.8 did not have capability checks, allowing low privilege users, such as subscribers, to u ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：18 | 回复：0
CVE-2021-24245

The Stop Spammers WordPress plugin before 2021.9 did not escape user input when blocking requests (such as matching a spam word), outputting it in an attribute after sanitising it to remove HTML tags, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：17 | 回复：0
CVE-2021-24246

The Workscout Core WordPress plugin before 1.3.4, used by the WorkScout Theme did not sanitise the chat messages sent via the workscout_send_message_chat AJAX action, leading to Stored Cross-Site Scri ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：20 | 回复：0
CVE-2021-24247

The Contact Form Check Tester WordPress plugin through 1.0.2 settings are visible to all registered users in the dashboard and are lacking any sanitisation. As a result, any registered user, such as s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：16 | 回复：0
CVE-2021-24248

The Business Directory Plugin â€“ Easy Listing Directories for WordPress WordPress plugin before 5.11.1 did not properly check for imported files, forbidding certain extension via a blacklist appro ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：9 | 回复：0
CVE-2021-24249

The Business Directory Plugin â€“ Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in ad ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：14 | 回复：0
CVE-2021-24250

The Business Directory Plugin â€“ Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from lack of sanitisation in the label of the Form Fields, leading to Authenticated ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：12 | 回复：0
CVE-2021-24251

The Business Directory Plugin â€“ Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in ad ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：14 | 回复：0
CVE-2021-24252

The Event Banner WordPress plugin through 1.3 does not verify the uploaded image file, allowing admin accounts to upload arbitrary files, such as .exe, .php, or others executable, leading to RCE. Due ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：20 | 回复：0
CVE-2021-24253

The Classyfrieds WordPress plugin through 3.8 does not properly check the uploaded file when an authenticated user adds a listing, only checking the content-type in the request. This allows any authen ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：15 | 回复：0
CVE-2021-24254

The College publisher Import WordPress plugin through 0.1 does not check for the uploaded CSV file to import, allowing high privilege users to upload arbitrary files, such as PHP, leading to RCE. Due ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：15 | 回复：0
CVE-2021-26543

The gitDiff function in Wayfair git-parse =1.0.4 has a command injection vulnerability. Clients of the git-parse library are unlikely to be aware of this, so they might unwittingly write code that con ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：18 | 回复：0
CVE-2021-27216

Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：19 | 回复：0
CVE-2021-29490

Jellyfin is a free software media system that provides media from a dedicated server to end-user devices via multiple apps. Verions prior to 10.7.3 vulnerable to unauthenticated Server-Side Request Fo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：37 | 回复：0
CVE-2021-29491

Mixme is a library for recursive merging of Javascript objects. In Node.js mixme v0.5.0, an attacker can add or alter properties of an object via 'proto' through the mutate() and merge() funct ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：9 | 回复：0
CVE-2021-29921

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is base ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：5 | 回复：0
CVE-2021-31245

omr-admin.py in openmptcprouter-vps-admin 0.57.3 and earlier compares the user provided password with the original password in a length dependent manner, which allows remote attackers to guess the pas ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：13 | 回复：0
CVE-2021-31409

Unsafe validation RegEx in EmailValidator component in com.vaadin:vaadin-compatibility-server versions 8.0.0 through 8.12.4 (Vaadin versions 8.0.0 through 8.12.4) allows attackers to cause uncontrolle ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：13 | 回复：0
CVE-2021-31532

NXP LPC55S6x microcontrollers (0A and 1B), i.MX RT500 (silicon rev B1 and B2), i.MX RT600 (silicon rev A0, B0), LPC55S6x, LPC55S2x, LPC552x (silicon rev 0A, 1B), LPC55S1x, LPC551x (silicon rev 0A) and ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：30 | 回复：0
CVE-2021-31616

Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.1.0 allow a stack buffer overflow via crafted messages. The overflow in ethereum_extractThorchainSwapData() in et ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：7 | 回复：0
CVE-2021-32062

MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：14 | 回复：0
CVE-2021-3501

A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could le ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：11 | 回复：0
CVE-2021-22206

An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror credentials are exposed that allows other maintainers to be able to view the credentials in plain-text,……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：7 | 回复：0
CVE-2021-22208

An issue has been discovered in GitLab affecting versions starting with 13.5 up to 13.9.7. Improper permission check could allow the change of timestamp for issue creation or update.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：16 | 回复：0
CVE-2021-22209

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：4 | 回复：0
CVE-2021-22210

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2. When querying the repository branches through API, GitLab was ignoring a query parameter and returning a conside ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：12 | 回复：0