CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2019-25042

** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a ru ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：15 | 回复：0
CVE-2021-20714

Directory traversal vulnerability in WP Fastest Cache versions prior to 0.9.1.7 allows a remote attacker with administrator privileges to delete arbitrary files on the server via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：14 | 回复：0
CVE-2021-20715

Improper access control vulnerability in Hot Pepper Gourmet App for Android ver.4.111.0 and earlier, and for iOS ver.4.111.0 and earlier allows a remote attacker to lead a user to access an arbitrary ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：18 | 回复：0
CVE-2020-17517

The S3 buckets and keys in a secure Apache Ozone Cluster must be inaccessible to anonymous access by default. The current security vulnerability allows access to keys and buckets through a curl comman ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：10 | 回复：0
CVE-2021-28125

Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：11 | 回复：0
CVE-2020-35542

Unisys Data Exchange Management Studio through 5.0.34 doesn't sanitize the input to a HTML document field. This could be used for an XSS attack.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：14 | 回复：0
CVE-2021-27480

Delta Industrial Automation COMMGR Versions 1.12 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute remote code.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：18 | 回复：0
CVE-2021-22660

CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：8 | 回复：0
CVE-2021-22664

CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：10 | 回复：0
CVE-2021-28271

Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. The vulner ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：16 | 回复：0
CVE-2021-28269

Soyal Technology 701Client 9.0.1 is vulnerable to Insecure permissions via client.exe binary with Authenticated Users group with Full permissions.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：10 | 回复：0
CVE-2021-30642

An input validation flaw in the Symantec Security Analytics web UI 7.2 prior 7.2.7, 8.1, prior to 8.1.3-NSR3, 8.2, prior to 8.2.1-NSR2 or 8.2.2 allows a remote, unauthenticated attacker to execute arb ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：8 | 回复：0
CVE-2021-3451

A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow configuration files to be written to non-standard locations.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：20 | 回复：0
CVE-2021-3464

A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow privilege escalation.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：11 | 回复：0
CVE-2020-4981

IBM Spectrum Scale 5.0.4.1 through 5.1.0.3 could allow a local privileged user to overwrite files due to improper input validation. IBM X-Force ID: 192541.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：12 | 回复：0
CVE-2021-20448

IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentiall ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：7 | 回复：0
CVE-2021-20549

IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentiall ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：22 | 回复：0
CVE-2021-20550

IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentiall ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：13 | 回复：0
CVE-2021-29666

IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：15 | 回复：0
CVE-2021-29667

IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper vali ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：10 | 回复：0
CVE-2020-21987

HomeAutomation 3.3.2 is affected by persistent Cross Site Scripting (XSS). XSS vulnerabilities occur when input passed via several parameters to several scripts is not properly sanitized before being ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：8 | 回复：0
CVE-2020-21989

HomeAutomation 3.3.2 is affected by Cross Site Request Forgery (CSRF). The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to ver ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：14 | 回复：0
CVE-2020-21998

In HomeAutomation 3.3.2 input passed via the 'redirect' GET parameter in 'api.php' script is not properly verified before being used to redirect users. This can be exploited to redirec ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：6 | 回复：0
CVE-2020-22000

HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be exploited with a CSRF vulnerability to execute arbitrary shell comma ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：26 | 回复：0
CVE-2020-22001

HomeAutomation 3.3.2 suffers from an authentication bypass vulnerability when spoofing client IP address using the X-Forwarded-For header with the local (loopback) IP address value allowing remote con ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：18 | 回复：0
CVE-2021-30638

Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL. This was caused by an incomple ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：17 | 回复：0
CVE-2021-21365

Bootstrap Package is a theme for TYPO3. It has been discovered that rendering content in the website frontend is vulnerable to cross-site scripting. A valid backend user account is needed to exploit t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：14 | 回复：0
CVE-2021-21429

OpenAPI Generator allows generation of API client libraries, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using `File.createTempFile` in JDK will result in creati ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：18 | 回复：0
CVE-2021-29200

Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：17 | 回复：0
CVE-2021-29460

Kirby is an open source CMS. An editor with write access to the Kirby Panel can upload an SVG file that contains harmful content like `script` tags. The direct link to that file can be sent to other u ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：23 | 回复：0
CVE-2021-30128

Apache OFBiz has unsafe deserialization prior to 17.12.07 version……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：16 | 回复：0
CVE-2021-29441

Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, when configured to use authentication (-Dnacos.core.auth.enabled=tru ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：41 | 回复：0
CVE-2021-29442

Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, the ConfigOpsController lets the user perform management operations ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：30 | 回复：0
CVE-2021-29472

Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：13 | 回复：0
CVE-2021-29476

Requests is a HTTP library written in PHP. Requests mishandles deserialization in FilteredIterator. The issue has been patched and users of `Requests` 1.6.0, 1.6.1 and 1.7.0 should update to version 1 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：20 | 回复：0
CVE-2021-20716

Hidden functionality in multiple Buffalo network devices (BHR-4RV firmware Ver.2.55 and prior, FS-G54 firmware Ver.2.04 and prior, WBR2-B11 firmware Ver.2.32 and prior, WBR2-G54 firmware Ver.2.32 and ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：22 | 回复：0
CVE-2021-3511

Disclosure of sensitive information to an unauthorized user vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE fi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：12 | 回复：0
CVE-2021-3512

Improper access control vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：18 | 回复：0
CVE-2021-31815

GAEN (aka Google/Apple Exposure Notifications) through 2021-04-27 on Android allows attackers to obtain sensitive information, such as a user's location history, in-person social graph, and (somet ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：27 | 回复：0
CVE-2020-36326

PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a funct ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：29 | 回复：0