CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-31856

A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint (order parameter in GetMesheryPat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：8 | 回复：0
CVE-2021-27933

pfSense 2.5.0 allows XSS via the services_wol_edit.php Description field.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：13 | 回复：0
CVE-2021-31777

The dce (aka Dynamic Content Element) extension 2.2.0 through 2.6.x before 2.6.2, and 2.7.x before 2.7.1, for TYPO3 allows SQL Injection via a backend user account.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：3 | 回复：0
CVE-2021-31778

The media2click (aka 2 Clicks for External Media) extension 1.x before 1.3.3 for TYPO3 allows XSS by a backend user account.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：5 | 回复：0
CVE-2021-31779

The yoast_seo (aka Yoast SEO) extension before 7.2.1 for TYPO3 allows SSRF via a backend user account.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：16 | 回复：0
CVE-2021-31863

Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：33 | 回复：0
CVE-2021-31864

Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the add_issue_notes permission requirement by leveraging the incoming mail handler.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：11 | 回复：0
CVE-2021-31865

Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：26 | 回复：0
CVE-2021-31866

Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：15 | 回复：0
CVE-2021-27648

Externally controlled reference to a resource in another sphere in quarantine functionality in Synology Antivirus Essential before 1.4.8-2801 allows remote authenticated users to obtain privilege via ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：24 | 回复：0
CVE-2021-30166

The NTP Server configuration function of the IP camera device is not verified with special parameters. Remote attackers can perform a command Injection attack and execute arbitrary commands after logg ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：17 | 回复：0
CVE-2021-30167

The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend user’s information and escalate privileges to cont ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：30 | 回复：0
CVE-2021-30168

The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant administrator’s credential and further control the devices.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：16 | 回复：0
CVE-2021-30169

The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant user’s credential.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：22 | 回复：0
CVE-2021-22327

There is an arbitrary memory write vulnerability in Huawei smart phone when processing file parsing. Due to insufficient validation of the input files, successful exploit could cause certain service a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：34 | 回复：0
CVE-2021-22330

There is an out of bounds write vulnerability in Huawei Smartphone HUAWEI P30 versions 9.1.0.131(C00E130R1P21) when processing a message. An unauthenticated attacker can exploit this vulnerability by ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：86 | 回复：0
CVE-2021-22393

There is a denial of service vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. The affected product cannot deal with some messages because o ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：51 | 回复：0
CVE-2021-22514

An arbitrary code execution vulnerability exists in Micro Focus Application Performance Management, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow remote attackers to execute ar ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：35 | 回复：0
CVE-2021-22331

There is a JavaScript injection vulnerability in certain Huawei smartphones. A module does not verify some inputs sufficiently. Attackers can exploit this vulnerability by sending a malicious applicat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：27 | 回复：0
CVE-2021-22332

There is a pointer double free vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. When a function is called, the same memory pointer is copie ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：30 | 回复：0
CVE-2020-18019

SQL Injection in Xinhu OA System v1.8.3 allows remote attackers to obtain sensitive information by injecting arbitrary commands into the typeid variable of the createfolderAjax function in the mode_wo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：32 | 回复：0
CVE-2020-18020

SQL Injection in PHPSHE Mall System v1.7 allows remote attackers to execute arbitrary code by injecting SQL commands into the user_phone parameter of a crafted HTTP request to the admin.php component.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：29 | 回复：0
CVE-2020-21991

AVE DOMINAplus =1.10.x suffers from an authentication bypass vulnerability due to missing control check when directly calling the autologin GET parameter in changeparams.php script. Setting the autolo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：28 | 回复：0
CVE-2021-29159

A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. An attacker with a local account can create entities with crafted properties that, when vi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：29 | 回复：0
CVE-2021-29387

Multiple stored cross-site scripting (XSS) vulnerabilities in Sourcecodester Equipment Inventory System 1.0 allow remote attackers to inject arbitrary javascript via any Add sections, such as Add Item ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：30 | 回复：0
CVE-2021-29388

A stored cross-site scripting (XSS) vulnerability in SourceCodester Budget Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php via vulnerable field 'Budge ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：34 | 回复：0
CVE-2021-3508

A flaw was found in PDFResurrect in version 0.22b. There is an infinite loop in get_xref_linear_skipped() in pdf.c via a crafted PDF file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：34 | 回复：0
CVE-2020-21993

In WEMS Limited Enterprise Manager 2.58, input passed to the GET parameter 'email' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：30 | 回复：0
CVE-2020-21994

AVE DOMINAplus =1.10.x suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/ ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：30 | 回复：0
CVE-2020-21996

AVE DOMINAplus =1.10.x suffers from an unauthenticated reboot command execution. Attackers can exploit this issue to cause a denial of service scenario.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：31 | 回复：0
CVE-2020-7123

A local escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manag ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：25 | 回复：0
CVE-2021-25147

A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：33 | 回复：0
CVE-2020-17999

Cross Site Scripting (XSS) in MiniCMS v1.10 allows remote attackers to execute arbitrary code by injecting commands via a crafted HTTP request to the component /mc-admin/post-edit.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：30 | 回复：0
CVE-2020-18022

Cross Site Scripting (XSS) in Qibosoft QiboCMS v7 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information by injecting arbitrary commands in a HTTP request to the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：42 | 回复：0
CVE-2021-23364

The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：40 | 回复：0
CVE-2021-25151

A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that addres ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：49 | 回复：0
CVE-2021-25153

A remote SQL injection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this secu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：41 | 回复：0
CVE-2021-25154

A remote escalation of privilege vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：39 | 回复：0
CVE-2021-29482

xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicou ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：37 | 回复：0
CVE-2021-25152

A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that addres ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：33 | 回复：0