CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-31712

react-draft-wysiwyg (aka React Draft Wysiwyg) before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：6 | 回复：0
CVE-2021-30502

The unofficial vscode-ghc-simple (aka Simple Glasgow Haskell Compiler) extension before 0.2.3 for Visual Studio Code allows remote code execution via a crafted workspace configuration with replCommand ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：13 | 回复：0
CVE-2021-31718

The server in npupnp before 4.1.4 is affected by DNS rebinding in the embedded web server (including UPnP SOAP and GENA endpoints), leading to remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：9 | 回复：0
CVE-2021-31726

Akuvox C315 115.116.2613 allows remote command Injection via the cfgd_server service. The attack vector is sending a payload to port 189 (default root 0.0.0.0).……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：22 | 回复：0
CVE-2021-31760

Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin's running process feature.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：25 | 回复：0
CVE-2021-31761

Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's running process feature.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：9 | 回复：0
CVE-2021-31762

Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：12 | 回复：0
CVE-2021-20680

Cross-site scripting vulnerability in NEC Aterm devices (Aterm WG1900HP2 firmware Ver.1.3.1 and earlier, Aterm WG1900HP firmware Ver.2.5.1 and earlier, Aterm WG1800HP4 firmware Ver.1.3.1 and earlier, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：16 | 回复：0
CVE-2021-20693

Improper access control vulnerability in Gurunavi App for Android ver.10.0.10 and earlier and for iOS ver.11.1.2 and earlier allows a remote attacker to lead a user to access an arbitrary website via ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：31 | 回复：0
CVE-2021-20694

Improper access control vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to bypass access restriction and to start a telnet service via unspecified ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：36 | 回复：0
CVE-2021-20695

Improper following of a certificate's chain of trust vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to gain root privileges via unspecified ve ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：21 | 回复：0
CVE-2021-20696

DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to execute arbitrary OS commands by sending a specially crafted request to a specific CGI program.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：27 | 回复：0
CVE-2021-20697

Missing authentication for critical function in DAP-1880AC firmware version 1.21 and earlier allows a remote attacker to login to the device as an authenticated user without the access privilege via u ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：22 | 回复：0
CVE-2021-20708

NEC Aterm devices (Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier) allow authenticated attackers to execut ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：15 | 回复：0
CVE-2021-20709

Improper validation of integrity check value vulnerability in NEC Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and e ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：9 | 回复：0
CVE-2021-20710

Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.5.1 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：5 | 回复：0
CVE-2021-20711

Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：6 | 回复：0
CVE-2021-20712

Improper access control vulnerability in NEC Aterm WG2600HS firmware Ver1.5.1 and earlier, and Aterm WX3000HP firmware Ver1.1.2 and earlier allows a device connected to the LAN side to be accessed fro ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：12 | 回复：0
CVE-2021-31803

cPanel before 94.0.3 allows self-XSS via EasyApache 4 Save Profile (SEC-581).……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：24 | 回复：0
CVE-2021-31804

LeoCAD before 21.03 sometimes allows a use-after-free during the opening of a new document.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：18 | 回复：0
CVE-2021-23365

The package github.com/tyktechnologies/tyk-identity-broker before 1.1.1 are vulnerable to Authentication Bypass via the Go XML parser which can cause SAML authentication bypass. This is because the XM ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：24 | 回复：0
CVE-2021-25927

Prototype pollution vulnerability in 'safe-flat' versions 2.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：23 | 回复：0
CVE-2021-25928

Prototype pollution vulnerability in 'safe-obj' versions 1.0.0 through 1.0.2 allows an attacker to cause a denial of service and may lead to remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：13 | 回复：0
CVE-2021-26797

An access control vulnerability in Hame SD1 Wi-Fi firmware =V.20140224154640 allows an attacker to get system administrator through an open Telnet service.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：23 | 回复：0
CVE-2021-28079

Jamovi =1.6.18 is affected by a cross-site scripting (XSS) vulnerability. The column-name is vulnerable to XSS in the ElectronJS Framework. An attacker can make a .omv (Jamovi) document containing a p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：31 | 回复：0
CVE-2021-31802

NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow that is exploitable from the local network without authentication. The vulnerability exists within the handling of an HTTP request. A ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：22 | 回复：0
CVE-2020-15078

OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potential ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：17 | 回复：0
CVE-2021-25838

The Import function in MintHCM RELEASE 3.0.8 allows an attacker to execute a cross-site scripting (XSS) payload in file-upload.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：18 | 回复：0
CVE-2021-25839

A weak password requirement vulnerability exists in the Create New User function of MintHCM RELEASE 3.0.8, which could lead an attacker to easier password brute-forcing.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：11 | 回复：0
CVE-2021-28399

OrangeHRM 4.7 allows an unauthenticated user to enumerate the valid username and email address via the forgot password function.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：17 | 回复：0
CVE-2021-3472

A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：12 | 回复：0
CVE-2021-3494

A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：14 | 回复：0
CVE-2021-23382

The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused m ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：20 | 回复：0
CVE-2021-27851

A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in havin ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：18 | 回复：0
CVE-2020-4562

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by allowing cross-window communication with unrestricted target origin via documentation frames.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：23 | 回复：0
CVE-2021-20432

IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：17 | 回复：0
CVE-2021-20532

IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 could allow a local user to escalate their privileges to take full control of the system due to insecure directory permissions. IBM X-Force ID: 198 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：16 | 回复：0
CVE-2021-20536

IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 198836.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：19 | 回复：0
CVE-2021-20546

IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and cause the applicat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：16 | 回复：0
CVE-2021-21201

Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：19 | 回复：0