CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-27247

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tencent WeChat 2.9.5 desktop version. User interaction is required to exploit this vulnerabili ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：22 | 回复：0
CVE-2021-27248

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：26 | 回复：0
CVE-2021-27249

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：31 | 回复：0
CVE-2021-27250

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to ex ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：41 | 回复：0
CVE-2021-27251

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Authentication is not required to exploit this vulnerability The sp ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：21 | 回复：0
CVE-2021-27252

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vuln ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：5 | 回复：0
CVE-2021-27253

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：16 | 回复：0
CVE-2021-27258

This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2. Authentication is not required to exploit this vulnerability. T ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：9 | 回复：0
CVE-2021-27259

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code o ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：10 | 回复：0
CVE-2021-27260

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute high-privi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：11 | 回复：0
CVE-2021-27708

Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS command ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：9 | 回复：0
CVE-2020-35418

Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4.196 by uploading a crafted svg file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：7 | 回复：0
CVE-2020-35419

Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：13 | 回复：0
CVE-2021-28060

A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote attacker to forge GET requests to arbitrary URLs via the url parameter to group/api/upload.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：15 | 回复：0
CVE-2021-28825

The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Core ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：22 | 回复：0
CVE-2021-28826

The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Bri ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：17 | 回复：0
CVE-2021-28855

In Deark before 1.5.8, a specially crafted input file can cause a NULL pointer dereference in the dbuf_write function (src/deark-dbuf.c).……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：18 | 回复：0
CVE-2021-28856

In Deark before v1.5.8, a specially crafted input file can cause a division by zero in (src/fmtutil.c) because of the value of pixelsize.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：19 | 回复：0
CVE-2020-28124

Cross Site Scripting (XSS) in LavaLite 5.8.0 via the Address field.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：29 | 回复：0
CVE-2020-35660

Cross Site Scripting (XSS) in Monica before 2.19.1 via the journal page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：24 | 回复：0
CVE-2021-26030

An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error page……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：14 | 回复：0
CVE-2021-26031

An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate filters on module layout settings could lead to an LFI.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：10 | 回复：0
CVE-2021-27710

Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS command ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：10 | 回复：0
CVE-2021-28484

An issue was discovered in the /api/connector endpoint handler in Yubico yubihsm-connector before 3.0.1 (in YubiHSM SDK before 2021.04). The handler did not validate the length of the request, which c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：9 | 回复：0
CVE-2021-29654

AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data (in the import database feature of the administration panel), leading to Remote Code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：15 | 回复：0
CVE-2021-30459

A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input f ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：15 | 回复：0
CVE-2021-3017

The web interface on Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the def_wirelesspassword line in the HTML source code.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：44 | 回复：0
CVE-2021-28048

An overly permissive CORS policy in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows a remote attacker to leak cross-origin data via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：34 | 回复：0
CVE-2021-28157

An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrative user to execute arbitrary SQL commands via a username in api/security/us ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：15 | 回复：0
CVE-2021-29449

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the refere ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：12 | 回复：0
CVE-2021-27180

An issue was discovered in MDaemon before 20.0.4. There is Reflected XSS in Webmail (aka WorldClient). It can be exploited via a GET request. It allows performing any action with the privileges of the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：35 | 回复：0
CVE-2021-27181

An issue was discovered in MDaemon before 20.0.4. Remote Administration allows an attacker to perform a fixation of the anti-CSRF token. In order to exploit this issue, the user has to click on a mali ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：18 | 回复：0
CVE-2021-27182

An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail (aka WorldClient). It can be exploited via an email message. It allows an attacker to perform an ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：30 | 回复：0
CVE-2021-27183

An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to exploit an Arbitrary File Write vulnerability. An attacker is able to create new files in any location ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：22 | 回复：0
CVE-2020-36288

The issue navigation and search view in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.1 allows remote attacke ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：17 | 回复：0
CVE-2021-26075

The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remote ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：17 | 回复：0
CVE-2021-26076

The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：18 | 回复：0
CVE-2021-30477

An issue was discovered in Zulip Server before 3.4. A bug in the implementation of replies to messages sent by outgoing webhooks to private streams meant that an outgoing webhook bot could be used to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：10 | 回复：0
CVE-2021-30478

An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the can_forge_sender permission (previously is_api_super_user) resulted in users with this permission being able to s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：26 | 回复：0
CVE-2021-30479

An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the all_public_streams API feature resulted in guest users being able to receive message traffic to public streams th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：5 | 回复：0