CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-30039

Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Fever or Blood Pressure field on the patients/register-report.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：15 | 回复：0
CVE-2021-30042

Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Clinic Name, Clinic Address, Clinic City, or Clinic Contact field on clinics/register.php……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：16 | 回复：0
CVE-2021-30044

Cross Site Scripting (XSS) in Remote Clinic v2.0 via the First Name or Last Name field on staff/register.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：30 | 回复：0
CVE-2021-30503

The unofficial GLSL Linting extension before 1.4.0 for Visual Studio Code allows remote code execution via a crafted glslangValidatorPath in the workspace configuration.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：26 | 回复：0
CVE-2021-30637

htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Description to config.html.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：23 | 回复：0
CVE-2021-28938

Siren Federate before 6.8.14-10.3.9, 6.9.x through 7.6.x before 7.6.2-20.2, 7.7.x through 7.9.x before 7.9.3-21.6, 7.10.x before 7.10.2-22.2, and 7.11.x before 7.11.2-23.0 can leak user information ac ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：16 | 回复：0
CVE-2021-29003

Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers to execute arbitrary code via shell metacharacters to sys_config_valid.xgi, as demonstrated by the sys_config_valid.xgi?exeshell= ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：12 | 回复：0
CVE-2021-29054

Certain Papoo products are affected by: Cross Site Request Forgery (CSRF) in the admin interface. This affects Papoo CMS Light through 21.02 and Papoo CMS Pro through 6.0.1. The impact is: gain privil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：23 | 回复：0
CVE-2021-27905

The ReplicationHandler (normally registered at /replication under a Solr core) in Apache Solr has a masterUrl (also leaderUrl alias) parameter that is used to designate another ReplicationHandler on a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：17 | 回复：0
CVE-2021-29262

When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only use ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：21 | 回复：0
CVE-2021-29425

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like //../foo, or \\..\foo, the result would be the same value, thus possibly providing ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：49 | 回复：0
CVE-2021-29943

When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client cr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：14 | 回复：0
CVE-2021-25250

An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a sensitive file could allow a local attacker to escalate privileges on aff ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：11 | 回复：0
CVE-2021-25253

An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a resource used by the service could allow a local attacker to escalate pri ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：12 | 回复：0
CVE-2021-28645

An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to escalate privileges on affected installations. Ple ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：15 | 回复：0
CVE-2021-28646

An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to take control of a specific log file on affected installa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：8 | 回复：0
CVE-2021-28647

Trend Micro Password Manager version 5 (Consumer) is vulnerable to a DLL Hijacking vulnerability which could allow an attacker to inject a malicious DLL file during the installation progress and could ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：10 | 回复：0
CVE-2021-22505

Escalation of privileges vulnerability in Micro Focus Operations Agent, affects versions 12.0x, 12.10, 12.11, 12.12, 12.14 and 12.15. The vulnerability could be exploited to escalate privileges and ex ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：15 | 回复：0
CVE-2021-28421

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-21417. Reason: This candidate is a duplicate of CVE-2021-21417. Notes: All CVE users should reference CVE-2021-21417 instead of this ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：14 | 回复：0
CVE-2021-30175

ZEROF Web Server 1.0 (April 2021) allows SQL Injection via the /HandleEvent endpoint for the login page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：10 | 回复：0
CVE-2021-30176

The ZEROF Expert pro/2.0 application for mobile devices allows SQL Injection via the Authorization header to the /v2/devices/add endpoint.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：13 | 回复：0
CVE-2020-13566

SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability In admin/edit_gro ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：16 | 回复：0
CVE-2020-13568

SQL injection vulnerability exists in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability in admin/edit_grou ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：6 | 回复：0
CVE-2020-27227

An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：9 | 回复：0
CVE-2020-27228

An incorrect default permissions vulnerability exists in the installation functionality of OpenClinic GA 5.173.3. Overwriting the binary can result in privilege escalation. An attacker can replace a f ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：13 | 回复：0
CVE-2020-27233

An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the supplierUID parameter. An attacker can make an authenticated HTTP request to trigger this vu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：11 | 回复：0
CVE-2020-27234

An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the serviceUID parameter. An attacker can make an authenticated HTTP request to trigger this vul ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：10 | 回复：0
CVE-2020-27235

An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the description parameter. An attacker can make an authenticated HTTP request to trigger this vu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：23 | 回复：0
CVE-2020-27236

An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the compnomenclature parameter. An attacker can make an authenticated HTTP request to trigger th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：22 | 回复：0
CVE-2021-21729

Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification, attackers could perform illegal authorization operations by constructing messages.This affects: ZXHN ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：4 | 回复：0
CVE-2021-21730

A ZTE product is impacted by improper access control vulnerability. The attacker could exploit this vulnerability to access CLI by brute force attacks.This affects: ZXHN H168N V3.5.0_TY.T6……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：21 | 回复：0
CVE-2021-21731

A CSRF vulnerability exists in the management page of a ZTE product.The vulnerability is caused because the management page does not fully verify whether the request comes from a trusted user. The att ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：7 | 回复：0
CVE-2021-28973

The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE at ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：8 | 回复：0
CVE-2021-29997

An issue was discovered in Wind River VxWorks 7 before 21.03. A specially crafted packet may lead to buffer over-read on IKE.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：8 | 回复：0
CVE-2021-29998

An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：14 | 回复：0
CVE-2021-29999

An issue was discovered in Wind River VxWorks through 6.8. There is a possible stack overflow in dhcp server.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：4 | 回复：0
CVE-2020-28590

An out-of-bounds read vulnerability exists in the Obj File TriangleMesh::TriangleMesh() functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted obj file could lead to i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：15 | 回复：0
CVE-2021-0400

In injectBestLocation and handleUpdateLocation of GnssLocationProvider.java, there is a possible incorrect reporting of location data to emergency services due to improper input validation. This could ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：20 | 回复：0
CVE-2021-0426

In parsePrimaryFieldFirstUidAnnotation of LogEvent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：24 | 回复：0
CVE-2021-0427

In parseExclusiveStateAnnotation of LogEvent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：12 | 回复：0