CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2016-8199

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：24 | 回复：0
CVE-2016-8200

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：12 | 回复：0
CVE-2021-29671

IBM Spectrum Scale 5.1.0.1 could allow a local attacker to bypass the filesystem audit logging mechanism when file audit logging is enabled. IBM X-Force ID: 199478.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：16 | 回复：0
CVE-2020-13532

A privilege escalation vulnerability exists in Dream Report 5 R20-2. In the default configuration, the Syncfusion Dashboard Service service binary can be replaced by attackers to escalate privileges t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：18 | 回复：0
CVE-2020-13533

A privilege escalation vulnerability exists in Dream Report 5 R20-2. IIn the default configuration, the following registry keys, which reference binaries with weak permissions, can be abused by attack ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：24 | 回复：0
CVE-2020-13534

A privilege escalation vulnerability exists in Dream Report 5 R20-2. COM Class Identifiers (CLSID), installed by Dream Report 5 20-2, reference LocalServer32 and InprocServer32 with weak privileges wh ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：11 | 回复：0
CVE-2020-13587

An exploitable SQL injection vulnerability exists in the forms_fields_rules/rules page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：25 | 回复：0
CVE-2020-13591

An exploitable SQL injection vulnerability exists in the access_rules/rules_form page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An at ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：21 | 回复：0
CVE-2020-13592

An exploitable SQL injection vulnerability exists in global_lists/choices page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：17 | 回复：0
CVE-2020-23761

Cross Site Scripting (XSS) vulnerability in subrion CMS Version = 4.2.1 allows remote attackers to execute arbitrary web script via the payment gateway column on transactions tab.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：23 | 回复：0
CVE-2020-23762

Cross Site Scripting (XSS) vulnerability in the Larsens Calender plugin Version = 1.2 for WordPress allows remote attackers to execute arbitrary web script via the titel column on the Eintrage hinzufu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：23 | 回复：0
CVE-2020-23763

SQL injection in admin.php in Online Book Store 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：15 | 回复：0
CVE-2021-20021

A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：25 | 回复：0
CVE-2021-20022

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：21 | 回复：0
CVE-2021-20080

Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persisten ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：17 | 回复：0
CVE-2021-21432

Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. An authentication mechanism added in version 0.7.0 enables some malicious user to obtain secrets ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：29 | 回复：0
CVE-2020-19596

Buffer overflow vulnerability in Core FTP Server v1.2 Build 583, via a crafted username.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：12 | 回复：0
CVE-2020-17453

WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：6 | 回复：0
CVE-2021-20305

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply funct ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：19 | 回复：0
CVE-2021-20307

Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：8 | 回复：0
CVE-2021-20308

Integer overflow in the htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service that is similar to CVE-2017-9181.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：8 | 回复：0
CVE-2021-30141

** DISPUTED ** Module/Settings/UserExport.php in Friendica through 2021.01 allows settings/userexport to be used by anonymous users, as demonstrated by an attempted access to an array offset on a valu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：14 | 回复：0
CVE-2021-28175

The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privile ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：11 | 回复：0
CVE-2021-28176

The DNS configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：6 | 回复：0
CVE-2021-28177

The LDAP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privilege ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：8 | 回复：0
CVE-2021-28178

The UEFI configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privilege ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：7 | 回复：0
CVE-2021-28179

The specific function in ASUS BMC’s firmware Web management page (Media support configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：15 | 回复：0
CVE-2021-28180

The specific function in ASUS BMC’s firmware Web management page (Audit log configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：6 | 回复：0
CVE-2021-28181

The specific function in ASUS BMC’s firmware Web management page (Remote video configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：7 | 回复：0
CVE-2021-28182

The Web Service configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the pr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：19 | 回复：0
CVE-2021-28183

The specific function in ASUS BMC’s firmware Web management page (Web License configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：21 | 回复：0
CVE-2021-28184

The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：23 | 回复：0
CVE-2021-28185

The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-1 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：13 | 回复：0
CVE-2021-28186

The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-2 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：7 | 回复：0
CVE-2021-28187

The specific function in ASUS BMC’s firmware Web management page (Generate new SSL certificate) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As ob ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：12 | 回复：0
CVE-2021-28188

The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：8 | 回复：0
CVE-2021-28189

The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privilege ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：13 | 回复：0
CVE-2021-28190

The specific function in ASUS BMC’s firmware Web management page (Generate new certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：15 | 回复：0
CVE-2021-28191

The Firmware update function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：23 | 回复：0
CVE-2021-28192

The specific function in ASUS BMC’s firmware Web management page (Remote video storage function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As o ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：11 | 回复：0