CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-28193

The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privilege ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：11 | 回复：0
CVE-2021-28194

The specific function in ASUS BMC’s firmware Web management page (Remote image configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：11 | 回复：0
CVE-2021-28195

The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privile ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：12 | 回复：0
CVE-2021-28196

The specific function in ASUS BMC’s firmware Web management page (Generate SSL certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：16 | 回复：0
CVE-2021-28197

The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：23 | 回复：0
CVE-2021-28198

The Firmware protocol configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：31 | 回复：0
CVE-2021-28199

The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：13 | 回复：0
CVE-2021-28200

The CD media configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：12 | 回复：0
CVE-2021-28201

The Service configuration-1 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the priv ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：21 | 回复：0
CVE-2021-28202

The Service configuration-2 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the priv ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：16 | 回复：0
CVE-2021-28203

The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command inje ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：14 | 回复：0
CVE-2021-28204

The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific parameter. As obtaining the administrator permission, remote attack ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：18 | 回复：0
CVE-2021-28205

The specific function in ASUS BMC’s firmware Web management page (Delete SOL video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：18 | 回复：0
CVE-2021-28206

The specific function in ASUS BMC’s firmware Web management page (Record video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can u ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：15 | 回复：0
CVE-2021-28207

The specific function in ASUS BMC’s firmware Web management page (Get Help file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：12 | 回复：0
CVE-2021-28208

The specific function in ASUS BMC’s firmware Web management page (Get video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：16 | 回复：0
CVE-2021-28209

The specific function in ASUS BMC’s firmware Web management page (Delete video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can u ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：15 | 回复：0
CVE-2021-30144

The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileged users to bypass access control on viewing information about the last ten events, the connected users, and the users in the tech ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：12 | 回复：0
CVE-2021-30149

Composr 10.0.36 allows upload and execution of PHP files.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：6 | 回复：0
CVE-2021-30150

Composr 10.0.36 allows XSS in an XML script.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：14 | 回复：0
CVE-2021-30151

Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：25 | 回复：0
CVE-2021-30154

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On Special:NewFiles, all the mediastatistics-header-* messages are output in HTML unescaped, leading to XSS ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：21 | 回复：0
CVE-2021-30157

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-fil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：16 | 回复：0
CVE-2021-30158

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user mig ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：13 | 回复：0
CVE-2019-25026

Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：17 | 回复：0
CVE-2020-36306

Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：11 | 回复：0
CVE-2020-36307

Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：11 | 回复：0
CVE-2020-36308

Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：14 | 回复：0
CVE-2021-30161

An issue was discovered on LG mobile devices with Android OS 11 software. Attackers can bypass the lockscreen protection mechanism after an incoming call has been terminated. The LG ID is LVE-SMP-2100 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：11 | 回复：0
CVE-2021-30162

An issue was discovered on LG mobile devices with Android OS 4.4 through 11 software. Attackers can leverage ISMS services to bypass access control on specific content providers. The LG ID is LVE-SMP- ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：16 | 回复：0
CVE-2021-30163

Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：19 | 回复：0
CVE-2021-30164

Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：16 | 回复：0
CVE-2021-28171

The Vangene deltaFlow E-platform does not take properly protective measures. Attackers can obtain privileged permissions remotely by tampering with users’ data in the Cookie.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：17 | 回复：0
CVE-2021-28172

There is a Path Traversal vulnerability in the file download function of Vangene deltaFlow E-platform. Remote attackers can access credential data with this leakage.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：6 | 回复：0
CVE-2021-28173

The file upload function of Vangene deltaFlow E-platform does not perform access controlled properly. Remote attackers can upload and execute arbitrary files without login.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：18 | 回复：0
CVE-2021-27343

SerenityOS Unspecified is affected by: Buffer Overflow. The impact is: obtain sensitive information (context-dependent). The component is: /Userland/Libraries/LibCrypto/ASN1/DER.h Crypto::der_decode_s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：11 | 回复：0
CVE-2021-27357

RIOT-OS 2020.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：9 | 回复：0
CVE-2021-27697

RIOT-OS 2021.01 contains a buffer overflow vulnerability in sys/net/gnrc/routing/rpl/gnrc_rpl_validation.c through the gnrc_rpl_validation_options() function.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：11 | 回复：0
CVE-2021-27698

RIOT-OS 2021.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c through the _parse_options() function.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：9 | 回复：0
CVE-2021-28075

iKuaiOS 3.4.8 Build 202012291059 has an arbitrary file download vulnerability, which can be exploited by attackers to obtain sensitive information.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：9 | 回复：0