CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-29663

CourseMS (aka Course Registration Management System) 2.1 is affected by cross-site scripting (XSS). When an attacker with access to an Admin account creates a Job Title in the Site area (aka the admin ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：59 | 回复：0
CVE-2021-22538

A privilege escalation vulnerability impacting the Google Exposure Notification Verification Server (versions prior to 0.23.1), allows an attacker who (1) has UserWrite permissions and (2) is using a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：47 | 回复：0
CVE-2020-24550

An Open Redirect vulnerability in EpiServer Find before 13.2.7 allows an attacker to redirect users to untrusted websites via the _t_redirect parameter in a crafted URL, such as a /find_v2/_click URL.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：39 | 回复：0
CVE-2021-27220

An issue was discovered in PRTG Network Monitor before 21.1.66.1623. By invoking the screenshot functionality with prepared context paths, an attacker is able to verify the existence of certain files ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：30 | 回复：0
CVE-2021-27349

Advanced Order Export before 3.1.8 for WooCommerce allows XSS, a different vulnerability than CVE-2020-11727.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：41 | 回复：0
CVE-2021-28994

kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：32 | 回复：0
CVE-2021-29349

Mahara 20.10 is affected by Cross Site Request Forgery (CSRF) that allows a remote attacker to remove inbox-mail on the server. The application fails to validate the CSRF token for a POST request. An ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：46 | 回复：0
CVE-2020-36238

The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：65 | 回复：0
CVE-2020-36286

The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：34 | 回复：0
CVE-2021-26071

The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymou ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：68 | 回复：0
CVE-2021-29266

An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c has a use-after-free because v-config_ctx has an invalid value upon re-opening a character device, aka CID-f6bbf0010ba0.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：39 | 回复：0
CVE-2021-29249

BTCPay Server before 1.0.6.0, when the payment button is used, has a privacy vulnerability.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：32 | 回复：0
CVE-2021-29271

remark42 before 1.6.1 allows XSS, as demonstrated by Locator: Locator{URL: followed by an XSS payload. This is related to backend/app/store/comment.go and backend/app/store/service/service.go.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：38 | 回复：0
CVE-2021-29272

bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the script string.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：33 | 回复：0
CVE-2021-29274

Redmine 4.1.x before 4.1.2 allows XSS because an issue's subject is mishandled in the auto complete tip.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：40 | 回复：0
CVE-2021-28936

The Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) Web management administrator password can be changed by sending a specially crafted HTTP GET request. The administrator username has to be known ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：47 | 回复：0
CVE-2021-28937

The /password.html page of the Web management interface of the Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) contains the administrator account password in plaintext. The page can be intercepted ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：51 | 回复：0
CVE-2021-23358

The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is pa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：53 | 回复：0
CVE-2019-5317

A local authentication bypass vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：42 | 回复：0
CVE-2020-7850

NBBDownloader.ocx ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. A remote attacker co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：68 | 回复：0
CVE-2021-21727

A ZTE product has a DoS vulnerability. A remote attacker can amplify traffic by sending carefully constructed IPv6 packets to the affected devices, which eventually leads to device denial of service. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：63 | 回复：0
CVE-2021-27352

An open redirect vulnerability in Ilch CMS version 2.1.42 allows attackers to redirect users to an attacker's site after a successful login.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：51 | 回复：0
CVE-2021-29267

Sherlock SherlockIM through 2021-03-29 allows Cross Site Scripting (XSS) by leveraging the api/Files/Attachment URI to attack help-desk staff via the chatbot feature.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：44 | 回复：0
CVE-2020-25217

Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Command Injection as root in its administrative web interface.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：33 | 回复：0
CVE-2020-25218

Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allow Authentication Bypass in its administrative web interface.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：40 | 回复：0
CVE-2021-28670

Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 before 103.001.030.32000, C8045/C8055 before 103.002.030.32000 and C8070 before 103.003.030.32000 allow unauthorized users, by leveragi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：36 | 回复：0
CVE-2021-29416

An issue was discovered in PortSwigger Burp Suite before 2021.2. During viewing of a malicious request, it can be manipulated into issuing a request that does not respect its upstream proxy configurat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：34 | 回复：0
CVE-2021-29417

gitjacker before 0.1.0 allows remote attackers to execute arbitrary code via a crafted .git directory because of directory traversal.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：24 | 回复：0
CVE-2020-24635

A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：38 | 回复：0
CVE-2020-24636

A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：47 | 回复：0
CVE-2020-25577

In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 rtsold(8) does not verify that the RDNSS option does not e ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：40 | 回复：0
CVE-2020-25583

In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 when processing a DNSSL option, rtsold(8) decodes domain n ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：34 | 回复：0
CVE-2020-35137

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: the reported issue is not a vulnerability or exposure. Notes: This is an opt-in feature to the product - it is not enabled by d ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：29 | 回复：0
CVE-2020-35138

** DISPUTED ** The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded encryption key, used to encrypt the submission of username/password details during the authentication pr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：43 | 回复：0
CVE-2021-25143

A remote denial of service (dos) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.9 and ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：57 | 回复：0
CVE-2021-25144

A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 an ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：38 | 回复：0
CVE-2021-26714

The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow a user to access restricted files and folders due to insufficient access control. A successful exploit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：24 | 回复：0
CVE-2021-28668

Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 has several SQL injection vulnerabilities.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：44 | 回复：0
CVE-2021-28669

Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 provide the ability to set configuration at ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：47 | 回复：0
CVE-2021-28673

Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), WorkCentre 6515 before 65.61.23 and 65.59.11 (Bridge), VersaLink B400 before 37.61.23 and 37.59.01 (Bridge), B405 before 38.61.23 and 38.59.01 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：44 | 回复：0