CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-20216

A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：21 | 回复：0
CVE-2021-20217

A flaw was found in Privoxy in versions before 3.0.31. An assertion failure triggered by a crafted CGI request may lead to denial of service. The highest threat from this vulnerability is to system av ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：18 | 回复：0
CVE-2021-26596

An issue was discovered in Nokia NetAct 18A. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：28 | 回复：0
CVE-2021-26597

An issue was discovered in Nokia NetAct 18A. A remote user, authenticated to the NOKIA NetAct Web Page, can visit the Site Configuration Tool web site section and arbitrarily upload potentially danger ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：23 | 回复：0
CVE-2021-27192

Local privilege escalation vulnerability in Windows clients of Netop Vision Pro up to and including 9.7.1 allows a local user to gain administrator privileges whilst using the clients.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：36 | 回复：0
CVE-2021-27193

Incorrect default permissions vulnerability in the API of Netop Vision Pro up to and including 9.7.1 allows a remote unauthenticated attacker to read and write files on the remote machine with system ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：36 | 回复：0
CVE-2021-27194

Cleartext transmission of sensitive information in Netop Vision Pro up to and including 9.7.1 allows a remote unauthenticated attacker to gather credentials including Windows login usernames and passw ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：36 | 回复：0
CVE-2021-27195

Improper Authorization vulnerability in Netop Vision Pro up to and including to 9.7.1 allows an attacker to replay network traffic.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：42 | 回复：0
CVE-2021-29096

A use-after-free vulnerability when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allows an unauthenticated at ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：25 | 回复：0
CVE-2021-3443

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an appli ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：15 | 回复：0
CVE-2021-3446

A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when certain sy ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：22 | 回复：0
CVE-2021-3466

A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：34 | 回复：0
CVE-2021-3467

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. A specially crafted JP2 image file could ca ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：31 | 回复：0
CVE-2020-10579

A directory traversal on the /admin/sysmon.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to list the content of arbitrary server directories accessible to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：36 | 回复：0
CVE-2020-10580

A command injection on the /admin/broadcast.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote authenticated attackers to execute arbitrary PHP code on the server as the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：33 | 回复：0
CVE-2020-10581

Multiple session validity check issues in several administration functionalities of Invigo Automatic Device Management (ADM) through 5.0 allow remote attackers to read potentially sensitive data hoste ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：32 | 回复：0
CVE-2020-10582

A SQL injection on the /admin/display_errors.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to execute arbitrary SQL requests (including data reading and mo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：21 | 回复：0
CVE-2020-10583

The /admin/admapi.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote authenticated attackers to execute arbitrary OS commands on the server as the user running the applic ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：25 | 回复：0
CVE-2020-10584

A directory traversal on the /admin/search_by.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to read arbitrary server files accessible to the user running t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：22 | 回复：0
CVE-2021-22888

Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `status` parameter of campaign-zone-zones.php. An attacker could trick a user with access to the user interface of a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：29 | 回复：0
CVE-2021-22889

Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `statsBreakdown` parameter of stats.php (and possibly other scripts) due to single quotes not being escaped. An atta ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：18 | 回复：0
CVE-2021-27438

The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：17 | 回复：0
CVE-2021-27440

The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：23 | 回复：0
CVE-2021-27448

A miscommunication in the file system allows adversaries with access to the MU320E to escalate privileges on the MU320E (all firmware versions prior to v04A00.1).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：16 | 回复：0
CVE-2021-27450

SSH server configuration file does not implement some best practices. This could lead to a weakening of the SSH protocol strength, which could lead to additional misconfiguration or be leveraged as pa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：12 | 回复：0
CVE-2021-27452

The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E (all firmware versions prior to v04A00.1).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：22 | 回复：0
CVE-2021-27454

The software performs an operation at a privilege level higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses on the Reason DR60 (all f ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：12 | 回复：0
CVE-2021-29008

A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via webmaster-tools.php in the to_time parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：14 | 回复：0
CVE-2021-29009

A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the type parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：19 | 回复：0
CVE-2021-29010

A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the report_type parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：16 | 回复：0
CVE-2021-29093

A use-after-free vulnerability when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：10 | 回复：0
CVE-2021-29094

Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：12 | 回复：0
CVE-2021-29095

Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：14 | 回复：0
CVE-2021-29097

Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allow an unauthent ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：17 | 回复：0
CVE-2021-29098

Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allow an una ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：15 | 回复：0
CVE-2021-27372

Realtek xPON RTL9601D SDK 1.9 stores passwords in plaintext which may allow attackers to possibly gain access to the device with root permissions via the build-in network monitoring tool and execute a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：15 | 回复：0
CVE-2021-3119

Zetetic SQLCipher 4.x before 4.4.3 has a NULL pointer dereferencing issue related to sqlcipher_export in crypto.c and sqlite3StrICmp in sqlite3.c. This may allow an attacker to perform a remote denial ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：14 | 回复：0
CVE-2020-23517

Cross Site Scripting (XSS) vulnerability in Aryanic HighMail (High CMS) versions 2020 and before allows remote attackers to inject arbitrary web script or HTML, via 'user' to LoginForm. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：17 | 回复：0
CVE-2021-3027

app/views_mod/user/user.py in LibrIT PaSSHport through 2.5 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided search filter beca ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：18 | 回复：0
CVE-2021-3153

HashiCorp Terraform Enterprise up to v202102-2 failed to enforce an organization-level setting that required users within an organization to have two-factor authentication enabled. Fixed in v202103-1.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：18 | 回复：0