CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2020-28346

ACRN through 2.2 has a devicemodel/hw/pci/virtio/virtio.c NULL Pointer Dereference.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：23 | 回复：0
CVE-2021-28246

** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user must create a malicio ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：19 | 回复：0
CVE-2021-28247

** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Cross Site Scripting (XSS). The impact is: An authenticated remote user is able to inject arbitrary web s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：29 | 回复：0
CVE-2021-28248

** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts. An attacker is able to perform an arbitrary nu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：36 | 回复：0
CVE-2021-28249

** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. To exploit the vulnerability, the eh ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：21 | 回复：0
CVE-2021-28250

** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid (and/or setgid) file. When a component is run as an argument of the run ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：27 | 回复：0
CVE-2021-20677

UNIVERGE Aspire series PBX (UNIVERGE Aspire WX from 1.00 to 3.51, UNIVERGE Aspire UX from 1.00 to 9.70, UNIVERGE SV9100 from 1.00 to 10.70, and SL2100 from 1.00 to 3.00) allows a remote authenticated ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：19 | 回复：0
CVE-2021-20681

Improper neutralization of JavaScript input in the page editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：20 | 回复：0
CVE-2021-20682

baserCMS versions prior to 4.4.5 allows a remote attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：27 | 回复：0
CVE-2021-20683

Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：20 | 回复：0
CVE-2021-23888

Unvalidated client-side URL redirect vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 could cause an authenticated ePO user to load an untrusted site in an ePO iframe which c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：17 | 回复：0
CVE-2021-23889

Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the admin ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：17 | 回复：0
CVE-2021-23890

Information leak vulnerability in the Agent Handler of McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows an unauthenticated user to download McAfee product packages (specifically McAfee ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：15 | 回复：0
CVE-2021-3275

Unauthenticated stored cross-site scripting (XSS) exists in multiple TP-Link products including WIFI Routers (Wireless AC routers), Access Points, ADSL + DSL Gateways and Routers, which affects TD-W99 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：16 | 回复：0
CVE-2020-25840

Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration destruction.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：26 | 回复：0
CVE-2021-22506

Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：20 | 回复：0
CVE-2020-19625

Remote Code Execution Vulnerability in tests/support/stores/test_grid_filter.php in oria gridx 1.3, allows remote attackers to execute arbitrary code, via crafted value to the $query parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：28 | 回复：0
CVE-2020-19626

Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：27 | 回复：0
CVE-2020-35856

SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by an administrator on the Customize View page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：28 | 回复：0
CVE-2021-3109

The custom menu item options page in SolarWinds Orion Platform before 2020.2.5 allows Reverse Tabnabbing in the context of an administrator account.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：19 | 回复：0
CVE-2020-27829

A heap based buffer overflow in coders/tiff.c may result in program crash and denial of service in ImageMagick before 7.0.10-45.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：11 | 回复：0
CVE-2020-35508

A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：17 | 回复：0
CVE-2020-35518

When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：11 | 回复：0
CVE-2021-1626

MuleSoft is aware of a Remote Code Execution vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. Versions affected: Mule 4.1.x ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：23 | 回复：0
CVE-2021-1627

MuleSoft is aware of a Server Side Request Forgery vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. This affects: Mule 3.8.x ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：43 | 回复：0
CVE-2021-1628

MuleSoft is aware of a XML External Entity (XXE) vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. Affected versions: Mule 4. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：20 | 回复：0
CVE-2021-1629

Tableau Server fails to validate certain URLs that are embedded in emails sent to Tableau Server users.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：35 | 回复：0
CVE-2021-20193

A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：30 | 回复：0
CVE-2021-20197

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (pres ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：40 | 回复：0
CVE-2021-20271

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signatu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：201 | 回复：0
CVE-2021-20284

A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：75 | 回复：0
CVE-2021-20285

A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service (SEGV or buffer overflow and application crash) or possibly have unspecified other ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：35 | 回复：0
CVE-2021-20289

A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the r ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：21 | 回复：0
CVE-2020-28695

Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 devices allow Remote Code Execution and retrieval of admin credentials to log into the Dashboard or login via SSH, leading to code executi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：29 | 回复：0
CVE-2021-21403

In github.com/kongchuanhujiao/server before version 1.3.21 there is an authentication Bypass by Primary Weakness vulnerability. All users are impacted. This is fixed in version 1.3.21.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：24 | 回复：0
CVE-2021-29255

MicroSeven MYM71080i-B 2.0.5 through 2.0.20 devices send admin credentials in cleartext to pnp.microseven.com TCP port 7007. An attacker on the same network as the device can capture these credentials ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：39 | 回复：0
CVE-2021-22886

Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persistent cross-site scripting (XSS) using nested markdown tags allowing a remote attacker to inject arbitrary JavaScript in a message. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：32 | 回复：0
CVE-2021-25369

An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：39 | 回复：0
CVE-2021-25370

An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：35 | 回复：0
CVE-2021-25371

A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：25 | 回复：0