CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-25136

The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL58 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：39 | 回复：0
CVE-2021-25137

The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL58 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：37 | 回复：0
CVE-2021-25138

The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL58 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：53 | 回复：0
CVE-2020-29557

An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to achieve pre-authentication remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：30 | 回复：0
CVE-2021-25646

Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：15 | 回复：0
CVE-2021-21254

CKEditor 5 is an open source rich text editor framework with a modular architecture. The CKEditor 5 Markdown plugin (@ckeditor/ckeditor5-markdown-gfm) before version 25.0.0 has a regex denial of servi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：36 | 回复：0
CVE-2020-15568

TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attack ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：45 | 回复：0
CVE-2020-14418

A TOCTOU vulnerability exists in madCodeHook before 2020-07-16 that allows local attackers to elevate their privileges to SYSTEM. This occurs because path redirection can occur via vectors involving d ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：31 | 回复：0
CVE-2020-15690

In Nim before 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newline character.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：32 | 回复：0
CVE-2020-17380

A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() ro ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：40 | 回复：0
CVE-2021-23329

The package nested-object-assign before 1.0.4 are vulnerable to Prototype Pollution via the default function, as demonstrated by running the PoC below.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：55 | 回复：0
CVE-2020-13856

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. Authentication is not required to download the support file that contains sensitive information such as cleartext credential ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：28 | 回复：0
CVE-2020-13857

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They can be rebooted by sending an unauthenticated poof.cgi HTTP GET request.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：53 | 回复：0
CVE-2020-13858

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They contain two undocumented administrator accounts. The sftp and mofidev accounts are defined in /etc/passwd ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：24 | 回复：0
CVE-2020-13859

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI - OpenWrt Configuration Interface framework, allows the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：36 | 回复：0
CVE-2020-13860

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. The one-time password algorithm for the undocumented system account mofidev generates a predictable six-digit password.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：50 | 回复：0
CVE-2020-15832

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The poof.cgi script contains undocumented code that provides the ability to remotely reboot the device. An adversary with th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：36 | 回复：0
CVE-2020-15833

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The Dropbear SSH daemon has been modified to accept an alternate hard-coded path to a public key that allows root access. Th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：44 | 回复：0
CVE-2020-15834

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The wireless network password is exposed in a QR encoded picture that an unauthenticated adversary can download via the web- ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：38 | 回复：0
CVE-2020-15835

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function contains undocumented code that provides the ability to authenticate as root without knowing the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：45 | 回复：0
CVE-2020-15836

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function passes untrusted data to the operating system without proper sanitization. A crafted request can ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：37 | 回复：0
CVE-2020-26547

Monal before 4.9 does not implement proper sender verification on MAM and Message Carbon (XEP-0280) results. This allows a remote attacker (able to send stanzas to a victim) to inject arbitrary messag ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：34 | 回复：0
CVE-2021-3348

nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O reque ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：33 | 回复：0
CVE-2020-13606

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：35 | 回复：0
CVE-2020-13607

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：43 | 回复：0
CVE-2020-13608

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：36 | 回复：0
CVE-2020-13609

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：40 | 回复：0
CVE-2020-13610

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：29 | 回复：0
CVE-2020-13611

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：24 | 回复：0
CVE-2020-13612

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：32 | 回复：0
CVE-2021-21380

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform (and only those with the Ratings API installed), the Rat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：30 | 回复：0
CVE-2021-28967

The unofficial MATLAB extension before 2.0.1 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace because of lint configuration settings.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：28 | 回复：0
CVE-2021-29133

Lack of verification in haserl, a component of Alpine Linux Configuration Framework, before 0.9.36 allows local users to read the contents of any file on the filesystem.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：30 | 回复：0
CVE-2021-29025

A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/my_images.php URI.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：26 | 回复：0
CVE-2021-29026

A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/permissions.php URI.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：36 | 回复：0
CVE-2021-29027

A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/index.php URI.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：46 | 回复：0
CVE-2021-29028

A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/user_activity.php URI.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：27 | 回复：0
CVE-2021-29029

A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/edit_personal_page.php URI.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：34 | 回复：0
CVE-2021-29030

A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/index.php URI.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：35 | 回复：0
CVE-2021-29031

A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/users_import.php URI.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：35 | 回复：0