CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-22653

Multiple out-of-bounds write issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code executio ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：27 | 回复：0
CVE-2021-22655

Multiple out-of-bounds read issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：37 | 回复：0
CVE-2021-26276

** DISPUTED ** scripts/cli.js in the GoDaddy node-config-shield (aka Config Shield) package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：29 | 回复：0
CVE-2021-3326

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：36 | 回复：0
CVE-2021-3331

WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. (For example, this is exploitable in a default in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：29 | 回复：0
CVE-2020-0237

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：32 | 回复：0
CVE-2021-26067

Affected versions of Atlassian Bamboo allow an unauthenticated remote attacker to view a stack trace that may reveal the path for the home directory in disk and if certain files exists on the tmp dire ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：44 | 回复：0
CVE-2020-25782

An issue was discovered on Accfly Wireless Security IR Camera 720P System with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNet ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：46 | 回复：0
CVE-2020-25783

An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated heap-based buffer overflow in the function CNetC ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：42 | 回复：0
CVE-2020-25784

An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNet ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：35 | 回复：0
CVE-2020-25785

An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CFtp ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：30 | 回复：0
CVE-2020-35124

A cross-site scripting (XSS) vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：31 | 回复：0
CVE-2021-3142

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-35128. Reason: This candidate is a reservation duplicate of CVE-2020-35128. Notes: All CVE users should reference CVE-2020-35128 ins ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：31 | 回复：0
CVE-2020-5626

Logstorage version 8.0.0 and earlier, and ELC Analytics version 3.0.0 and earlier allow remote attackers to execute arbitrary OS commands via a specially crafted log file.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：37 | 回复：0
CVE-2021-20620

Cross-site scripting vulnerability in Aterm WF800HP firmware Ver1.0.9 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：38 | 回复：0
CVE-2021-20621

Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：44 | 回复：0
CVE-2021-20622

Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to inject an arbitrary script via unspecif ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：43 | 回复：0
CVE-2020-13569

A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP r ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：42 | 回复：0
CVE-2020-4682

IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit thi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：35 | 回复：0
CVE-2020-4888

IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：36 | 回复：0
CVE-2021-22874

Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in userlog-index.php via the `period_preset` parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：28 | 回复：0
CVE-2021-22875

Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in stats.php via the `setPerPage` parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：48 | 回复：0
CVE-2020-26272

The Electron framework lets you write cross-platform desktop applications using JavaScript, HTML and CSS. In affected versions of Electron IPC messages sent from the main process to a subframe in the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：51 | 回复：0
CVE-2021-20183

It was found in Moodle before version 3.10.1 that some search inputs were vulnerable to reflected XSS due to insufficient escaping of search queries.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：77 | 回复：0
CVE-2021-20184

It was found in Moodle before version 3.10.1, 3.9.4 and 3.8.7 that a insufficient capability checks in some grade related web services meant students were able to view other students grades.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：45 | 回复：0
CVE-2021-20186

It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that if the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：63 | 回复：0
CVE-2021-20187

It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authenticat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：33 | 回复：0
CVE-2021-25647

Mobile application Testes de Codigo v11.3 and prior allows stored XSS by injecting a payload in the feedback message field causing it to be stored in the remote database and leading to its execution o ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：35 | 回复：0
CVE-2019-25016

In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：41 | 回复：0
CVE-2020-1723

The logout endpoint /oauth/logout?redirect=url can be abused to redirect logged in users to arbitrary web pages. This vulnerability could be used in phishing attacks. Versions shipped with Red Hat Mob ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：44 | 回复：0
CVE-2020-1725

A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access tok ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：44 | 回复：0
CVE-2020-35517

A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared dir ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：40 | 回复：0
CVE-2020-35754

OpenSolution Quick.CMS 6.7 and Quick.Cart 6.7 allow an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Language tab.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：32 | 回复：0
CVE-2020-36115

Stored Cross Site Scripting (XSS) vulnerability in EGavilan Media CRUD Operation with PHP, MySQL, Bootstrap, and Dompdf via First Name or Last Name parameter in the 'Add New Record Feature'. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：28 | 回复：0
CVE-2021-20185

It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that messaging did not impose a character limit when sending messages, which could result in client-side (browser) denial of servi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：34 | 回复：0
CVE-2021-3160

Deserialization of untrusted data in the login page of ASSUWEB 359.3 build 1 subcomponent of ACA ASSUREX RENTES product allows a remote attacker to inject unsecure serialized Java object using a speci ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：34 | 回复：0
CVE-2021-3337

The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remote attackers to bypass intended content-reading restrictions by clicking on reply or quote in the postbit.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：62 | 回复：0
CVE-2020-8585

OnCommand Unified Manager Core Package versions prior to 5.2.5 may disclose sensitive account information to unauthorized users via the use of PuTTY Link (plink).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：57 | 回复：0
CVE-2020-9212

There is a vulnerability in some version of USG9500 that the device improperly handles the information when a user logs in to device. The attacker can exploit the vulnerability to perform some operati ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：37 | 回复：0
CVE-2020-9213

There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the improper handling of the packets, an attacker may craft many specific packets. Successful exploit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：27 | 回复：0