CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-29072

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：41 | 回复：0
CVE-2021-29073

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R8000P before 1.4.1.66, MK62 before 1.0.6.110, MR60 before 1.0.6.110, MS60 before 1.0.6.110 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：38 | 回复：0
CVE-2021-29074

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects RBW30 before 2.6.2.2, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.1 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：44 | 回复：0
CVE-2021-29075

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects RBW30 before 2.6.2.2, RBK852 before 3.2.17.12, RBK852 before 3.2.17.12, RBK852 before 3.2.1 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：38 | 回复：0
CVE-2021-29076

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.1 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：44 | 回复：0
CVE-2021-29077

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBW30 before 2.6.2.2, RBS40V before 2.6.2.4, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RB ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：45 | 回复：0
CVE-2021-29078

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.1 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：39 | 回复：0
CVE-2021-29079

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.1 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：27 | 回复：0
CVE-2021-29080

Certain NETGEAR devices are affected by password reset by an unauthenticated attacker. This affects RBK852 before 3.2.10.11, RBK853 before 3.2.10.11, RBR854 before 3.2.10.11, RBR850 before 3.2.10.11, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：27 | 回复：0
CVE-2021-29081

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects RBW30 before 2.6.2.2, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：31 | 回复：0
CVE-2021-29082

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBW30 before 2.6.1.4, RBS40V before 2.6.1.4, RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：28 | 回复：0
CVE-2020-28503

The package copy-props before 2.0.5 are vulnerable to Prototype Pollution via the main functionality.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：33 | 回复：0
CVE-2021-23361

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：17 | 回复：0
CVE-2021-27309

Clansphere CMS 2011.4 allows unauthenticated reflected XSS via module parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：30 | 回复：0
CVE-2021-27310

Clansphere CMS 2011.4 allows unauthenticated reflected XSS via language parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：29 | 回复：0
CVE-2021-27526

A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the page parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：27 | 回复：0
CVE-2021-27527

A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the valueID parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：41 | 回复：0
CVE-2021-27528

A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the refID parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：29 | 回复：0
CVE-2021-27529

A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the limit parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：20 | 回复：0
CVE-2021-27530

A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allow remote attacker to inject javascript via URI in /index.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：21 | 回复：0
CVE-2021-27531

A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the query parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：22 | 回复：0
CVE-2021-27969

Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder width parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：40 | 回复：0
CVE-2020-7346

Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) for Windows prior to 11.6.100 allows a local, low privileged, attacker through the use of junctions to cause the product to load ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：32 | 回复：0
CVE-2021-21376

OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：34 | 回复：0
CVE-2021-21377

OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 supports redirection to a given URL after performing login or switching the group context ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：26 | 回复：0
CVE-2020-12483

The appstore before 8.12.0.0 exposes some of its components, and the attacker can cause remote download and install apps through carefully constructed parameters.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：38 | 回复：0
CVE-2021-20219

A denial of service vulnerability was found in n_tty_receive_char_special in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could delay the loop (d ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：22 | 回复：0
CVE-2021-20222

A flaw was found in keycloak. The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highest threat from this vulnerability is to data confidentiality ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：20 | 回复：0
CVE-2021-20227

A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of servi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：33 | 回复：0
CVE-2021-20270

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：15 | 回复：0
CVE-2021-23274

The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：30 | 回复：0
CVE-2021-23362

The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular e ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：35 | 回复：0
CVE-2021-21401

Nanopb is a small code-size Protocol Buffers implementation in ansi C. In Nanopb before versions 0.3.9.8 and 0.4.5, decoding a specifically formed message can cause invalid `free()` or `realloc()` cal ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：32 | 回复：0
CVE-2021-3444

The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：28 | 回复：0
CVE-2020-24994

Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：28 | 回复：0
CVE-2021-21402

Jellyfin is a Free Software Media System. In Jellyfin before version 10.7.1, with certain endpoints, well crafted requests will allow arbitrary file read from a Jellyfin server's file system. This ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：32 | 回复：0
CVE-2021-27908

In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the fr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：38 | 回复：0
CVE-2021-3392

A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas_free_request() that does not dequeue the request o ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：29 | 回复：0
CVE-2019-19343

A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. A memory leak in HttpOpenListener due to holding remote connections indefinitely may lead to deni ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：28 | 回复：0
CVE-2021-28099

In Netflix OSS Hollow, since the Files.exists(parent) is run before creating the directories, an attacker can pre-create these directories with wide permissions. Additionally, since an insecure source ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：21 | 回复：0