CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-22872

Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in mod ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：23 | 回复：0
CVE-2021-22873

Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been availa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：27 | 回复：0
CVE-2021-25863

Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：38 | 回复：0
CVE-2021-25864

node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：48 | 回复：0
CVE-2021-25900

An issue was discovered in the smallvec crate before 0.6.14 and 1.x before 1.6.1 for Rust. There is a heap-based buffer overflow in SmallVec::insert_many.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：38 | 回复：0
CVE-2021-25901

An issue was discovered in the lazy-init crate through 2021-01-17 for Rust. Lazy lacks a Send bound, leading to a data race.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：43 | 回复：0
CVE-2021-25902

An issue was discovered in the glsl-layout crate before 0.4.0 for Rust. When a panic occurs, map_array can perform a double drop.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：41 | 回复：0
CVE-2021-25903

An issue was discovered in the cache crate through 2021-01-01 for Rust. A raw pointer is dereferenced.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：39 | 回复：0
CVE-2021-25904

An issue was discovered in the av-data crate before 0.3.0 for Rust. A raw pointer is dereferenced, leading to a read of an arbitrary memory address, sometimes causing a segfault.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：186 | 回复：0
CVE-2021-25905

An issue was discovered in the bra crate before 0.1.1 for Rust. It lacks soundness because it can read uninitialized memory.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：34 | 回复：0
CVE-2021-25906

An issue was discovered in the basic_dsp_matrix crate before 0.9.2 for Rust. When a TransformContent panic occurs, a double drop can be performed.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：34 | 回复：0
CVE-2021-25907

An issue was discovered in the containers crate before 0.9.11 for Rust. When a panic occurs, a util::{mutate,mutate2} double drop can be performed.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：309 | 回复：0
CVE-2021-25908

An issue was discovered in the fil-ocl crate through 2021-01-04 for Rust. FromEventList can lead to a double free.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：31 | 回复：0
CVE-2021-26025

PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a User Mode Write Access Violation starting at IDE_ACDStd!zlibVersion+0x0000000000004e5e via a crafted BMP image.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：26 | 回复：0
CVE-2021-26026

PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a User Mode Write Access Violation starting at IDE_ACDStd!JPEGTransW+0x000000000000c7f4 via a crafted BMP image.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：23 | 回复：0
CVE-2021-26266

cPanel before 92.0.9 allows a Reseller to bypass the suspension lock (SEC-578).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：25 | 回复：0
CVE-2021-26267

cPanel before 92.0.9 allows a MySQL user (who has an old-style password hash) to bypass suspension (SEC-579).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：29 | 回复：0
CVE-2021-3114

In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：29 | 回复：0
CVE-2021-3115

Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the go get command to fetch modules that make use of cgo (for example, cgo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：26 | 回复：0
CVE-2021-3152

** DISPUTED ** Home Assistant before 2021.1.3 does not have a protection layer that can help to prevent directory-traversal attacks against custom integrations. NOTE: the vendor's perspective is t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：140 | 回复：0
CVE-2021-3164

ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file via a POST request to reso ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：31 | 回复：0
CVE-2021-3185

A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption and possibly cod ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：32 | 回复：0
CVE-2021-3186

A Stored Cross-site scripting (XSS) vulnerability in /main.html Wifi Settings in Tenda AC5 AC1200 version V15.03.06.47_multi allows remote attackers to inject arbitrary web script or HTML via the Wifi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：30 | 回复：0
CVE-2021-3188

phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：33 | 回复：0
CVE-2021-3190

The async-git package before 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：24 | 回复：0
CVE-2021-3193

Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：41 | 回复：0
CVE-2021-3195

** DISPUTED ** bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a dumpwallet RPC call. NOTE: this reportedly does no ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：30 | 回复：0
CVE-2021-3199

Directory traversal with remote code execution can occur in /upload in ONLYOFFICE Document Server before 5.6.3, when JWT is used, via a /.. sequence in an image upload parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：47 | 回复：0
CVE-2021-3223

Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：32 | 回复：0
CVE-2021-3278

Local Service Search Engine Management System 1.0 has a vulnerability through authentication bypass using SQL injection . Using this vulnerability, an attacker can bypass the login page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：28 | 回复：0
CVE-2021-3285

jxbrowser in TI Code Composer Studio IDE 8.x through 10.x before 10.1.1 does not verify X.509 certificates for HTTPS.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：24 | 回复：0
CVE-2021-3286

SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. NOTE: this issue exists because of an incomplete ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：23 | 回复：0
CVE-2021-3291

Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：24 | 回复：0
CVE-2021-28160

Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) suffers from a reflected XSS vulnerability due to unsanitized SSID value when the latter is displayed in the /repeater.html page (Repeater Wizard homepage ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：36 | 回复：0
CVE-2019-14851

A denial of service vulnerability was discovered in nbdkit. A client issuing a certain sequence of commands could possibly trigger an assertion failure, causing nbdkit to exit. This issue only affecte ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：31 | 回复：0
CVE-2019-14852

A flaw was found in 3scale’s APIcast gateway that enabled the TLS 1.0 protocol. An attacker could target traffic using this weaker protocol and break its encryption, gaining access to unauthorized in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：28 | 回复：0
CVE-2020-26797

Mediainfo before version 20.08 has a heap buffer overflow vulnerability via MediaInfoLib::File_Gxf::ChooseParser_ChannelGrouping.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：26 | 回复：0
CVE-2020-26886

Softaculous before 5.5.7 is affected by a code execution vulnerability because of External Initialization of Trusted Variables or Data Stores. This leads to privilege escalation on the local host.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：22 | 回复：0
CVE-2020-36144

Redash 8.0.0 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided template since the username included in the search filter lacks ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：20 | 回复：0
CVE-2020-9367

The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build 10.0.486 is vulnerable to DLL Hijacking: dcinventory.exe and dcconfig.exe try to load CSUNSAPI.dll without supplying the complete ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：29 | 回复：0