CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-25282

An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：48 | 回复：0
CVE-2021-25283

An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：40 | 回复：0
CVE-2021-25284

An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：38 | 回复：0
CVE-2021-3144

In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：40 | 回复：0
CVE-2021-3148

An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：39 | 回复：0
CVE-2021-3151

i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：44 | 回复：0
CVE-2021-3197

An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an AP ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：47 | 回复：0
CVE-2021-27132

SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：74 | 回复：0
CVE-2021-27225

In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users (who have coding permissions) to read and overwrite notebooks in projects that they are not a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：102 | 回复：0
CVE-2021-20629

Cross-site scripting vulnerability in E-mail of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：39 | 回复：0
CVE-2021-20630

Improper access control vulnerability in Phone Messages of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Phone Messages via unspecif ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：29 | 回复：0
CVE-2021-20631

Improper input validation vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attacker to alter the data of Custom App via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：42 | 回复：0
CVE-2021-20632

Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Bulletin Board via unspecif ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：31 | 回复：0
CVE-2021-20633

Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Cabinet via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：34 | 回复：0
CVE-2021-20634

Improper access control vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Custom App via unspecified vect ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：38 | 回复：0
CVE-2021-20675

M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B (DL8-B) versions prior to Ver3.0, type C (DL8-C) versions prior to Ver3.0, type D (DL8-D) versions prior to Ver3.0, and type E (DL8 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：35 | 回复：0
CVE-2021-20676

M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B (DL8-B) versions prior to Ver3.0, type C (DL8-C) versions prior to Ver3.0, type D (DL8-D) versions prior to Ver3.0, and type E (DL8 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：46 | 回复：0
CVE-2021-20678

SQL injection vulnerability in the Paid Memberships Pro versions prior to 2.5.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：35 | 回复：0
CVE-2021-28667

StackStorm before 3.4.1, in some situations, has an infinite loop that consumes all available memory and disk space. This can occur if Python 3.x is used, the locale is not utf-8, and there is an atte ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：37 | 回复：0
CVE-2021-28681

Pion WebRTC before 3.0.15 didn't properly tear down the DTLS Connection when certificate verification failed. The PeerConnectionState was set to failed, but a user could ignore that and continue t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：27 | 回复：0
CVE-2021-22848

HGiga MailSherlock contains a SQL Injection. Remote attackers can inject SQL syntax and execute SQL commands in a URL parameter of email pages without privilege.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：23 | 回复：0
CVE-2021-3141

In Unisys Stealth (core) before 6.0.025.0, the Keycloak password is stored in a recoverable format that might be accessible by a local attacker, who could gain access to the Management Server and chan ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：31 | 回复：0
CVE-2021-28417

A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php and the search_name parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：38 | 回复：0
CVE-2021-28418

A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via settings.php and the category parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：25 | 回复：0
CVE-2021-28419

The order_col parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：25 | 回复：0
CVE-2021-28420

A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via alerts.php and the from_time parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：38 | 回复：0
CVE-2021-23359

This affects all versions of package port-killer. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process ex ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：25 | 回复：0
CVE-2021-26236

FastStone Image Viewer v.= 7.5 is affected by a Stack-based Buffer Overflow at 0x005BDF49, affecting the CUR file parsing functionality (BITMAPINFOHEADER Structure, 'BitCount' file format fiel ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：21 | 回复：0
CVE-2021-21623

An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：31 | 回复：0
CVE-2021-21624

An incorrect permission check in Jenkins Role-based Authorization Strategy Plugin 3.1 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：33 | 回复：0
CVE-2021-21625

Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate creden ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：40 | 回复：0
CVE-2021-21626

Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform a permission check in methods implementing form validation, allowing attackers with Item/Read permission but without Item/Wor ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：32 | 回复：0
CVE-2021-21627

A cross-site request forgery (CSRF) vulnerability in Jenkins Libvirt Agents Plugin 1.9.0 and earlier allows attackers to stop hypervisor domains.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：23 | 回复：0
CVE-2021-26233

FastStone Image Viewer = 7.5 is affected by a user mode write access violation near NULL at 0x005bdfcb, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. At ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：33 | 回复：0
CVE-2021-26234

FastStone Image Viewer = 7.5 is affected by a user mode write access violation at 0x00402d8a, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：41 | 回复：0
CVE-2021-26235

FastStone Image Viewer = 7.5 is affected by a user mode write access violation near NULL at 0x005bdfc9, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. At ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：36 | 回复：0
CVE-2021-26237

FastStone Image Viewer = 7.5 is affected by a user mode write access violation at 0x00402d7d, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：36 | 回复：0
CVE-2021-28133

Zoom through 5.5.4 sometimes allows attackers to read private information on a participant's screen, even though the participant never attempted to share the private part of their screen. When a u ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：32 | 回复：0
CVE-2021-24123

Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privileg ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：44 | 回复：0
CVE-2021-24124

Unvalidated input and lack of output encoding in the WP Shieldon WordPress plugin, version 1.6.3 and below, leads to Unauthenticated Reflected Cross-Site Scripting (XSS) when the CAPTCHA page is shown ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：52 | 回复：0