CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-24085

Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-1730.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:49 | 阅读：40 | 回复：0
CVE-2021-24086

Windows TCP/IP Denial of Service Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 09:49 | 阅读：27 | 回复：0
CVE-2021-24087

Azure IoT CLI extension Elevation of Privilege Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 09:49 | 阅读：36 | 回复：0
CVE-2021-24088

Windows Local Spooler Remote Code Execution Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 09:49 | 阅读：27 | 回复：0
CVE-2021-24091

Windows Camera Codec Pack Remote Code Execution Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 09:49 | 阅读：27 | 回复：0
CVE-2021-24092

Microsoft Defender Elevation of Privilege Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 09:49 | 阅读：24 | 回复：0
CVE-2021-24093

Windows Graphics Component Remote Code Execution Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 09:49 | 阅读：22 | 回复：0
CVE-2021-24094

Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24074.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:49 | 阅读：19 | 回复：0
CVE-2021-24096

Windows Kernel Elevation of Privilege Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 09:49 | 阅读：20 | 回复：0
CVE-2021-24098

Windows Console Driver Denial of Service Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 09:49 | 阅读：32 | 回复：0
CVE-2021-24099

Skype for Business and Lync Denial of Service Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 09:49 | 阅读：18 | 回复：0
CVE-2021-24100

Microsoft Edge for Android Information Disclosure Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 09:49 | 阅读：15 | 回复：0
CVE-2021-24101

Microsoft Dataverse Information Disclosure Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 09:49 | 阅读：19 | 回复：0
CVE-2021-27695

Multiple stored cross-site scripting (XSS) vulnerabilities in openMAINT 2.1-3.3-b allow remote attackers to inject arbitrary web script or HTML via any Add sections, such as Add Card Building Floor, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：41 | 回复：0
CVE-2021-27817

A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code generated by phar where the suffix is JPG, which is uploaded after modifying the phar suffix.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：38 | 回复：0
CVE-2021-27889

Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：28 | 回复：0
CVE-2020-24982

An issue was discovered in Quadbase ExpressDashboard (EDAB) 7 Update 9. It allows CSRF. An attacker may be able to trick an authenticated user into changing the email address associated with their acc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：24 | 回复：0
CVE-2020-24985

An issue was discovered in Quadbase EspressReports ES 7 Update 9. An authenticated user is able to navigate to the MenuPage section of the application, and change the frmsrc parameter value to retriev ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：43 | 回复：0
CVE-2020-28149

myDBR 5.8.3/4262 is affected by: Cross Site Scripting (XSS). The impact is: execute arbitrary code (remote). The component is: CSRF Token. The attack vector is: CSRF token injection to XSS.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：39 | 回复：0
CVE-2020-29555

The BackupDelete functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to delete arbitrary files on the underlying server by exploiting a path-traversal technique. (This vulne ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：45 | 回复：0
CVE-2020-29556

The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulnera ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：45 | 回复：0
CVE-2021-20286

A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may lead to denial of service.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：28 | 回复：0
CVE-2021-22191

Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：44 | 回复：0
CVE-2021-27890

SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：49 | 回复：0
CVE-2021-27946

SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. (issue 1 of 3).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：49 | 回复：0
CVE-2021-27947

SQL Injection vulnerability in MyBB before 1.8.26 via the Copy Forum feature in Forum Management. (issue 2 of 3).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：50 | 回复：0
CVE-2021-27948

SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. (issue 3 of 3).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：61 | 回复：0
CVE-2021-27949

Cross-site Scripting vulnerability in MyBB before 1.8.26 via Custom moderator tools.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：51 | 回复：0
CVE-2021-28363

The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn&#39 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：47 | 回复：0
CVE-2020-29553

The Scheduler in Grav CMS through 1.7.0-rc.17 allows an attacker to execute a system command by tricking an admin into visiting a malicious website (CSRF).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：66 | 回复：0
CVE-2021-23879

Unquoted service path vulnerability in McAfee Endpoint Product Removal (EPR) Tool prior to 21.2 allows local administrators to execute arbitrary code, with higher-level privileges, via execution from ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：57 | 回复：0
CVE-2021-3150

A cross-site scripting (XSS) vulnerability on the Delete Personal Data page in Cryptshare Server before 4.8.0 allows an attacker to inject arbitrary web script or HTML via the user name. The issue is ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：37 | 回复：0
CVE-2020-27278

In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, hard-coded credentials in the ventilator allow attackers with physical access to obtain admin privileges for the device’s configuration ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：37 | 回复：0
CVE-2020-27282

In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an XML validation vulnerability in the ventilator allows privileged attackers with physical access to render the device persistently unu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：38 | 回复：0
CVE-2020-27290

In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an information disclosure vulnerability in the ventilator allows attackers with physical access to the configuration interface's log ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：42 | 回复：0
CVE-2021-20279

The ID number user profile field required additional sanitizing to prevent a stored XSS risk in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：42 | 回复：0
CVE-2021-20280

Text-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：59 | 回复：0
CVE-2021-20281

It was possible for some users without permission to view other users' full names to do so via the online users block in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：47 | 回复：0
CVE-2021-20282

When creating a user account, it was possible to verify the account without having access to the verification email link/secret in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：49 | 回复：0
CVE-2021-20283

The web service responsible for fetching other users' enrolled courses did not validate that the requesting user had permission to view that information in each course in moodle before 3.10.2, 3.9 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：32 | 回复：0