CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-27329

Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or HTTP requests to arbitrary domain names.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：25 | 回复：0
CVE-2021-27335

KollectApps before 4.8.16c is affected by insecure Java deserialization, leading to Remote Code Execution via a ysoserial.payloads.CommonsCollections parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：13 | 回复：0
CVE-2021-3271

PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS can be submitted via the Book Info's Long Description Body, and all actions to open or preview the books page will result in the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：12 | 回复：0
CVE-2020-35591

Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：12 | 回复：0
CVE-2020-35592

Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header to the admin/ URI. A remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and ac ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：20 | 回复：0
CVE-2020-35776

A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：20 | 回复：0
CVE-2020-36233

The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileg ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：27 | 回复：0
CVE-2021-26717

An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remot ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：32 | 回复：0
CVE-2021-26906

An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：17 | 回复：0
CVE-2021-26712

Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：17 | 回复：0
CVE-2021-26747

Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：33 | 回复：0
CVE-2020-19513

Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 allows attackers to execute arbitrary code by creating a crafted input that will overwrite the SEH handler.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：21 | 回复：0
CVE-2019-25024

OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters in the functions/ajax_system.php post_service parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：9 | 回复：0
CVE-2021-27403

Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow cgi-bin/te_acceso_router.cgi curWebPage XSS.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：11 | 回复：0
CVE-2021-27404

Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injection of a Host HTTP header.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：12 | 回复：0
CVE-2020-36246

Amaze File Manager before 3.5.1 allows attackers to obtain root privileges via shell metacharacters in a symbolic link.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：22 | 回复：0
CVE-2021-26746

Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= URI.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：19 | 回复：0
CVE-2021-27405

A ReDoS (regular expression denial of service) flaw was found in the @progfay/scrapbox-parser package before 6.0.3 for Node.js.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：17 | 回复：0
CVE-2020-24908

Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%\checkmk\agent\local directory.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：20 | 回复：0
CVE-2020-36247

Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：20 | 回复：0
CVE-2020-10252

An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharing/external remote parameter), an authenticated attacker can interact with local services blindly (ak ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：17 | 回复：0
CVE-2020-10254

An issue was discovered in ownCloud before 10.4. An attacker can bypass authentication on a password-protected image by displaying its preview.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：17 | 回复：0
CVE-2020-36249

The File Firewall before 2.8.0 for ownCloud Server does not properly enforce file-type restrictions for public shares.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：18 | 回复：0
CVE-2020-36250

In the ownCloud application before 2.15 for Android, the lock protection mechanism can be bypassed by moving the system date/time into the past.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：18 | 回复：0
CVE-2020-36251

ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else's access to that share.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：27 | 回复：0
CVE-2020-36252

ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：19 | 回复：0
CVE-2020-36248

The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：14 | 回复：0
CVE-2021-3339

ModernFlow before 1.3.00.208 does not constrain web-page access to members of a security group, as demonstrated by the Search Screen and the Profile Screen.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：19 | 回复：0
CVE-2021-26296

In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site reques ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：24 | 回复：0
CVE-2021-3204

SSRF in the document conversion component of Webware Webdesktop 5.1.15 allows an attacker to read all files from the server.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：12 | 回复：0
CVE-2021-3210

components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound = 4.0.1 allows remote attackers to execute arbitrary system commands when the victim imports a malicious data file containing JavaSc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：18 | 回复：0
CVE-2020-12374

Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow a privileged user to potentially enable escalation of privilege vi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：12 | 回复：0
CVE-2021-22701

A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：33 | 回复：0
CVE-2021-22702

A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notificat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：11 | 回复：0
CVE-2021-22703

A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affect ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：6 | 回复：0
CVE-2020-13549

An exploitable local privilege elevation vulnerability exists in the file system permissions of Sytech XL Reporter v14.0.1 install directory. Depending on the vector chosen, an attacker can overwrite ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：9 | 回复：0
CVE-2021-21512

Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an Information Disclosure vulnerability. A locally authenticated high privileged Cyber Recovery user may potentially exploit this vulne ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：10 | 回复：0
CVE-2021-23342

This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1) When parsing HTML from ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：9 | 回复：0
CVE-2020-25171

The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：12 | 回复：0
CVE-2020-9050

Path Traversal vulnerability exists in Metasys Reporting Engine (MRE) Web Services which could allow a remote unauthenticated attacker to access and download arbitrary files from the system.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：23 | 回复：0