CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2020-24500

Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may allow a privileged user to potentially enable a denial of service via local access.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：24 | 回复：0
CVE-2020-24501

Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may allow an unauthenticated user to potentially enable denial of service via adjacent access.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：25 | 回复：0
CVE-2020-24502

Improper input validation in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 and before version 1.4.29.0 for Windows*, may allow an authenticated user to potentially enable ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：29 | 回复：0
CVE-2020-24503

Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable information disclosure via local access.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：19 | 回复：0
CVE-2020-24504

Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable denial of service via local access ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：9 | 回复：0
CVE-2020-24505

Insufficient input validation in the firmware for the Intel(R) 700-series of Ethernet Controllers before version 7.3 may allow a privileged user to potentially enable denial of service via local acces ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：31 | 回复：0
CVE-2020-7848

The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this vulnerability, an attacker can send a GET request that executes arbitrary ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：18 | 回复：0
CVE-2020-7849

A vulnerability of uPrism.io CURIX(Video conferecing solution) could allow an unauthenticated attacker to execute arbitrary code. This vulnerability is due to insufficient input(server domain) validat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：19 | 回复：0
CVE-2020-8678

Improper access control for Intel(R) Graphics Drivers before version 15.45.33.5164 and 27.20.100.8280 may allow an authenticated user to potentially enable an escalation of privilege via local access.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：30 | 回复：0
CVE-2020-8701

Incorrect default permissions in installer for the Intel(R) SSD Toolbox versions before 2/9/2021 may allow a privileged user to potentially enable escalation of privilege via local access.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：16 | 回复：0
CVE-2020-8765

Incorrect default permissions in the installer for the Intel(R) RealSense(TM) DCM may allow a privileged user to potentially enable escalation of privilege via local access.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：19 | 回复：0
CVE-2021-0109

Insecure inherited permissions for the Intel(R) SOC driver package for STK1A32SC before version 604 may allow an authenticated user to potentially enable escalation of privilege via local access.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：17 | 回复：0
CVE-2021-22853

The HR Portal of Soar Cloud System fails to manage access control. While obtaining user ID, remote attackers can access sensitive data via a specific data packet, such as userâ€™s login information ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：22 | 回复：0
CVE-2021-22854

The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：21 | 回复：0
CVE-2021-22855

The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary commands.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：14 | 回复：0
CVE-2020-12365

Untrusted pointer dereference in some Intel(R) Graphics Drivers before versions 15.33.51.5146, 15.45.32.5145, 15.36.39.5144 and 15.40.46.5143 may allow an authenticated user to potentially denial of s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：28 | 回复：0
CVE-2020-35339

In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin/Controller/ConfigController.class.php and /ThinkPHP/Common/functions.php where attackers can obtain server ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：36 | 回复：0
CVE-2020-36002

Seat-Reservation-System 1.0 has a SQL injection vulnerability in index.php in the id parameter where attackers can obtain sensitive database information.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：17 | 回复：0
CVE-2020-36003

The id parameter in detail.php of Online Book Store v1.0 is vulnerable to union-based blind SQL injection, which leads to the ability to retrieve all databases.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：15 | 回复：0
CVE-2021-22173

Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：11 | 回复：0
CVE-2021-22174

Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：10 | 回复：0
CVE-2021-25779

Baby Care System v1.0 is vulnerable to SQL injection via the 'id' parameter on the contentsectionpage.php page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：15 | 回复：0
CVE-2021-25780

An arbitrary file upload vulnerability has been identified in posts.php in Baby Care System 1.0. The vulnerability could be exploited by an remote attacker to upload content to the server, including P ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：10 | 回复：0
CVE-2021-26559

Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when ` ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：17 | 回复：0
CVE-2021-26697

The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：17 | 回复：0
CVE-2021-26809

PHPGurukul Car Rental Project version 2.0 suffers from a remote shell upload vulnerability in changeimage1.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：18 | 回复：0
CVE-2021-27224

The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a user-mode write access violation starting at WPG+0x0000000000012ec6, which might allow remote attackers to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：15 | 回复：0
CVE-2021-27362

The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a Read Access Violation on Control Flow starting at WPG!ReadWPG_W+0x0000000000000133, which might allow remote attackers to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：19 | 回复：0
CVE-2021-1351

A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interf ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：17 | 回复：0
CVE-2021-1366

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：12 | 回复：0
CVE-2021-1372

A vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：18 | 回复：0
CVE-2021-1378

A vulnerability in the SSH service of the Cisco StarOS operating system could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：20 | 回复：0
CVE-2021-1412

Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to imp ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：33 | 回复：0
CVE-2021-1416

Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to imp ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：12 | 回复：0
CVE-2020-13550

A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted application can lead to information disclosure. An attacker can se ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：8 | 回复：0
CVE-2020-13551

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an atta ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：17 | 回复：0
CVE-2020-13552

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via multiple service executables i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：16 | 回复：0
CVE-2020-13553

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation f ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：19 | 回复：0
CVE-2020-13555

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In COM Server Application Privilege Escalation, an attacke ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：14 | 回复：0
CVE-2020-25605

Cleartext transmission of sensitive information in Agora Video SDK prior to 3.1 allows a remote attacker to obtain access to audio and video of any ongoing Agora video call through observation of clea ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：23 | 回复：0