CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2020-35559

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unused function that allows an authenticated attacker to use up all available IPs of an account and ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：25 | 回复：0
CVE-2020-35560

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unauthenticated open redirect in the redirect.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：21 | 回复：0
CVE-2020-35561

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an SSRF in the HA module allowing an unauthenticated attacker to scan for open ports.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：16 | 回复：0
CVE-2020-35563

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an incomplete XSS filter allowing an attacker to inject crafted malicious code into the page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：16 | 回复：0
CVE-2020-35564

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an outdated and unused component allowing for malicious user input of active code.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：14 | 回复：0
CVE-2020-35565

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The login pages bruteforce detection is disabled by default.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：18 | 回复：0
CVE-2020-35566

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. An attacker can read arbitrary JSON files via Local File Inclusion.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：15 | 回复：0
CVE-2020-35567

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The software uses a secure password for database access, but this password is shared across instances.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：13 | 回复：0
CVE-2020-35568

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. An incomplete filter applied to a database response allows an authenticated attacker to gain non-public informat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：19 | 回复：0
CVE-2020-35569

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is a self XSS issue with a crafted cookie in the login page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：16 | 回复：0
CVE-2020-35570

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. An unauthenticated attacker is able to access files (that should have been restricted) via forceful browsing.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：21 | 回复：0
CVE-2021-20986

A Denial of Service vulnerability was found in Hilscher PROFINET IO Device V3 in versions prior to V3.14.0.7. This may lead to unexpected loss of cyclic communication or interruption of acyclic commun ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：8 | 回复：0
CVE-2021-20987

A denial of service and memory corruption vulnerability was found in Hilscher EtherNet/IP Core V2 prior to V2.13.0.21that may lead to code injection through network or make devices crash without recov ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：47 | 回复：0
CVE-2021-21315

The System Information Library for Node.JS (npm package systeminformation) is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation befo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：27 | 回复：0
CVE-2021-23839

OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rol ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：41 | 回复：0
CVE-2021-23840

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an intege ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：32 | 回复：0
CVE-2021-23841

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：25 | 回复：0
CVE-2021-21316

less-openui5 is an npm package which enables building OpenUI5 themes with Less.js. In less-openui5 before version 0.10., when processing theming resources (i.e. `*.less` files) with less-openui5 that ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：27 | 回复：0
CVE-2021-21317

uap-core in an open-source npm package which contains the core of BrowserScope's original user agent string parser. In uap-core before version 0.11.0, some regexes are vulnerable to regular expres ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：21 | 回复：0
CVE-2021-27237

The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) via the Display Name field to backend/preferences/ajax_save.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：30 | 回复：0
CVE-2020-11635

The Zscaler Client Connector prior to 3.1.0 did not sufficiently validate RPC clients, which allows a local adversary to execute code with system privileges or perform limited actions for which they d ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：26 | 回复：0
CVE-2020-28918

DualShield 5.9.8.0821 allows username enumeration on its login form. A valid username results in prompting for the password, whereas an invalid one will produce an unknown username error message.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：37 | 回复：0
CVE-2020-29457

A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 could allow a rogue application to establish a secure connection.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：17 | 回复：0
CVE-2021-20066

JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：23 | 回复：0
CVE-2021-20067

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to view sensitive syslog events without authentication.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：15 | 回复：0
CVE-2021-20068

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scripting attacks via the error handling functionality of web pages.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：9 | 回复：0
CVE-2021-20069

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scripting attacks via the regionalSettings.php dialogs.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：24 | 回复：0
CVE-2021-20070

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the virtualization.php dialogs.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：13 | 回复：0
CVE-2021-20071

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the sms.php dialogs.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：26 | 回复：0
CVE-2021-20072

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to arbitrarily access and delete files via an authenticated directory traveral.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：16 | 回复：0
CVE-2021-20073

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for cross-site request forgeries.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：15 | 回复：0
CVE-2021-20074

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows users to escape the provided command line interface and execute arbitrary OS commands.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：22 | 回复：0
CVE-2021-20075

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for privilege escalation via configd.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：17 | 回复：0
CVE-2021-27203

In Dekart Private Disk 2.15, invalid use of the Type3 user buffer for IOCTL codes using METHOD_NEITHER results in arbitrary memory dereferencing.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：16 | 回复：0
CVE-2021-27101

Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is FTA_9_12_380 and later.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：23 | 回复：0
CVE-2021-27102

Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：34 | 回复：0
CVE-2021-27103

Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA_9_12_416 and later.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：25 | 回复：0
CVE-2021-27104

Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA_9_12_380 and later.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：36 | 回复：0
CVE-2021-26930

An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, err ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：23 | 回复：0
CVE-2021-26931

An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：34 | 回复：0