CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-26752

NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on the endpoint /Nodes-Traffic.php via the md or ag HTTP GET parameter. This allows an attacke ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：24 | 回复：0
CVE-2021-26753

NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an attacker to obtain access to th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：28 | 回复：0
CVE-2021-27209

In the management interface on TP-Link Archer C5v 1.7_181221 devices, credentials are sent in a base64 format over cleartext HTTP.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：16 | 回复：0
CVE-2021-27210

TP-Link Archer C5v 1.7_181221 devices allows remote attackers to retrieve cleartext credentials via 0,0 to the /cgi?15 URI.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：16 | 回复：0
CVE-2021-27212

In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：22 | 回复：0
CVE-2019-25019

LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant model.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：25 | 回复：0
CVE-2021-26929

An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used). The attacker can send a plain text e-mail message, with JavaSc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：27 | 回复：0
CVE-2021-27213

config.py in pystemon before 2021-02-13 allows code execution via YAML deserialization because SafeLoader and safe_load are not used.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：22 | 回复：0
CVE-2020-36234

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Screens Modal view. The a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：22 | 回复：0
CVE-2020-36235

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field and custom SLA names via an Information Disclosure vulnerability in the mobile si ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：18 | 回复：0
CVE-2020-36236

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the ViewWorkflowSchemes.jspa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：26 | 回复：0
CVE-2020-36237

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field options via an Information Disclosure vulnerability in the /rest/api/2/customFiel ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：19 | 回复：0
CVE-2020-29451

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate Jira projects via an Information Disclosure vulnerability in the Jira Projects plugin report page. The af ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：41 | 回复：0
CVE-2020-7071

In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid U ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：18 | 回复：0
CVE-2021-21702

In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a respon ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：23 | 回复：0
CVE-2020-28500

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：20 | 回复：0
CVE-2021-23336

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：21 | 回复：0
CVE-2021-23337

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：26 | 回复：0
CVE-2021-25296

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：38 | 回复：0
CVE-2021-25297

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：39 | 回复：0
CVE-2021-25298

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitizat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：26 | 回复：0
CVE-2021-25299

Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：35 | 回复：0
CVE-2020-35775

CITSmart before 9.1.2.23 allows LDAP Injection.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：40 | 回复：0
CVE-2020-4954

IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass authentication restrictions, caused by improper session validation . By using the configuration panel to obta ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：40 | 回复：0
CVE-2020-4955

IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. By creating an unspecified servlet req ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：22 | 回复：0
CVE-2020-4956

IBM Spectrum Protect Operations Center 7.1 and 8.1 is vulnerable to a denial of service, caused by a RPC that allows certain cache values to be set and dumped to a file. By setting a grossly large cac ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：22 | 回复：0
CVE-2020-29026

A directory traversal vulnerability exists in the file upload function of the GateManager that allows an authenticated attacker with administrative permissions to read and write arbitrary files in the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：22 | 回复：0
CVE-2020-29031

An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：24 | 回复：0
CVE-2021-23338

This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：24 | 回复：0
CVE-2020-35512

A use-after-free flaw was found in D-Bus Development branch = 1.13.16, dbus-1.12.x stable branch = 1.12.18, and dbus-1.10.x and older branches = 1.10.30 when a system has multiple usernames sharing th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：22 | 回复：0
CVE-2021-27218

An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated mod ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：18 | 回复：0
CVE-2021-27219

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：15 | 回复：0
CVE-2020-22425

Centreon 19.10-3.el7 is affected by a SQL injection vulnerability, where an authorized user is able to inject additional SQL queries to perform remote command execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：31 | 回复：0
CVE-2020-22427

** DISPUTED ** NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. An authenticated nagiosadmin user can inject additional commands into a request. NOTE: the vendor disputes wh ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：27 | 回复：0
CVE-2020-24899

Nagios XI 5.7.2 is affected by a remote code execution (RCE) vulnerability. An authenticated user can inject additional commands into normal webapp query.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：23 | 回复：0
CVE-2021-3375

ActivePresenter 6.1.6 is affected by a memory corruption vulnerability that may result in a denial of service (DoS) or arbitrary code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：26 | 回复：0
CVE-2021-27201

Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in a backup comment.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：36 | 回复：0
CVE-2021-27211

steghide 0.5.1 relies on a certain 32-bit seed value, which makes it easier for attackers to detect hidden data.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：27 | 回复：0
CVE-2020-28337

A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authenticated attacker to gain remote code execution via the backup restore feature. To exploit the vulnera ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：30 | 回复：0
CVE-2020-29142

A SQL injection vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the schedule_facility pa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：31 | 回复：0