CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-26964

A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interfac ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：56 | 回复：0
CVE-2021-26965

A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an auth ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：38 | 回复：0
CVE-2021-26966

A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an auth ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：45 | 回复：0
CVE-2021-26967

A remote reflected cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：64 | 回复：0
CVE-2021-26968

A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：46 | 回复：0
CVE-2021-26969

A remote authenticated authenticated xml external entity (xxe) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Due to improper restrictions on XML enti ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：38 | 回复：0
CVE-2021-26970

A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：46 | 回复：0
CVE-2021-26971

A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：40 | 回复：0
CVE-2021-27098

In SPIRE 0.8.1 through 0.8.4 and before versions 0.9.4, 0.10.2, 0.11.3 and 0.12.1, specially crafted requests to the FetchX509SVID RPC of SPIRE Server’s Legacy Node API can result in the possible iss ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：42 | 回复：0
CVE-2020-28502

This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously (async=False on xhr.open), malicious user input flowing into ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：46 | 回复：0
CVE-2021-27099

In SPIRE before versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1, the aws_iid Node Attestor improperly normalizes the path provided through the agent ID templating feature, which may allow the issuanc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：46 | 回复：0
CVE-2021-28038

An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：36 | 回复：0
CVE-2021-28039

An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：40 | 回复：0
CVE-2021-28040

An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vulnerability in os_xml.c occurs when a large number of opening and closing XML tags is used. Because recursion is used in _ReadElem w ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：45 | 回复：0
CVE-2021-26705

An issue was discovered in SquareBox CatDV Server through 9.2. An attacker can invoke sensitive RMI methods such as getConnections without authentication, the results of which can be used to generate ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：31 | 回复：0
CVE-2021-27254

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific fla ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：39 | 回复：0
CVE-2021-27255

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：31 | 回复：0
CVE-2021-27256

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Although authentication is required to exploit this ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：36 | 回复：0
CVE-2021-27257

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not r ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：31 | 回复：0
CVE-2020-29020

Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：39 | 回复：0
CVE-2020-29028

Cross-site Scripting (XSS) vulnerability in web GUI of Secomea GateManager allows an attacker to inject arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：50 | 回复：0
CVE-2020-29029

Improper Input Validation, Cross-site Scripting (XSS) vulnerability in Web GUI of Secomea GateManager allows an attacker to execute arbitrary javascript code. This issue affects: Secomea GateManager a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：46 | 回复：0
CVE-2020-29030

Cross-Site Request Forgery (CSRF) vulnerability in web GUI of Secomea GateManager allows an attacker to execute malicious code. This issue affects: Secomea GateManager All versions prior to 9.4.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：57 | 回复：0
CVE-2021-28041

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：52 | 回复：0
CVE-2021-3377

The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：58 | 回复：0
CVE-2021-3420

A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：43 | 回复：0
CVE-2021-28042

Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Traversal via a crafted ZIP archive to the Upload feature or the MO Connect component. This can lead to remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：60 | 回复：0
CVE-2021-27581

The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：53 | 回复：0
CVE-2021-26814

Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI. An authenticated user to the service may exploit inco ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：40 | 回复：0
CVE-2021-26294

An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. They allow directory traversal to read files (such as a data/settings/settings.xml file containing admin panel ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：50 | 回复：0
CVE-2021-27363

An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：47 | 回复：0
CVE-2021-27364

An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：58 | 回复：0
CVE-2021-23929

OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/share-token?delivery=view URI.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：48 | 回复：0
CVE-2021-23930

OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：68 | 回复：0
CVE-2021-23931

OX App Suite through 7.10.4 allows XSS via an inline binary file.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：61 | 回复：0
CVE-2021-23932

OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：54 | 回复：0
CVE-2021-23933

OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：58 | 回复：0
CVE-2021-23934

OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：57 | 回复：0
CVE-2021-23935

OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：59 | 回复：0
CVE-2021-23936

OX App Suite through 7.10.4 allows XSS via the subject of a task.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：33 | 回复：0