CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-27204

Telegram before 7.4 (212543) Stable on macOS stores the local passcode in cleartext, leading to information disclosure.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：29 | 回复：0
CVE-2021-27205

Telegram before 7.4 (212543) Stable on macOS stores the local copy of self-destructed messages in a sandbox path, leading to sensitive information disclosure.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：39 | 回复：0
CVE-2021-27197

DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arbitrary file write vulnerability. The AppendToTextFile method doesn't check if it's being called from the application or fr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：38 | 回复：0
CVE-2021-20406

IBM Security Verify Information Queue 1.0.6 and 1.0.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 198184.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：32 | 回复：0
CVE-2021-20407

IBM Security Verify Information Queue 1.0.6 and 1.0.7 discloses sensitive information in source code that could be used in further attacks against the system. IBM X-Force ID: 198185.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：32 | 回复：0
CVE-2021-20408

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could disclose highly sensitive information to a local user due to inproper storage of a plaintext cryptographic key. IBM X-Force ID: 198187.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：47 | 回复：0
CVE-2021-20409

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacke ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：34 | 回复：0
CVE-2021-20410

IBM Security Verify Information Queue 1.0.6 and 1.0.7 sends user credentials in plain clear text which can be read by an authenticated user using man in the middle techniques. IBM X-Force ID: 198190.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：28 | 回复：0
CVE-2021-20411

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to impersonate another user on the system due to incorrectly updating the session identifier. IBM X-Force ID: 198191.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：24 | 回复：0
CVE-2021-20412

IBM Security Verify Information Queue 1.0.6 and 1.0.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：27 | 回复：0
CVE-2021-22973

On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x versions, JSON parser function does not protect against out-of-bounds mem ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：27 | 回复：0
CVE-2021-22974

On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6 and all versions of BIG-IQ 7.x and 6.x, an authenticated attacker with access to iCon ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：26 | 回复：0
CVE-2021-22975

On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, and 14.1.x before 14.1.3.1, under some circumstances, Traffic Management Microkernel (TMM) may restart on the BIG-IP system while pass ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：16 | 回复：0
CVE-2021-22976

On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and all 12.1.x versions, when the BIG-IP ASM system processes WebSo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：35 | 回复：0
CVE-2021-22979

On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.2.8, 13.1.x before 13.1.3.5, and all 12.1.x versions, a reflected Cross-Site Scripting (XSS) vulnerability exists in an ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：32 | 回复：0
CVE-2021-22980

In Edge Client version 7.2.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, and 7.1.x-7.1.8.x before 7.1.8.5, an untrusted search path vulnerability in the BIG-IP APM Client Troubleshooting Utility (CTU) for ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：35 | 回复：0
CVE-2021-22981

On all versions of BIG-IP 12.1.x and 11.6.x, the original TLS protocol includes a weakness in the master secret negotiation that is mitigated by the Extended Master Secret (EMS) extension defined in R ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：35 | 回复：0
CVE-2021-22982

On BIG-IP DNS and GTM version 13.1.x before 13.1.0.4, and all versions of 12.1.x and 11.6.x, big3d does not securely handle and parse certain payloads resulting in a buffer overflow. Note: Software ve ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：26 | 回复：0
CVE-2021-22983

On BIG-IP AFM version 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.5, authenticated users accessing the Configuration utility for AFM are vulnerable to a cross-site scripting ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：29 | 回复：0
CVE-2021-22985

On BIG-IP APM version 16.0.x before 16.0.1.1, under certain conditions, when processing VPN traffic with APM, TMM consumes excessive memory. A malicious, authenticated VPN user may abuse this to perfo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：26 | 回复：0
CVE-2013-20001

An issue was discovered in OpenZFS through 2.0.3. When an NFS share is exported to IPv6 addresses via the sharenfs feature, there is a silent failure to parse the IPv6 address data, and access is allo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：22 | 回复：0
CVE-2021-25315

A Incorrect Implementation of Authentication Algorithm vulnerability in of SUSE SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt with ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：69 | 回复：0
CVE-2020-15937

An improper neutralization of input vulnerability in FortiGate version 6.2.x below 6.2.5 and 6.4.x below 6.4.1 may allow a remote attacker to perform a stored cross site scripting attack (XSS) via the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：61 | 回复：0
CVE-2020-35296

ThinkAdmin v6 has default administrator credentials, which allows attackers to gain unrestricted administratior dashboard access.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：48 | 回复：0
CVE-2021-25252

Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited b ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：47 | 回复：0
CVE-2021-26813

markdown2 =1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or dela ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：37 | 回复：0
CVE-2021-27215

An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x through 9.6.x before 9.6 p7, and 10.x before 10.1 p4. The Web Interfaces (Admin, Userweb, Sidechannel) can use different methods to pe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：42 | 回复：0
CVE-2021-3419

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：42 | 回复：0
CVE-2020-13554

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation f ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：51 | 回复：0
CVE-2020-14372

A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craf ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：63 | 回复：0
CVE-2020-25632

A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leadi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：59 | 回复：0
CVE-2020-25647

A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If pro ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：50 | 回复：0
CVE-2020-27749

A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：46 | 回复：0
CVE-2020-27779

A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：54 | 回复：0
CVE-2021-20076

Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution (RCE) on the T ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：81 | 回复：0
CVE-2021-20225

A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：62 | 回复：0
CVE-2021-20233

A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：72 | 回复：0
CVE-2021-20441

IBM Security Verify Bridge uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196617.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：55 | 回复：0
CVE-2021-20442

IBM Security Verify Bridge contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：54 | 回复：0
CVE-2021-21979

In Bitnami Containers, all Laravel container versions prior to: 6.20.0-debian-10-r107 for Laravel 6, 7.30.1-debian-10-r108 for Laravel 7 and 8.5.11-debian-10-r0 for Laravel 8, the file /tmp/app/.env i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：55 | 回复：0