CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-22638

Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-bounds read while processing project files, allowing an attacker to craft a special project file that may permit arbitrary code exe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：50 | 回复：0
CVE-2021-22662

A use after free issue has been identified in Fatek FvDesigner Version 1.5.76 and prior in the way the application processes project files, allowing an attacker to craft a special project file that ma ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：70 | 回复：0
CVE-2021-22666

Fatek FvDesigner Version 1.5.76 and prior is vulnerable to a stack-based buffer overflow while project files are being processed, allowing an attacker to craft a special project file that may permit a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：67 | 回复：0
CVE-2021-22670

An uninitialized pointer may be exploited in Fatek FvDesigner Version 1.5.76 and prior while the application is processing project files, allowing an attacker to craft a special project file that may ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：77 | 回复：0
CVE-2021-22683

Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-bounds write while processing project files, allowing an attacker to craft a special project file that may permit arbitrary code ex ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：67 | 回复：0
CVE-2021-27927

In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5.2.x before 5.2.6rc1, and 5.4.0alpha1 before 5.4.0beta2, the CControllerAuthenticationUpdate controller lacks a CSRF protection me ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：62 | 回复：0
CVE-2020-13558

A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：63 | 回复：0
CVE-2020-28591

An out-of-bounds read vulnerability exists in the AMF File AMFParserContext::endElement() functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted AMF file can lead to i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：62 | 回复：0
CVE-2020-28597

A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：47 | 回复：0
CVE-2020-29047

The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the thimpress_hotel_booking_1 cookie in load in includ ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：66 | 回复：0
CVE-2020-8296

Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage is not configured.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：76 | 回复：0
CVE-2021-21978

VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：70 | 回复：0
CVE-2021-22182

An issue has been discovered in GitLab affecting all versions starting with 13.7. GitLab was vulnerable to a stored XSS in merge request.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：63 | 回复：0
CVE-2021-22188

An issue has been discovered in GitLab affecting all versions starting with 13.0. Confidential issue titles in Gitlab were readable by an unauthorised user via branch logs.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：68 | 回复：0
CVE-2021-22681

Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：67 | 回复：0
CVE-2021-22877

A missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user's own credentials for other users external storage configuration when not already configured yet.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：55 | 回复：0
CVE-2021-22878

Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting (XSS) due to lack of sanitization in `OC.Notification.show`.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：68 | 回复：0
CVE-2021-22883

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a l ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：56 | 回复：0
CVE-2021-22884

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an o ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：79 | 回复：0
CVE-2021-27839

A CSV injection vulnerability found in Online Invoicing System (OIS) 4.3 and below can be exploited by users to perform malicious actions such as redirecting admins to unknown or harmful websites, or ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：73 | 回复：0
CVE-2021-21312

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：61 | 回复：0
CVE-2021-21313

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：49 | 回复：0
CVE-2021-21314

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is an XSS vulnerabi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：58 | 回复：0
CVE-2021-27931

LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outco ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：54 | 回复：0
CVE-2021-27935

An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is able to bruteforce their password offline, because the hash of the password is stored in the cookie. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：56 | 回复：0
CVE-2021-27940

resources/public/js/orchestrator.js in openark orchestrator before 3.2.4 allows XSS via the orchestrator-msg parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：49 | 回复：0
CVE-2021-21331

The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via the API using the API Client. The Datadog API is executed on ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：59 | 回复：0
CVE-2019-18628

Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow a user with administrative privileges to tur ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：58 | 回复：0
CVE-2019-18629

Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary du ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：56 | 回复：0
CVE-2020-24036

PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：44 | 回复：0
CVE-2020-24912

A reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：57 | 回复：0
CVE-2020-24913

A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：67 | 回复：0
CVE-2020-24914

A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable strProfileData and allows an unauthenticated attacker to execute ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：51 | 回复：0
CVE-2021-22183

An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：49 | 回复：0
CVE-2021-22189

Starting with version 13.7 the Gitlab CE/EE editions were affected by a security issue related to the validation of the certificates for the Fortinet OTP that could result in authentication issues.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：58 | 回复：0
CVE-2020-35327

SQL injection vulnerability was discovered in Courier Management System 1.0, which can be exploited via the ref_no (POST) parameter to admin_class.php……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：44 | 回复：0
CVE-2020-35328

Courier Management System 1.0 - 'First Name' Stored XSS……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：57 | 回复：0
CVE-2020-35329

Courier Management System 1.0 1.0 is affected by SQL Injection via 'MULTIPART street '.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：67 | 回复：0
CVE-2021-23344

The package total.js before 3.4.8 are vulnerable to Remote Code Execution (RCE) via set.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：50 | 回复：0
CVE-2021-23346

This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Sending certain input could cause one of the regular expressions that is used for parsing to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：66 | 回复：0