CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-27171

An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to start a Linux telnetd as root on port 26/tcp by using the CLI interface commands of ddd and shell (or tshell).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：36 | 回复：0
CVE-2021-27172

An issue was discovered on FiberHome HG6245D devices through RP2613. A hardcoded GEPON password for root is defined inside /etc/init.d/system-config.sh.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：26 | 回复：0
CVE-2021-27173

An issue was discovered on FiberHome HG6245D devices through RP2613. There is a telnet?enable=0key=calculated(BR0_MAC) backdoor API, without authentication, provided by the HTTP server. This will remo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：29 | 回复：0
CVE-2021-27174

An issue was discovered on FiberHome HG6245D devices through RP2613. wifi_custom.cfg has cleartext passwords and 0644 permissions.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：39 | 回复：0
CVE-2021-27175

An issue was discovered on FiberHome HG6245D devices through RP2613. wifictl_2g.cfg has cleartext passwords and 0644 permissions.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：25 | 回复：0
CVE-2021-27176

An issue was discovered on FiberHome HG6245D devices through RP2613. wifictl_5g.cfg has cleartext passwords and 0644 permissions.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：29 | 回复：0
CVE-2021-27177

An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to bypass authentication by sending the decoded value of the GgpoZWxwCmxpc3QKd2hvCg== string to the telnet server.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：55 | 回复：0
CVE-2021-27178

An issue was discovered on FiberHome HG6245D devices through RP2613. Some passwords are stored in cleartext in nvram.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：20 | 回复：0
CVE-2021-27179

An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to crash the telnet daemon by sending a certain 0a 65 6e 61 62 6c 65 0a 02 0a 1a 0a string.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：22 | 回复：0
CVE-2020-13548

In Foxit Reader 10.1.0.37527, a specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the m ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：39 | 回复：0
CVE-2020-13565

An open redirect vulnerability exists in the return_page redirection functionality of phpGACL 3.3.7, OpenEMR 5.0.2 and OpenEMR development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：28 | 回复：0
CVE-2020-13574

A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：25 | 回复：0
CVE-2020-13575

A denial-of-service vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTT ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：25 | 回复：0
CVE-2020-13576

A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HT ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：37 | 回复：0
CVE-2020-13577

A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：37 | 回复：0
CVE-2020-13578

A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：36 | 回复：0
CVE-2020-16120

Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were all ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：24 | 回复：0
CVE-2021-21296

Fleet is an open source osquery manager. In Fleet before version 3.7.0 a malicious actor with a valid node key can send a badly formatted request that causes the Fleet server to exit, resulting in den ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：33 | 回复：0
CVE-2020-8355

An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：38 | 回复：0
CVE-2020-13561

An out-of-bounds write vulnerability exists in the TIFF parser of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to tr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：50 | 回复：0
CVE-2020-13571

An out-of-bounds write vulnerability exists in the SGI RLE decompression functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provid ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：29 | 回复：0
CVE-2020-13572

A heap overflow vulnerability exists in the way the GIF parser decodes LZW compressed streams in Accusoft ImageGear 19.8. A specially crafted malformed file can trigger a heap overflow, which can resu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：33 | 回复：0
CVE-2020-13581

In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014), a specially crafted document can cause the document parser to copy data from a particular record type into a buffer that is ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：40 | 回复：0
CVE-2020-13583

A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP reque ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：19 | 回复：0
CVE-2020-13585

An out-of-bounds write vulnerability exists in the PSD Header processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provid ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：29 | 回复：0
CVE-2020-24842

PNPSCADA 2.200816204020 allows cross-site scripting (XSS), which can execute arbitrary JavaScript in the victim's browser.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：37 | 回复：0
CVE-2020-27250

In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014), a specially crafted document can cause the document parser to copy data from a particular record type into a static-sized bu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：24 | 回复：0
CVE-2020-28595

An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code exe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：30 | 回复：0
CVE-2020-28596

A stack-based buffer overflow vulnerability exists in the Objparser::objparse() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：27 | 回复：0
CVE-2021-25251

The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program's password protection and ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：43 | 回复：0
CVE-2021-27185

The samba-client package before 4.0.0 for Node.js allows command injection because of the use of process.exec.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：30 | 回复：0
CVE-2021-27186

Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc return value is not validated by flb_avro.c or http_server/api/v1/metrics.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：31 | 回复：0
CVE-2020-27870

This vulnerability allows remote attackers to disclose sensitive information on affected installations of SolarWinds Orion Platform 2020.2.1. Authentication is required to exploit this vulnerability. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：25 | 回复：0
CVE-2020-27871

This vulnerability allows remote attackers to create arbitrary files on affected installations of SolarWinds Orion Platform 2020.2.1. Although authentication is required to exploit this vulnerability, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：30 | 回复：0
CVE-2020-27874

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent WeChat 7.0.18. User interaction is required to exploit this vulnerability in that the target m ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：21 | 回复：0
CVE-2021-20335

For MongoDB Ops Manager = 4.2.24 with multiple OM application servers, that have SSL turned on for their MongoDB processes, the upgrade to MongoDB Ops Manager = 4.4.12 triggers a bug where Automation ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：26 | 回复：0
CVE-2021-23334

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：21 | 回复：0
CVE-2021-23335

All versions of package is-user-valid are vulnerable to LDAP Injection which can lead to either authentication bypass or information exposure.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：29 | 回复：0
CVE-2020-8031

A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Open Build Service allows remote attackers to store JS code in markdown that is not prop ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：24 | 回复：0
CVE-2020-8027

A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：32 | 回复：0