CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2020-8029

A Incorrect Permission Assignment for Critical Resource vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to gain access to the kublet key. This issue affects: SUSE CaaS Platform ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：27 | 回复：0
CVE-2020-8030

A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitra ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：30 | 回复：0
CVE-2020-4768

IBM Case Manager 5.2 and 5.3 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：33 | 回复：0
CVE-2021-20402

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：25 | 回复：0
CVE-2021-20403

IBM Security Verify Information Queue 1.0.6 and 1.0.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：19 | 回复：0
CVE-2021-20404

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user on the network to cause a denial of service due to an invalid cookie value that could prevent future logins. IBM X-Force ID: 19 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：26 | 回复：0
CVE-2021-20405

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized activities due to improper encoding of output. IBM X-Force ID: 196183.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：24 | 回复：0
CVE-2020-10734

A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. Versions shipped with Red Hat Fuse 7, Red Hat Single Sign-on 7, and Red Hat Openshift Appl ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：22 | 回复：0
CVE-2020-13185

Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attac ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：28 | 回复：0
CVE-2020-13186

An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form, which allowed an attacker with knowledge of both a machineID and user GUID ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：31 | 回复：0
CVE-2020-1717

A flaw was found in Keycloak 7.0.1. A logged in user can do an account email enumeration attack.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：42 | 回复：0
CVE-2020-25493

Oclean Mobile Application 2.1.2 communicates with an external website using HTTP so it is possible to eavesdrop the network traffic. The content of HTTP payload is encrypted using XOR with a hardcoded ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：36 | 回复：0
CVE-2020-35498

A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：28 | 回复：0
CVE-2021-20188

A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：31 | 回复：0
CVE-2021-21299

hyper is an open-source HTTP library for Rust (crates.io). In hyper from version 0.12.0 and before versions 0.13.10 and 0.14.3 there is a vulnerability that can enable a request smuggling attack. The ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：30 | 回复：0
CVE-2021-21301

Wire is an open-source collaboration platform. In Wire for iOS (iPhone and iPad) before version 3.75 there is a vulnerability where the video capture isn't stopped in a scenario where a user first ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：33 | 回复：0
CVE-2021-22652

Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：34 | 回复：0
CVE-2021-22654

Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：49 | 回复：0
CVE-2021-22656

Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：40 | 回复：0
CVE-2021-22658

Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：28 | 回复：0
CVE-2021-22880

The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validati ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：44 | 回复：0
CVE-2021-22881

The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain allowed host formats ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：31 | 回复：0
CVE-2021-25688

Under certain conditions, Teradici PCoIP Agents for Windows prior to version 20.10.0 and Teradici PCoIP Agents for Linux prior to version 21.01.0 may log parts of a user's password in the applicat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：53 | 回复：0
CVE-2021-25689

An out of bounds write in Teradici PCoIP soft client versions prior to version 20.10.1 could allow an attacker to remotely execute code.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：36 | 回复：0
CVE-2021-25690

A null pointer dereference in Teradici PCoIP Soft Client versions prior to 20.07.3 could allow an attacker to crash the software.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：35 | 回复：0
CVE-2021-27184

Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity vulnerability (exploitable via the DTD parameter entities technique), resulting in disclosure and retrieval of arbitrary data on th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：35 | 回复：0
CVE-2021-27191

The get-ip-range package before 4.0.0 for Node.js is vulnerable to denial of service (DoS) if the range is untrusted input. An attacker could send a large range (such as 128.0.0.0/1) that causes resou ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：30 | 回复：0
CVE-2021-21307

Lucee Server is a dynamic, Java based (JSR-223), tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauth ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：45 | 回复：0
CVE-2021-21015

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an OS command injection via the customer attribute save controller. Successful exploitation could ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：48 | 回复：0
CVE-2021-21016

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to OS command injection via the WebAPI. Successful exploitation could lead to remote code execution ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：30 | 回复：0
CVE-2021-21017

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability. An unauthent ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：49 | 回复：0
CVE-2021-21018

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to OS command injection via the scheduled operation module. Successful exploitation could lead to ar ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：24 | 回复：0
CVE-2021-21019

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to XML injection in the Widgets module. Successful exploitation could lead to arbitrary code executi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：28 | 回复：0
CVE-2021-21020

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an access control bypass vulnerability in the Login as Customer module. Successful exploitation c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：32 | 回复：0
CVE-2021-21021

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attac ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：20 | 回复：0
CVE-2021-21022

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object reference (IDOR) in the product module. Successful exploitation could l ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：30 | 回复：0
CVE-2021-21023

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a stored cross-site scripting vulnerability in the admin console. Successful exploitation could l ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：25 | 回复：0
CVE-2021-21024

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a blind SQL injection vulnerability in the Search module. Successful exploitation could lead to una ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：39 | 回复：0
CVE-2021-21025

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to XML injection in the product layout updates. Successful exploitation could lead to arbitrary code ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：41 | 回复：0
CVE-2021-21026

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by an improper authorization vulnerability in the integrations module. Successful exploitation could l ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：27 | 回复：0