CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-27730

Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. The fixed version is FTA_9_12_444 and later.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：61 | 回复：0
CVE-2021-21320

matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content sandbox can be abused to trick users into opening unexpected ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：73 | 回复：0
CVE-2021-21321

fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-reply-from before version 4.0.2, by crafting a specific URL, it is poss ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：67 | 回复：0
CVE-2021-21322

fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By crafting a specific URL, it is possible to escape the prefix of the pro ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：50 | 回复：0
CVE-2021-27901

An issue was discovered on LG mobile devices with Android OS 11 software. They mishandle fingerprint recognition because local high beam mode (LHBM) does not function properly during bright illuminati ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：56 | 回复：0
CVE-2021-27904

An issue was discovered in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation of Sharing Groups, the all org flag sometimes provided view access to unintended actors.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：62 | 回复：0
CVE-2020-1936

A cross-site scripting issue was found in Apache Ambari Views. This was addressed in Apache Ambari 2.7.4.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：56 | 回复：0
CVE-2020-25902

** DISPUTED ** Blackboard Collaborate Ultra 20.02 is affected by a cross-site scripting (XSS) vulnerability. The XSS payload will execute on the class room, which leads to stealing cookies from users ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：66 | 回复：0
CVE-2021-21513

Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. A r ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：94 | 回复：0
CVE-2021-21514

Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. A remote user with admin privileges could potentially exploit this vulnerability to view ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：79 | 回复：0
CVE-2020-23518

Cross Site Scripting (XSS) vulnerability in UltimateKode Neo Billing - Accounting, Invoicing And CRM Software up to version 3.5 which allows remote attackers to inject arbitrary web script or HTML.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：80 | 回复：0
CVE-2020-4719

The IBM Cloud APM 8.1.4 server will issue a DNS request to resolve any hostname specified in the Cloud Event Management Webhook URL configuration definition. This could enable an authenticated user wi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：76 | 回复：0
CVE-2020-4725

IBM Monitoring (IBM Cloud APM 8.1.4 ) could allow an authenticated user to modify HTML content by sending a specially crafted HTTP request to the APM UI, which could mislead another user. IBM X-Force ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：76 | 回复：0
CVE-2020-4726

The IBM Application Performance Monitoring UI (IBM Cloud APM 8.1.4) allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 187975.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：64 | 回复：0
CVE-2021-25330

Calling of non-existent provider in MobileWips application prior to SMR Feb-2021 Release 1 allows unauthorized actions including denial of service attack by hijacking the provider.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：70 | 回复：0
CVE-2021-3384

A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection related to ARP/NDP tables management, which would temporarily prevent the system to contact new hosts vi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：45 | 回复：0
CVE-2020-28657

In bPanel 2.0, the administrative ajax endpoints (aka ajax/aj_*.php) are accessible without authentication and allow SQL injections, which could lead to platform compromise.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：77 | 回复：0
CVE-2021-22187

An issue has been discovered in GitLab affecting all versions of Gitlab EE/CE before 13.6.7. A potential resource exhaustion issue that allowed running or pending jobs to continue even after project w ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：76 | 回复：0
CVE-2021-22294

A component API of the HarmonyOS 2.0 has a permission bypass vulnerability. Local attackers may exploit this vulnerability to issue commands repeatedly, exhausting system service resources.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：68 | 回复：0
CVE-2021-22296

A component of HarmonyOS 2.0 has a DoS vulnerability. Local attackers may exploit this vulnerability to mount a file system to the target device, causing DoS of the file system.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：66 | 回复：0
CVE-2021-27885

usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：68 | 回复：0
CVE-2021-21255

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI version 9.5.3, it was possible to switch enti ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：60 | 回复：0
CVE-2021-21258

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI from version 9.5.0 and before version 9.5.4, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：71 | 回复：0
CVE-2020-12527

An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. Improper use of access validation allows a logged in user to interact with devices in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：42 | 回复：0
CVE-2020-12528

An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. Improper use of access validation allows a logged in user to kill web2go sessions in t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：39 | 回复：0
CVE-2020-12529

An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2 There is a SSRF in the LDAP access check, allowing an attacker to scan for open ports.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：41 | 回复：0
CVE-2020-12530

An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. There is an XSS issue in the redirect.php allowing an attacker to inject code via a ge ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：41 | 回复：0
CVE-2021-26412

Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：54 | 回复：0
CVE-2021-26854

Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：65 | 回复：0
CVE-2021-26855

Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：52 | 回复：0
CVE-2021-26857

Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：47 | 回复：0
CVE-2021-26858

Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-27065, CVE-2021-27078.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：53 | 回复：0
CVE-2021-27065

Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27078.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：42 | 回复：0
CVE-2021-27078

Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：53 | 回复：0
CVE-2021-21352

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. In TimeTracker before version 1.19.24.5415 tokens used in password reset feature in Time Tracker are based on ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：56 | 回复：0
CVE-2021-21353

Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the `pretty` option of the pug compiler, e.g. if you spread a u ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：565 | 回复：0
CVE-2020-10519

A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：49 | 回复：0
CVE-2021-22861

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：60 | 回复：0
CVE-2021-22862

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：68 | 回复：0
CVE-2021-22863

An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission o ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：55 | 回复：0