CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2020-25855

The function AES_UnWRAP() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for a memcpy() operation, result ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：74 | 回复：0
CVE-2020-25856

The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operatio ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：60 | 回复：0
CVE-2020-25857

The function ClientEAPOLKeyRecvd() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() ope ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：50 | 回复：0
CVE-2020-8294

A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows execution of a stored XSS attack using Internet Explorer when saving a 'javascript:' URL in markdown format. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：74 | 回复：0
CVE-2021-25274

The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues. As a result, remote unauthenticated client ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：81 | 回复：0
CVE-2021-25275

SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：74 | 回复：0
CVE-2021-25276

In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files (that include users' password hashes) that is world readable and writable. An unprivileged Windows u ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：55 | 回复：0
CVE-2019-16268

Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML injection via the Description field on the Admin - User Administration userMgmt.do?actionToCall=ShowUser screen.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：68 | 回复：0
CVE-2020-18723

Stored cross-site scripting (XSS) in file attachment field in MDaemon webmail 19.5.5 allows an attacker to execute code on the email recipient side while forwarding an email to perform potentially mal ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：57 | 回复：0
CVE-2020-18724

Authenticated stored cross-site scripting (XSS) in the contact name field in the distribution list of MDaemon webmail 19.5.5 allows an attacker to executes code and perform a XSS attack while opening ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：73 | 回复：0
CVE-2020-8588

Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the existence of data on other Storage Virtual Machi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：77 | 回复：0
CVE-2020-8589

Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the names of other Storage Virtual Machines (SVMs) a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：57 | 回复：0
CVE-2021-23331

This affects all versions of package com.squareup:connect. The method prepareDownloadFilecreates creates a temporary file with the permissions bits of -rw-r--r-- on unix-like systems. On unix-like sys ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：59 | 回复：0
CVE-2020-9388

CSRF protection was not present in SquaredUp before version 4.6.0. A CSRF attack could have been possible by an administrator executing arbitrary code in a HTML dashboard tile via a crafted HTML page, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：55 | 回复：0
CVE-2020-9389

A username enumeration issue was discovered in SquaredUp before version 4.6.0. The login functionality was implemented in a way that would enable a malicious user to guess valid username due to a diff ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：73 | 回复：0
CVE-2020-9390

SquaredUp allowed Stored XSS before version 4.6.0. A user was able to create a dashboard that executed malicious content in iframe or by uploading an SVG that contained a script.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：64 | 回复：0
CVE-2021-26023

The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to XSS.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：72 | 回复：0
CVE-2021-26024

The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：71 | 回复：0
CVE-2021-3401

Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformpluginpath argument to the bitcoin-qt program, as demonstrated b ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：61 | 回复：0
CVE-2021-20016

A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. Th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：85 | 回复：0
CVE-2021-26687

An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. In preloaded applications, the HostnameVerified default is mishandled. The LG ID is LVE-SMP-200029 (Februar ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：82 | 回复：0
CVE-2021-26688

An issue was discovered on LG Wing mobile devices with Android OS 10 software. The biometric sensor has weak security properties. The LG ID is LVE-SMP-200030 (February 2021).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：52 | 回复：0
CVE-2021-26689

An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. The USB laf gadget has a use-after-free. The LG ID is LVE-SMP-200031 (February 2021).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：77 | 回复：0
CVE-2020-13579

An exploitable integer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the docum ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：74 | 回复：0
CVE-2020-13580

An exploitable heap-based buffer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：82 | 回复：0
CVE-2020-13586

A memory corruption vulnerability exists in the Excel Document SST Record 0x00fc functionality of SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). A specially crafted malformed ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：62 | 回复：0
CVE-2020-14245

HCL OneTest UI V9.5, V10.0, and V10.1 does not perform authentication for functionality that either requires a provable user identity or consumes a significant amount of resources.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：63 | 回复：0
CVE-2020-14246

HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication which is relatively weak. An attacker could potentially decode the encoded credentials.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：61 | 回复：0
CVE-2020-14247

HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：61 | 回复：0
CVE-2020-27247

A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：56 | 回复：0
CVE-2020-27248

A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：62 | 回复：0
CVE-2020-27249

A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：53 | 回复：0
CVE-2020-6088

An exploitable denial of service vulnerability exists in the ENIP Request Path Network Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：74 | 回复：0
CVE-2020-16194

An Insecure Direct Object Reference (IDOR) vulnerability was found in Prestashop Opart devis 4.0.2. Unauthenticated attackers can have access to any user's invoice and delivery address by exploit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：75 | 回复：0
CVE-2020-28449

This affects all versions of package decal. The vulnerability is in the set function.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：66 | 回复：0
CVE-2020-28450

This affects all versions of package decal. The vulnerability is in the extend function.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：63 | 回复：0
CVE-2020-27872

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerab ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：49 | 回复：0
CVE-2020-27873

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：62 | 回复：0
CVE-2020-4640

Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 configurations can result in sensitive information in the URL fragment identifiers. This information can be cached ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：70 | 回复：0
CVE-2020-4825

IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：46 | 回复：0