漏洞 - 第100页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-4197

An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are control ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：63 | 回复：0
CVE漏洞

CVE-2021-4180

An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri pa ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：49 | 回复：0
CVE漏洞

CVE-2021-4156

An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an applicati ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：61 | 回复：0
CVE漏洞

CVE-2021-4150

A use-after-free flaw was found in the add_partition in block/partitions/core.c in the Linux kernel. A local attacker with user privileges could cause a denial of service on the system. The issue resu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：65 | 回复：0
CVE漏洞

CVE-2021-4149

A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：66 | 回复：0
CVE漏洞

CVE-2021-4148

A vulnerability was found in the Linux kernel's block_invalidatepage in fs/buffer.c in the filesystem. A missing sanity check may allow a local attacker with user privilege to cause a denial of se ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：86 | 回复：0
CVE漏洞

CVE-2021-3748

A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：103 | 回复：0
CVE漏洞

CVE-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificat ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：332 | 回复：0
CVE漏洞

CVE-2021-3589

An authorization flaw was found in Foreman Ansible. An authenticated attacker with certain permissions to create and run Ansible jobs can access hosts through job templates. The highest threat from th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：100 | 回复：0
CVE漏洞

CVE-2021-27476

A vulnerability exists in the SaveConfigFile function of the RACompare Service, which may allow for OS command injection. This vulnerability may allow a remote, unauthenticated attacker to execute arb ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：83 | 回复：0
CVE漏洞

CVE-2021-27475

Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：68 | 回复：0
CVE漏洞

CVE-2021-27474

Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier does not properly restrict all functions relating to IIS remoting services. This vulnerability may allow a remote, unauthenticated attack ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：52 | 回复：0
CVE漏洞

CVE-2021-27473

Rockwell Automation Connected Components Workbench v12.00.00 and prior does not sanitize paths specified within the .ccwarc archive file during extraction. This type of vulnerability is also commonly ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：55 | 回复：0
CVE漏洞

CVE-2021-27472

A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier, which may allow for the execution of remote unauthenticated ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：52 | 回复：0
CVE漏洞

CVE-2021-27471

The parsing mechanism that processes certain file types does not provide input sanitization for file paths. This may allow an attacker to craft malicious files that, when opened by Rockwell Automation ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：49 | 回复：0
CVE漏洞

CVE-2021-27470

A deserialization vulnerability exists in how the LogService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remo ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：58 | 回复：0
CVE漏洞

CVE-2021-27468

The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated att ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：53 | 回复：0
CVE漏洞

CVE-2021-27466

A deserialization vulnerability exists in how the ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：78 | 回复：0
CVE漏洞

CVE-2021-27464

The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：46 | 回复：0
CVE漏洞

CVE-2021-27462

A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remo ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：54 | 回复：0
CVE漏洞

CVE-2021-27460

Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting endpoints that deserialize untrusted data without sufficiently verifying that the resulting data will be ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：52 | 回复：0
CVE漏洞

CVE-2021-27456

Philips Gemini PET/CT family software stores sensitive information in a removable media device that does not have built-in access control.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：39 | 回复：0
CVE漏洞

CVE-2021-27430

GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials. Additionally, a user with physical access to the UR IED can interrupt the boot sequence by rebooting the UR.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：49 | 回复：0
CVE漏洞

CVE-2021-27428

GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of fi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-27426

GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-27424

GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-27422

GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：41 | 回复：0
CVE漏洞

CVE-2021-27420

GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：47 | 回复：0
CVE漏洞

CVE-2021-27418

GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：47 | 回复：0
CVE漏洞

CVE-2022-26243

Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow in the setSmartPowerManagement function.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：48 | 回复：0
CVE漏洞

CVE-2021-38772

Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：57 | 回复：0
CVE漏洞

CVE-2021-38278

Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the urls parameter in the saveParentControlInfo function.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：51 | 回复：0
CVE漏洞

CVE-2021-46064

IrfanView 4.59 is vulnerable to buffer overflow via the function at address 0x413c70 (in 32bit version of the binary). The vulnerability triggers when the user opens malicious .tiff image.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：32 | 回复：0
CVE漏洞

CVE-2022-22316

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service due to incorrectly configured authorization checks. IBM X-Force ID: 218276.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：41 | 回复：0
CVE漏洞

CVE-2021-44139

Sentinel 1.8.2 is vulnerable to Server-side request forgery (SSRF).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-43737

An issus was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF vulnerability that can modify administrator account's password.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：31 | 回复：0
CVE漏洞

CVE-2022-23242

TeamViewer Linux versions before 15.28 do not properly execute a deletion command for the connection password in case of a process crash. Knowledge of the crash event and the TeamViewer ID as well as ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：39 | 回复：0
CVE漏洞

CVE-2021-43738

An issue was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF vulnerability that can that can add the administrator account.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-43736

CmsWing CMS 1.3.7 is affected by a Remote Code Execution (RCE) vulnerability via parameter: log rule……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-43735

CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：29 | 回复：0