漏洞 - 第507页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-39065

IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the Spectrum Cop ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-39064

IBM Spectrum Copy Data Management 2.2.13 and earlier has weak authentication and password rules and incorrectly handles default credentials for the Spectrum Copy Data Management Admin console. IBM X-F ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-39058

IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 214617.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-39054

IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-39053

IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to obtain sensitive information, caused by the improper handling of requests for Spectrum Copy Data Management Admin ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-39052

IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to access the Spring Boot console without authorization. IBM X-Force ID: 214523.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-38947

IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 211242.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-39198

OroCRM is an open source Client Relationship Management (CRM) application. Affected versions we found to suffer from a vulnerability which could an attacker is able to disqualify any Lead with a Cross ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-41280

Sharetribe Go is a source available marketplace software. In affected versions operating system command injection is possible on installations of Sharetribe Go, that do not have a secret AWS Simple No ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-23433

The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters._parseNumbers without any protecti ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-21898

A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to an out-of-bounds write. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-44038

An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：39 | 回复：0
CVE漏洞

CVE-2021-43555

mySCADA myDESIGNER Versions 8.20.0 and prior fails to properly validate contents of an imported project file, which may make the product vulnerable to a path traversal payload. This vulnerability may ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：37 | 回复：0
CVE漏洞

CVE-2021-42744

Philips MRI 1.5T and MRI 3T Version 5.x.x exposes sensitive information to an actor not explicitly authorized to have access.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-42254

BeyondTrust Privilege Management prior to version 21.6 creates a Temporary File in a Directory with Insecure Permissions.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-40391

An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-36884

Authenticated Persistent Cross-Site Scripting (XSS) vulnerability discovered in WordPress Backup Migration plugin = 1.1.5 versions.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-26262

Philips MRI 1.5T and MRI 3T Version 5.x.x does not restrict or incorrectly restricts access to a resource from an unauthorized actor.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-26248

Philips MRI 1.5T and MRI 3T Version 5.x.x assigns an owner who is outside the intended control sphere to a resource.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-22970

Concrete CMS (formerly concrete5) versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable toa. SSRF attacks on the private LAN servers by reading files ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-22969

Concrete CMS (formerly concrete5) versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS (ex AWS) IAM keys.To fix this Concrete CM ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-22968

A bypass of adding remote files in Concrete CMS (previously concrete5) File Manager leads to remote code execution in Concrete CMS (concrete5) versions 8.5.6 and below.The external file upload feature ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-22967

In Concrete CMS (formerly concrete 5) below 8.5.7, IDOR Allows Unauthenticated User to Access Restricted Files If Allowed to Add Message to a Conversation.To remediate this, a check was added to verif ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-22966

Privilege escalation from Editor to Admin using Groups in Concrete CMS versions 8.5.6 and below. If a group is granted view permissions on the bulkupdate page, then users in that group can escalate to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-22965

A vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an unauthenticated administrator to causes a denial of service when a malformed request is sent to the device.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-22951

Unauthorized individuals could view password protected files using view_inline in Concrete CMS (previously concrete 5) prior to version 8.5.7. Concrete CMS now checks to see if a file has a password i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-21900

A code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dxf file can lead to a use-after-free vulnerability. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-21899

A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-41569

SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-44037

Team Password Manager (aka TeamPasswordManager) before 10.135.236 allows password-reset poisoning.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-44036

Team Password Manager (aka TeamPasswordManager) before 10.135.236 has a CSRF vulnerability during import.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-3962

A flaw was found in ImageMagick where it did not properly sanitize certain input before using it to invoke convert processes. This flaw allows an attacker to create a specially crafted image that lead ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-39929

Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-39926

Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-39925

Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-39924

Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-39923

Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-39922

Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-39921

NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-29329

OpenSource Moddable v10.5.0 was discovered to contain a stack overflow in the fxBinaryExpressionNodeDistribute function at /moddable/xs/sources/xsTree.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：30 | 回复：0