漏洞 - 第519页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-38509

Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker&#3 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-38508

By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the u ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-38507

The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-38506

Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-38505

Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-38504

When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. T ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-38503

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affec ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-37941

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a m ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-23862

A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVM ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-23861

By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-23860

An error in a page handler of the VRM may lead to a reflected cross site scripting (XSS) in the web-based interface. To exploit this vulnerability an attack must be able to modify the HTTP header that ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-23859

An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-21957

A privilege escalation vulnerability exists in the Remote Server functionality of Dream Report ODS Remote Connector 20.2.16900.0. A specially-crafted command injection can lead to elevated capabilitie ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-21951

An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h in function read_udp_push_config_file. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-21950

An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h in function recv_server_device_respons ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-36720

PineApp - Mail Secure - Attacker sending a request to :/blocking.php?url=scriptalert(1)/script and stealing cookies .……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-36719

PineApp - Mail Secure - The attacker must be logged in as a user to the Pineapp system. The attacker exploits the vulnerable nicUpload.php file to upload a malicious file,Thus taking over the server a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-36718

SYNEL - eharmonynew / Synel Reports - The attacker can log in to the system with default credentials and export a report of eharmony system with sensetive data (Employee name, Employee ID number, Work ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-43978

Allegro WIndows 3.3.4152.0, embeds software administrator database credentials into its binary files, which allows users to access and modify data using the same credentials.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-43809

`Bundler` is a package for managing application dependencies in Ruby. In `bundler` versions before 2.2.33, when working with untrusted and apparently harmless `Gemfile`'s, it is not expected that ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-43399

The Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-shell project, does not properly validate the length of some operations including SSH signing requests, and some data operations re ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-41025

Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7, including an i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-41017

Multiple heap-based buffer overflow vulnerabilities in some web API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow a remote authenticated attacker to execute arbitrary code o ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-36195

Multiple command injection vulnerabilities in the command line interpreter of FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, and 6.1.0 through 6.1.2 may allow an authentica ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：338 | 回复：0
CVE漏洞

CVE-2021-36173

A heap-based buffer overflow in the firmware signature verification function of FortiOS versions 7.0.1, 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, and 6.0.0 through 6.0.13 may allow an attacker ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：40 | 回复：0
CVE漏洞

CVE-2020-27416

Mahavitaran android application 7.50 and prior are affected by account takeover due to improper OTP validation, allows remote attackers to control a users account.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-41030

An authentication bypass by capture-replay vulnerability in FortiClient EMS versions 7.0.1 and below and 6.4.4 and below may allow an unauthenticated attacker to impersonate an existing user by inter ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-41021

A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-41090

Grafana Agent is a telemetry collector for sending metrics, logs, and trace data to the opinionated Grafana observability stack. Prior to versions 0.20.1 and 0.21.2, inline secrets defined within a me ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-41063

SQL injection vulnerability was discovered in Aanderaa GeoView Webservice prior to version 2.1.3 that could allow an unauthenticated attackers to execute arbitrary commands.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-41013

An improper access control vulnerability in FortiWeb versions 6.4.1 and below and 6.3.15 and below in the Report Browse section of Log Report may allow an unauthorized and unauthenticated user to ac ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-3815

utils.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-36188

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-27860

A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-42110

An issue was discovered in Allegro Windows (formerly Popsy Windows) before 3.3.4156.1. A standard user can escalate privileges to SYSTEM if the FTP module is installed, because of DLL hijacking.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-41450

An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-42835

An issue was discovered in Plex Media Server through 1.24.4.5081-e362dc1ee. An attacker (with a foothold in a endpoint via a low-privileged user account) can access the exposed RPC service of the upda ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-40861

A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (IWD) 9.0.017.07 allows an attacker to execute arbitrary SQL queries via the value attribute, with whi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-40860

A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (IWD) before 9.0.013.11 allows an attacker to execute arbitrary SQL queries via the ql_expression para ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-37097

There is a Code Injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to system restart.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：21 | 回复：0