漏洞 - 第546页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-40120

A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject arbitrary ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：52 | 回复：0
CVE漏洞

CVE-2021-40119

A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：50 | 回复：0
CVE漏洞

CVE-2021-40115

A vulnerability in Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：66 | 回复：0
CVE漏洞

CVE-2021-40113

Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：57 | 回复：0
CVE漏洞

CVE-2021-40112

Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：59 | 回复：0
CVE漏洞

CVE-2021-34795

Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：69 | 回复：0
CVE漏洞

CVE-2021-34784

A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：63 | 回复：0
CVE漏洞

CVE-2021-34774

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to access sensitive data on an affected system. T ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：62 | 回复：0
CVE漏洞

CVE-2021-34773

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：51 | 回复：0
CVE漏洞

CVE-2021-34741

A vulnerability in the email scanning algorithm of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：59 | 回复：0
CVE漏洞

CVE-2021-34739

A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：67 | 回复：0
CVE漏洞

CVE-2021-34731

A vulnerability in the web-based management interface of Cisco Prime Access Registrar could allow an authenticated, remote attacker to perform a stored cross-site scripting attack on an affected syste ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：58 | 回复：0
CVE漏洞

CVE-2021-34701

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unif ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：55 | 回复：0
CVE漏洞

CVE-2021-1500

A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：65 | 回复：0
CVE漏洞

CVE-2021-42624

A local buffer overflow vulnerability exists in the latest version of Miniftpd in ftpproto.c through the tmp variable, where a crafted payload can be sent to the affected function.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：69 | 回复：0
CVE漏洞

CVE-2020-25368

A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：78 | 回复：0
CVE漏洞

CVE-2020-25366

An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attackers to cause a denial of service (DoS) via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：80 | 回复：0
CVE漏洞

CVE-2021-34597

Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：77 | 回复：0
CVE漏洞

CVE-2021-34594

TwinCAT OPC UA Server in TF6100 and TS6100 in product versions before 4.3.48.0 or with TcOpcUaServer versions below 3.2.0.194 are prone to a relative path traversal that allow administrators to create ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：60 | 回复：0
CVE漏洞

CVE-2020-25367

A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：66 | 回复：0
CVE漏洞

CVE-2021-41562

A vulnerability in Snow Snow Agent for Windows allows a non-admin user to cause arbitrary deletion of files. This issue affects: Snow Snow Agent for Windows version 5.0.0 to 6.7.1 on Windows.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：68 | 回复：0
CVE漏洞

CVE-2021-43339

In Ericsson Network Location before 2021-07-31, it is possible for an authenticated attacker to inject commands via file_name in the export functionality. For example, a new admin user could be create ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：70 | 回复：0
CVE漏洞

CVE-2021-43338

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-43339. Reason: This candidate is a duplicate of CVE-2021-43339. Notes: All CVE users should reference CVE-2021-43339 instead of this ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：69 | 回复：0
CVE漏洞

CVE-2021-43032

In XenForo through 2.2.7, a threat actor with access to the admin panel can create a new Advertisement via the Advertising function, and save an XSS payload in the body of the HTML document. This payl ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：47 | 回复：0
CVE漏洞

CVE-2021-42772

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote GetDu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：57 | 回复：0
CVE漏洞

CVE-2021-41492

Multiple SQL Injection vulnerabilities exist in Sourcecodester Simple Cashiering System (POS) 1.0 via the (1) Product Code in the pos page in cashiering. (2) id parameter in manage_products and the (3 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：61 | 回复：0
CVE漏洞

CVE-2021-38488

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter comment of the API ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：78 | 回复：0
CVE漏洞

CVE-2021-38428

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API sch ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：71 | 回复：0
CVE漏洞

CVE-2021-38424

The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an attacker injecting formulas into the tag data. Those formulas may then be executed when it is opened with ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：60 | 回复：0
CVE漏洞

CVE-2021-38422

Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive information in cleartext, which may allow an attacker to have extensive access to the application directory and escalate privilege ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：77 | 回复：0
CVE漏洞

CVE-2021-38420

Delta Electronics DIALink versions 1.2.4.0 and prior default permissions give extensive permissions to low-privileged user accounts, which may allow an attacker to modify the installation directory an ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：76 | 回复：0
CVE漏洞

CVE-2021-38418

Delta Electronics DIALink versions 1.2.4.0 and prior runs by default on HTTP, which may allow an attacker to be positioned between the traffic and perform a machine-in-the-middle attack to access info ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：72 | 回复：0
CVE漏洞

CVE-2021-38416

Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads libraries, which may allow an attacker to use DLL hijacking and takeover the system where the software is installed.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：83 | 回复：0
CVE漏洞

CVE-2021-38411

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter deviceName of the A ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：74 | 回复：0
CVE漏洞

CVE-2021-38407

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API dev ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：79 | 回复：0
CVE漏洞

CVE-2021-38403

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter supplier of the API ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：86 | 回复：0
CVE漏洞

CVE-2021-35053

Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attacker could change specific Firefox browser parameters file in a certain way and then reboot the syste ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：76 | 回复：0
CVE漏洞

CVE-2021-33800

In Druid 1.2.3, visiting the path with parameter in a certain function can lead to directory traversal.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：75 | 回复：0
CVE漏洞

CVE-2021-22960

The parse function in llhttp 2.1.4 and 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：69 | 回复：0
CVE漏洞

CVE-2020-6931

HP Print and Scan Doctor may potentially be vulnerable to local elevation of privilege.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：56 | 回复：0