漏洞 - 第699页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2020-25082

An attacker with physical access to Nuvoton Trusted Platform Module (NPCT75x 7.2.x before 7.2.2.0) could extract an Elliptic Curve Cryptography (ECC) private key via a side-channel attack against ECDS ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：16 | 回复：0
CVE漏洞

CVE-2020-23172

A vulnerability in all versions of Kuba allows attackers to overwrite arbitrary files in arbitrary directories with crafted Zip files due to improper validation of file paths in .zip archives.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：16 | 回复：0
CVE漏洞

CVE-2020-23171

A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash characters included in the name of the crafte ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-38373

In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless Server requires authentication is checked.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-38372

In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses from an IMAP server are accepted before STARTTLS.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-38371

The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-38370

In Alpine through 2.24, untagged responses from an IMAP server are accepted before STARTTLS.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-36601

GetSimpleCMS 3.3.16 contains a cross-site Scripting (XSS) vulnerability, where Function TSL does not filter check settings.php Website URL: siteURL parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-33707

SAP NetWeaver Knowledge Management allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via a URL stored in a component. This could enable the attacker to compr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-33706

Due to improper input validation in InfraBox, logs can be modified by an authenticated user.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-33703

Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters. An attacker can craft a malicious link and send it to a victim. A ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-33702

Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data. An attacker can craft malicious data and print it ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-33699

Task Hijacking is a vulnerability that affects the applications running on Android devices due to a misconfiguration in their AndroidManifest.xml with their Task Control features. This allows an unaut ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-32943

The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, Web ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-22676

UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting (XSS), which could allow an attacker to send malicious JavaScript code. This could result in hijacking of cookie/session t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-38365

Winner (aka ToneWinner) desktop speakers through 2021-08-09 allow remote attackers to recover speech signals from the power-indicator LED via a telescope and an electro-optical sensor, aka a Glowworm ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-37152

Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. An authenticated attacker with the ability to add HTML files to a repository could redirect users to Nexus Repository Ma ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-29739

IBM Planning Analytics Local 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. X-Force ID: 198846.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-22674

The affected product is vulnerable to a relative path traversal condition, which may allow an attacker access to unauthorized files and directories on the WebAccess/SCADA (WebAccess/SCADA versions pri ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-22386

A component of the Huawei smartphone has a Double Free vulnerability. Local attackers may exploit this vulnerability to cause Root Elevation of Privileges.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-22385

A component of the Huawei smartphone has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause Kernel Code Execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-31655

Cross Site Scripting (XSS) vulnerability in TRENDnet TV-IP110WN V1.2.2.64 V1.2.2.65 V1.2.2.68 via the profile parameter. in a GET request in view.cgi.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-3689

yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-37180

A vulnerability has been identified in Solid Edge SE2021 (All Versions SE2021MP7). The PSKERNEL.dll library lacks proper validation while parsing user-supplied OBJ files that could cause an out of bo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-37179

A vulnerability has been identified in Solid Edge SE2021 (All Versions SE2021MP7). The PSKERNEL.dll library in affected application lacks proper validation while parsing user-supplied OBJ files that ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-37178

A vulnerability has been identified in Solid Edge SE2021 (All Versions SE2021MP7). An XML external entity injection vulnerability in the underlying XML parser could cause the affected application to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-37172

A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (V4.5.0). Affected devices fail to authenticate against configured passwords when provisioned using TIA Portal ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：5 | 回复：0
CVE漏洞

CVE-2021-33738

A vulnerability has been identified in JT2Go (All versions V13.2.0.2), Teamcenter Visualization (All versions V13.2.0.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper vali ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：5 | 回复：0
CVE漏洞

CVE-2021-33721

A vulnerability has been identified in SINEC NMS (All versions V1.0 SP2). The affected application incorrectly neutralizes special elements when creating batch operations which could lead to command ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-33717

A vulnerability has been identified in JT2Go (All versions V13.2.0.1), Teamcenter Visualization (All versions V13.2.0.1). When parsing specially crafted CGM Files, a NULL pointer deference condition ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-25659

A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions V6.0 SP9 Update 2). Sending specially crafted packets to port 4410/tcp o ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：11 | 回复：0
CVE漏洞

CVE-2020-28397

A vulnerability has been identified in SIMATIC Drive Controller family (All versions V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions V21.9), SIMATIC S7 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-21501

Improper configuration will cause ServiceComb ServiceCenter Directory Traversal problem in ServcieCenter 1.x.x versions and fixed in 2.0.0.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：14 | 回复：0
CVE漏洞

CVE-2020-23151

rConfig 3.9.5 allows command injection by sending a crafted GET request to lib/ajaxHandlers/ajaxArchiveFiles.php since the path parameter is passed directly to the exec function without being escaped.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：11 | 回复：0
CVE漏洞

CVE-2020-23150

A SQL injection vulnerability in config.inc.php of rConfig 3.9.5 allows attackers to access sensitive database information via a crafted GET request to install/lib/ajaxHandlers/ajaxDbInstall.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：11 | 回复：0
CVE漏洞

CVE-2020-23149

The dbName parameter in ajaxDbInstall.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a SQL injection and access sensitive database information.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：9 | 回复：0
CVE漏洞

CVE-2020-23148

The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a LDAP injection and obtain sensitive information via a crafted POST request.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-38311

In Contiki 3.0, potential nonterminating acknowledgment loops exist in the Telnet service. When the negotiated options are already disabled, servers still respond to DONT and WONT requests with WONT o ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：26 | 回复：0
CVE漏洞

CVE-2020-24742

An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：16 | 回复：0
CVE漏洞

CVE-2020-24741

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-0570. Reason: This candidate is a duplicate of CVE-2020-0570. A typo caused the wrong ID to be used. Notes: All CVE users should ref ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：17 | 回复：0