漏洞 - 第725页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-31503

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.3.84 (package 16.6.3.134). User interaction is required to exploit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-21581

Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-21580

Dell EMC iDRAC8 versions prior to 2.80.80.80 Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a Content spoofing / Text injection, where a malicious URL can inject text to present a customized me ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-21579

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by trickin ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-21578

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by trickin ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-21577

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-21576

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-36157

An issue was discovered in Grafana Cortex through 1.9.0. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../ ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-36156

An issue was discovered in Grafana Loki through 2.2.1. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../se ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-32772

Poddycast is a podcast app made with Electron. Prior to version 0.8.1, an attacker can create a podcast or episode with malicious characters and execute commands on the client machine. The application ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-31630

Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the Hardware Layer Code Box component on the /hardware page of the application.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-27954

A heap-based buffer overflow vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HKProcessConfig function of the HomeKit Wireless Access Control setup process. A threat actor can exploit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-27953

A NULL pointer dereference vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HomeKit Wireless Access Control setup process. A threat actor can exploit this vulnerability to cause a den ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-27952

Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.200 device. This allows a threat actor to gain access to the password-protected bootloader environment through the serial console.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-36379

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-36159

libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols. The FTP passive mode implementation allows an out-of-bounds read ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-22400

Some Huawei Smartphones has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The app can modify spe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-37833

A reflected cross-site scripting (XSS) vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-37832

A SQL injection vulnerability exists in version 3.0.2 of Hotel Druid when SQLite is being used as the application database. A malicious attacker can issue SQL commands to the SQLite database through t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-35265

A reflected cross-site scripting (XSS) vulnerability in MaxSite CMS before V106 via product/page/* allows remote attackers to inject arbitrary web script to a page.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-37916

Joplin before 2.0.9 allows XSS via button and form in the note body.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-37914

In Argo Workflows through 3.1.3, if EXPRESSION_TEMPLATES is enabled and untrusted users are allowed to specify input parameters when running workflows, an attacker may be able to disrupt a workflow be ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-26085

Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected version ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-21565

Dell PowerScale OneFS versions 9.1.0.3 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing ot ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-21563

Dell EMC PowerScale OneFS versions 8.1.2-9.1.0.x contain an Improper Check for Unusual or Exceptional Conditions in its auditing component.This can lead to an authenticated user with low-privileges to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-21562

Dell EMC PowerScale OneFS contains an untrusted search path vulnerability. This vulnerability allows a user with (ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE) and (ISI_PRIV_SYS_UPGRADE or ISI_PRIV_AU ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-21553

Dell PowerScale OneFS versions 8.1.0-9.1.0 contain an Incorrect User Management vulnerability.under some specific conditions, this can allow the CompAdmin user to elevate privileges and break out of C ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-32812

Monkshu is an enterprise application server for mobile apps (iOS and Android), responsive HTML 5 apps, and JSON API services. In version 2.90 and earlier, there is a reflected cross-site scripting vul ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-32811

Zope is an open-source web application server. Zope versions prior to versions 4.6.3 and 5.3 have a remote code execution security issue. In order to be affected, one must use Python 3 for one's Z ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-32787

Sourcegraph is a code search and navigation engine. Sourcegraph before version 3.30.0 has two potential information leaks. The site-admin area can be accessed by regular users and all information and ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-34637

The Post Index WordPress plugin is vulnerable to Cross-Site Request Forgery via the OptionsPage function found in the ~/php/settings.php file which allows attackers to inject arbitrary web scripts, in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-34635

The Poll Maker WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the mcount parameter found in the ~/admin/partials/settings/poll-maker-settings.php file which allows attackers to i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-34632

The SEO Backlinks WordPress plugin is vulnerable to Cross-Site Request Forgery via the loc_config function found in the ~/seo-backlinks.php file which allows attackers to inject arbitrary web scripts, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-34628

The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Request Forgery due to the loginbgSave action found in the ~/includes/Login-form-setting/Login-form-background.php file which allows ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-32019

There is missing input validation of host names displayed in OpenWrt before 19.07.8. The Connection Status page of the luci web-interface allows XSS, which can be used to gain full control over the af ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-29979

Hubs Cloud allows users to download shared content, specifically HTML and JS, which could allow javascript execution in the Hub Cloud instance’s primary hosting domain.*. This vulnerability affects H ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-27943

The pairing procedure used by the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs and mobile application is vulnerable to a brute-force attack (against only 10000 possibilities), allowing a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-27503

Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application encrypts on the application layer of ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-27499

Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application layer encryption of the communicatio ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-21866

A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：21 | 回复：0