漏洞 - 第828页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2020-28198

** UNSUPPORTED WHEN ASSIGNED ** The 'id' parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-31828

An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceedi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：17 | 回复：0
CVE漏洞

CVE-2020-18890

Rmote Code Execution (RCE) vulnerability in puppyCMS v5.1 due to insecure permissions, which could let a remote malicious user getshell via /admin/functions.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：13 | 回复：0
CVE漏洞

CVE-2020-18888

Arbitrary File Deletion vulnerability in puppyCMS v5.1 allows remote malicious attackers to delete the file/folder via /admin/functions.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-31918

A flaw was found in tripleo-ansible version as shipped in Red Hat Openstack 16.1. The Ansible log file is readable to all users during stack update and creation. The highest threat from this vulnerabi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-31916

An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-31793

An issue exists on NightOwl WDB-20-V2 WDB-20-V2_20190314 devices that allows an unauthenticated user to gain access to snapshots and video streams from the doorbell. The binary app offers a web server ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：10 | 回复：0
CVE漏洞

CVE-2020-18889

Cross Site Request Forgery (CSRF) vulnerability in puppyCMS v5.1 that can change the admin's password via /admin/settings.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：11 | 回复：0
CVE漏洞

CVE-2019-25043

ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a string index out of range error and worker-process crash for a Cookie: =abc header.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-3507

A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers fro ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：5 | 回复：0
CVE漏洞

CVE-2021-32052

In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-31829

kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific con ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-28152

Hongdian H8922 3.0.5 devices have an undocumented feature that allows access to a shell as a superuser. To connect, the telnet service is used on port 5188 with the default credentials of root:superzx ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：5 | 回复：0
CVE漏洞

CVE-2021-28151

Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address (aka Destination) field to the tools.cgi ping command, which is accessible with the username guest ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-28150

Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administrator password and other sensitive data) via /backup2.cgi.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-28149

Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_download.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：37 | 回复：0
CVE漏洞

CVE-2021-32030

The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-30473

aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-20204

A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases. This degrades the confidentiality, integrity and availab ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：12 | 回复：0
CVE漏洞

CVE-2020-35519

An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the sys ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-28128

In Strapi through 3.6.0, the admin panel allows the changing of one's own password without entering the current password. An attacker who gains access to a valid session can use this to take over ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-22210

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2. When querying the repository branches through API, GitLab was ignoring a query parameter and returning a conside ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-22209

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：4 | 回复：0
CVE漏洞

CVE-2021-22208

An issue has been discovered in GitLab affecting versions starting with 13.5 up to 13.9.7. Improper permission check could allow the change of timestamp for issue creation or update.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-22206

An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror credentials are exposed that allows other maintainers to be able to view the credentials in plain-text,……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-3501

A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could le ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-32062

MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-31616

Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.1.0 allow a stack buffer overflow via crafted messages. The overflow in ethereum_extractThorchainSwapData() in et ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-31532

NXP LPC55S6x microcontrollers (0A and 1B), i.MX RT500 (silicon rev B1 and B2), i.MX RT600 (silicon rev A0, B0), LPC55S6x, LPC55S2x, LPC552x (silicon rev 0A, 1B), LPC55S1x, LPC551x (silicon rev 0A) and ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-31409

Unsafe validation RegEx in EmailValidator component in com.vaadin:vaadin-compatibility-server versions 8.0.0 through 8.12.4 (Vaadin versions 8.0.0 through 8.12.4) allows attackers to cause uncontrolle ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-31245

omr-admin.py in openmptcprouter-vps-admin 0.57.3 and earlier compares the user provided password with the original password in a length dependent manner, which allows remote attackers to guess the pas ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-29921

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is base ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：5 | 回复：0
CVE漏洞

CVE-2021-29491

Mixme is a library for recursive merging of Javascript objects. In Node.js mixme v0.5.0, an attacker can add or alter properties of an object via 'proto' through the mutate() and merge() funct ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-29490

Jellyfin is a free software media system that provides media from a dedicated server to end-user devices via multiple apps. Verions prior to 10.7.3 vulnerable to unauthenticated Server-Side Request Fo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：37 | 回复：0
CVE漏洞

CVE-2021-27216

Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-26543

The gitDiff function in Wayfair git-parse =1.0.4 has a command injection vulnerability. Clients of the git-parse library are unlikely to be aware of this, so they might unwittingly write code that con ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-24254

The College publisher Import WordPress plugin through 0.1 does not check for the uploaded CSV file to import, allowing high privilege users to upload arbitrary files, such as PHP, leading to RCE. Due ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-24253

The Classyfrieds WordPress plugin through 3.8 does not properly check the uploaded file when an authenticated user adds a listing, only checking the content-type in the request. This allows any authen ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-24252

The Event Banner WordPress plugin through 1.3 does not verify the uploaded image file, allowing admin accounts to upload arbitrary files, such as .exe, .php, or others executable, leading to RCE. Due ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-24251

The Business Directory Plugin â€“ Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in ad ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：14 | 回复：0