漏洞 - 第831页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-23365

The package github.com/tyktechnologies/tyk-identity-broker before 1.1.1 are vulnerable to Authentication Bypass via the Go XML parser which can cause SAML authentication bypass. This is because the XM ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-31804

LeoCAD before 21.03 sometimes allows a use-after-free during the opening of a new document.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-31803

cPanel before 94.0.3 allows self-XSS via EasyApache 4 Save Profile (SEC-581).……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-20712

Improper access control vulnerability in NEC Aterm WG2600HS firmware Ver1.5.1 and earlier, and Aterm WX3000HP firmware Ver1.1.2 and earlier allows a device connected to the LAN side to be accessed fro ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-20711

Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-20710

Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.5.1 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：5 | 回复：0
CVE漏洞

CVE-2021-20709

Improper validation of integrity check value vulnerability in NEC Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and e ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-20708

NEC Aterm devices (Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier) allow authenticated attackers to execut ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-20697

Missing authentication for critical function in DAP-1880AC firmware version 1.21 and earlier allows a remote attacker to login to the device as an authenticated user without the access privilege via u ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-20696

DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to execute arbitrary OS commands by sending a specially crafted request to a specific CGI program.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-20695

Improper following of a certificate's chain of trust vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to gain root privileges via unspecified ve ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-20694

Improper access control vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to bypass access restriction and to start a telnet service via unspecified ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-20693

Improper access control vulnerability in Gurunavi App for Android ver.10.0.10 and earlier and for iOS ver.11.1.2 and earlier allows a remote attacker to lead a user to access an arbitrary website via ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-20680

Cross-site scripting vulnerability in NEC Aterm devices (Aterm WG1900HP2 firmware Ver.1.3.1 and earlier, Aterm WG1900HP firmware Ver.2.5.1 and earlier, Aterm WG1800HP4 firmware Ver.1.3.1 and earlier, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-31762

Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-31761

Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's running process feature.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-31760

Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin's running process feature.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-31726

Akuvox C315 115.116.2613 allows remote command Injection via the cfgd_server service. The attack vector is sending a payload to port 189 (default root 0.0.0.0).……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-31718

The server in npupnp before 4.1.4 is affected by DNS rebinding in the embedded web server (including UPnP SOAP and GENA endpoints), leading to remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-30502

The unofficial vscode-ghc-simple (aka Simple Glasgow Haskell Compiler) extension before 0.2.3 for Visual Studio Code allows remote code execution via a crafted workspace configuration with replCommand ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-31712

react-draft-wysiwyg (aka React Draft Wysiwyg) before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-31794

Settings.aspx?view=About in Directum 5.8.2 allows XSS via the HTTP User-Agent header.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-31795

The PowerVR GPU kernel driver in pvrsrvkm.ko through 2021-04-24 for the Linux kernel, as used on Alcatel 1S phones, allows attackers to overwrite heap memory via PhysmemNewRamBackedPMR.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-31598

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap-based buffer overflow.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-31791

In Hardware Sentry KM before 10.0.01 for BMC PATROL, a cleartext password may be discovered after a failure or timeout of a command.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-31584

Sipwise C5 NGCP www_csc version 3.6.4 up to and including platform NGCP CE mr3.8.13 allows call/click2dial CSRF attacks for actions with administrative privileges.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：5 | 回复：0
CVE漏洞

CVE-2021-31583

Sipwise C5 NGCP WWW Admin version 3.6.7 up to and including platform version NGCP CE 3.0 has multiple authenticated stored and reflected XSS vulnerabilities when input passed via several parameters to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-29158

Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：5 | 回复：0
CVE漏洞

CVE-2021-25899

An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attacker can send a crafted HTTP request to perform a blind time-based SQL Injection. The vulnerable para ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：4 | 回复：0
CVE漏洞

CVE-2021-25898

An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. Passwords are stored in unencrypted source-code text files. This was noted when accessing the svc-login.php file. The value ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：13 | 回复：0
CVE漏洞

CVE-2020-7036

An XML External Entities (XXE)vulnerability in Callback Assist could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：13 | 回复：0
CVE漏洞

CVE-2020-7035

An XML External Entities (XXE)vulnerability in the web-based user interface of Avaya Aura Orchestration Designer could allow an authenticated, remote attacker to gain read access to information that i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：4 | 回复：0
CVE漏洞

CVE-2020-7034

A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：8 | 回复：0
CVE漏洞

CVE-2020-17542

Cross Site Scripting (XSS) in dotCMS v5.1.5 allows remote attackers to execute arbitrary code by injecting a malicious payload into the Task Detail comment window of the /dotAdmin/#/c/workflow compone ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：4 | 回复：0
CVE漏洞

CVE-2021-31780

In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to information disclosure on an event edit. When an object has a sharing group associated with an event e ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-29470

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The ou ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：3 | 回复：0
CVE漏洞

CVE-2021-20089

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in purl 2.3.2 allows a malicious user to inject properties into Object.prototype.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-20086

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-bbq 1.2.1 allows a malicious user to inject properties into Object.prototype.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-20085

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in backbone-query-parameters 0.4.0 allows a malicious user to inject properties into Object.prototype. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-20083

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：4 | 回复：0