漏洞 - 第855页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-27079

Windows Media Photo Codec Information Disclosure Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 10:33 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-27072

Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28310.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:33 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-27067

Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 10:33 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-27064

Visual Studio Installer Elevation of Privilege Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 10:33 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-26417

Windows Overlay Filter Information Disclosure Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 10:33 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-26416

Windows Hyper-V Denial of Service Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 10:33 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-26415

Windows Installer Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28440.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:33 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-26413

Windows Installer Spoofing Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 10:33 | 阅读：5 | 回复：0
CVE漏洞

CVE-2021-23372

All versions of package mongo-express are vulnerable to Denial of Service (DoS) when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:33 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-21399

Ampache is a web based audio/video streaming application and file manager. Versions prior to 4.4.1 allow unauthenticated access to Ampache using the subsonic API. To successfully make the attack you m ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:33 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-27609

SAP Focused RUN versions 200, 300, does not perform necessary authorization checks for an authenticated user, which allows a user to call the oData service and manipulate the activation for the SAP Ea ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:33 | 阅读：5 | 回复：0
CVE漏洞

CVE-2021-27605

SAP's HCM Travel Management Fiori Apps V2, version - 608, does not perform proper authorization check, allowing an authenticated but unauthorized attacker to read personnel numbers of employees, r ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:33 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-27603

An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABAP, versions - 731, 740, 750, allows to keep a work process busy for any length of time. An attacker could call this function modul ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-27602

SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice application allows certain authorized users to create source rules which are translated to drools rule when published to certain modul ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-27601

SAP NetWeaver AS Java (Applications based on HTMLB for Java) allows a basic-level authorized attacker to store a malicious file on the server. When a victim tries to open this file, it results in a Cr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-27600

SAP Manufacturing Execution (System Rules), versions - 15.1, 15.2, 15.3, 15.4, allows an authorized attacker to embed malicious code into HTTP parameter and send it to the server because SAP Manufactu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-27598

SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 7.31, 7.40, 7.50, allows an attacker to read some statistical data like product version, traffic, timestamp etc. because of miss ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：5 | 回复：0
CVE漏洞

CVE-2021-23281

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. IPM software does not sanitize the date provided via coverterCheckList action ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-23280

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file upload vulnerability. IPM’s maps_srv.js allows an attacker to upload a malicious NodeJS file using up ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-23279

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated arbitrary file delete vulnerability induced due to improper input validation in meta_driver_srv.js class with saveD ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-23278

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file delete vulnerability induced due to improper input validation at server/maps_srv.js with action remove ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-23277

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated eval injection vulnerability. The software does not neutralize code syntax from users before using in the dynamic e ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-23276

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated SQL injection. A malicious user can send a specially crafted packet to exploit the vulnerability. Successful exploita ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-22720

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-22719

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-22718

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-22717

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-22716

A CWE-269: Improper Privilege Management vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when an unprivileged user modifies a file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-21784

An out-of-bounds write vulnerability exists in the JPG format SOF marker processing of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provid ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-21492

SAP NetWeaver Application Server Java(HTTP Service), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate logon group in URLs, resulting in a content spoofing vulnerabil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-21485

An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged us ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-21483

Under certain conditions SAP Solution Manager, version - 720, allows a high privileged attacker to get access to sensitive information which has a direct serious impact beyond the exploitable componen ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-21482

SAP NetWeaver Master Data Management, versions - 710, 710.750, allows a malicious unauthorized user with access to the MDM Server subnet to find the password using a brute force method. If successful, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-0471

In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. U ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-0468

In LK, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege for an attacker who has physical access to the device with no addi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-0446

In ImportVCardActivity, there is a possible way to bypass user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-0445

In start of WelcomeActivity.java, there is a possible residual profile due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-0444

In onActivityResult of QuickContactActivity.java, there is an unnecessary return of an intent. This could lead to local information disclosure of contact data with no additional execution privileges n ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-0443

In several functions of ScreenshotHelper.java and related files, there is a possible incorrectly saved screenshot due to a race condition. This could lead to local information disclosure across user p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-0442

In updateInfo of android_hardware_input_InputApplicationHandle.cpp, there is a possible control of code flow due to a use after free. This could lead to local escalation of privilege with no additiona ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：16 | 回复：0