漏洞 - 第980页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2020-1779

When dynamic templates are used (OTRSTicketForms), admin can use OTRS tags which are not masked properly and can reveal sensitive information. This issue affects: OTRS AG OTRSTicketForms 6.0.x version ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：62 | 回复：0
CVE漏洞

CVE-2020-35700

A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS before 21.1.0 allows remote authenticated attackers to execute arbitrary SQL c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：58 | 回复：0
CVE漏洞

CVE-2020-11920

An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. A command injection vulnerability resides in the HOST/IP section of the NFS settings menu in the webserver running on the devi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：68 | 回复：0
CVE漏洞

CVE-2020-11915

An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. By sending a set_params.cgi?telnetd=1save=1reboot=1 request to the webserver, it is possible to enable the telnet interface on ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：47 | 回复：0
CVE漏洞

CVE-2021-26754

wpDataTables before 3.4.1 mishandles order direction for server-side tables, aka admin-ajax.php?action=get_wdtable order SQL injection.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：63 | 回复：0
CVE漏洞

CVE-2021-22161

In OpenWrt 19.07.x before 19.07.7, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：51 | 回复：0
CVE漏洞

CVE-2021-26843

An issue was discovered in sthttpd through 2.27.1. On systems where the strcpy function is implemented with memcpy, the de_dotdot function may cause a Denial-of-Service (daemon crash) due to overlappi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：44 | 回复：0
CVE漏洞

CVE-2021-3122

CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter (within an XML document sent to port 8089) that enables the remote, unauthenticated ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：54 | 回复：0
CVE漏洞

CVE-2020-36243

The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command Injection vulnerability in /interface/main/backup.php. To exploit the vulnerability, an authenticated attacker can send a POST request th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：61 | 回复：0
CVE漏洞

CVE-2020-36242

In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：73 | 回复：0
CVE漏洞

CVE-2021-26723

Jenzabar 9.2.x through 9.2.2 allows /ics?tool=searchquery= XSS.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：58 | 回复：0
CVE漏洞

CVE-2021-22305

There is a buffer overflow vulnerability in Mate 30 10.1.0.126(C00E125R5P3). A module does not verify the some input when dealing with messages. Attackers can exploit this vulnerability by sending mal ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：46 | 回复：0
CVE漏洞

CVE-2021-22304

There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vuln ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：51 | 回复：0
CVE漏洞

CVE-2021-22302

There is an out-of-bound read vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module does not verify the some input. Attackers can exploit this vulnerability by sending malicious input through sp ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：48 | 回复：0
CVE漏洞

CVE-2021-22293

Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Attackers can exploit this vulnerability to cause information leak. Affected product versions include: CampusIn ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：62 | 回复：0
CVE漏洞

CVE-2021-22292

There is a denial of service (DoS) vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affecte ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：42 | 回复：0
CVE漏洞

CVE-2021-22500

Cross Site Request Forgery vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could be exploited by attacker to trick th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：64 | 回复：0
CVE漏洞

CVE-2021-22299

There is a local privilege escalation vulnerability in some Huawei products. A local, authenticated attacker could craft specific commands to exploit this vulnerability. Successful exploitation may ca ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：50 | 回复：0
CVE漏洞

CVE-2021-22298

There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security de ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：54 | 回复：0
CVE漏洞

CVE-2020-9205

There has a CSV injection vulnerability in ManageOne 8.0.1. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：52 | 回复：0
CVE漏洞

CVE-2020-9118

There is an insufficient integrity check vulnerability in Huawei Sound X Product. The system does not check certain software package's integrity sufficiently. Successful exploit could allow an att ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：59 | 回复：0
CVE漏洞

CVE-2021-22499

Persistent Cross-Site scripting vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow persistent XSS attack.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：83 | 回复：0
CVE漏洞

CVE-2021-22306

There is an out-of-bound read vulnerability in Mate 30 10.0.0.182(C00E180R6P2). A module does not verify the some input when dealing with messages. Attackers can exploit this vulnerability by sending ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：66 | 回复：0
CVE漏洞

CVE-2021-22303

There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). There is a lack of muti-thread protection when a function is called. Attackers can exploit this vulnerability by perfo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：58 | 回复：0
CVE漏洞

CVE-2021-22300

There is an information leak vulnerability in eCNS280_TD versions V100R005C00 and V100R005C10. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allow ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：62 | 回复：0
CVE漏洞

CVE-2021-22307

There is a weak algorithm vulnerability in Mate 3010.0.0.203(C00E201R7P2). The protection is insufficient for the modules that should be protected. Local attackers can exploit this vulnerability to af ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：64 | 回复：0
CVE漏洞

CVE-2021-22301

Mate 30 10.0.0.203(C00E201R7P2) have a buffer overflow vulnerability. After obtaining the root permission, an attacker can exploit the vulnerability to cause buffer overflow.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：57 | 回复：0
CVE漏洞

CVE-2021-20176

A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：53 | 回复：0
CVE漏洞

CVE-2020-5812

Nessus AMI versions 8.12.0 and earlier were found to either not validate, or incorrectly validate, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (M ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：48 | 回复：0
CVE漏洞

CVE-2020-14312

A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts querie ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：58 | 回复：0
CVE漏洞

CVE-2020-11836

OPPO Android Phone with MTK chipset and Android 8.1/9/10/11 versions have an information leak vulnerability. The “adb shell getprop ro.vendor.aee.enforcing” or “adb shell getprop ro.vendor.aee.enfo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：49 | 回复：0
CVE漏洞

CVE-2021-3229

Denial of service in ASUSWRT ASUS RT-AX3000 firmware versions 3.0.0.4.384_10177 and earlier versions allows an attacker to disrupt the use of device setup services via continuous login error.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-21303

Helm is open-source software which is essentially The Kubernetes Package Manager. Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. In Helm from version 3 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：55 | 回复：0
CVE漏洞

CVE-2021-1072

NVIDIA GeForce Experience, all versions prior to 3.21, contains a vulnerability in GameStream (rxdiag.dll) where an arbitrary file deletion due to improper handling of log files may lead to denial of ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：65 | 回复：0
CVE漏洞

CVE-2020-9453

In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IO ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：63 | 回复：0
CVE漏洞

CVE-2020-12122

In Max Secure Max Spyware Detector 1.0.0.044, the driver file (MaxProc64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：65 | 回复：0
CVE漏洞

CVE-2020-10858

Zulip Desktop before 5.0.0 allows attackers to perform recording via the webcam and microphone due to a missing permission request handler.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：63 | 回复：0
CVE漏洞

CVE-2020-10857

Zulip Desktop before 5.0.0 improperly uses shell.openExternal and shell.openItem with untrusted content, leading to remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：64 | 回复：0
CVE漏洞

CVE-2020-10554

An issue was discovered in Psyprax beforee 3.2.2. Passwords used to encrypt the data are stored in the database in an obfuscated format, which can be easily reverted. For example, the password AAAAAAA ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：68 | 回复：0
CVE漏洞

CVE-2020-10553

An issue was discovered in Psyprax before 3.2.2. The file %PROGRAMDATA%\Psyprax32\PPScreen.ini contains a hash for the lockscreen (aka screensaver) of the application. If that entry is removed, the lo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：52 | 回复：0