CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-44381

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPower ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:52 | 阅读：37 | 回复：0
CVE-2021-44382

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot.SetIrLigh ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:52 | 阅读：26 | 回复：0
CVE-2021-44383

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetAutoU ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:52 | 阅读：43 | 回复：0
CVE-2021-44384

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPtzTa ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:52 | 阅读：113 | 回复：0
CVE-2021-34865

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The s ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：12 | 回复：0
CVE-2021-34866

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.14-rc3. An attacker must first obtain the ability to execute low-privileged code on the tar ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：10 | 回复：0
CVE-2021-34867

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute high-privileged code ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：12 | 回复：0
CVE-2021-34868

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute low-privileged code o ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：11 | 回复：0
CVE-2021-34869

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute low-privileged code o ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：12 | 回复：0
CVE-2021-34870

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR XR1000 1.0.0.52_1.0.38 routers. Authentication is not required to exploit th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：12 | 回复：0
CVE-2021-43863

The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. The Nextcloud Android app uses content providers to manage its data. Prior to version 3.18.1, the pr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：13 | 回复：0
CVE-2021-46034

A problem was found in ForestBlog, as of 2021-12-29, there is a XSS vulnerability that can be injected through the nickname input box.……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：11 | 回复：0
CVE-2021-46083

uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) via the input box of the statistical code.……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：11 | 回复：0
CVE-2021-46084

uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) via close registration information input box.……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：11 | 回复：0
CVE-2021-46085

OneBlog = 2.2.8 is vulnerable to Insecure Permissions. Low level administrators can delete high-level administrators beyond their authority.……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：14 | 回复：0
CVE-2021-46086

xzs-mysql = t3.4.0 is vulnerable to Insecure Permissions. The front end of this open source system is an online examination system. There is an unsafe vulnerability in the functional method of submitt ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：15 | 回复：0
CVE-2021-46087

In jfinal_cms = 5.1 0, there is a storage XSS vulnerability in the background system of CMS. Because developers do not filter the parameters submitted by the user input form, any user with background ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：14 | 回复：0
CVE-2021-39031

IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could e ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：16 | 回复：0
CVE-2022-0351

Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：17 | 回复：0
CVE-2021-38129

Escalation of privileges vulnerability in Micro Focus in Micro Focus Operations Agent, affecting versions 12.x up to and including 12.21. The vulnerability could be exploited by a non-privileged local ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：16 | 回复：0
CVE-2021-40158

A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 may be forced to read beyond allocated boundaries when parsing the JT file. This vulnerability can be exploited to execute arb ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：16 | 回复：0
CVE-2021-40159

An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022, 2021, 2020, 2019 may lead to code execution through maliciously crafted JT files.……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：16 | 回复：0
CVE-2021-40167

A malicious crafted dwf file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vul ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：16 | 回复：0
CVE-2021-40337

Cross-site Scripting (XSS) vulnerability in Hitachi Energy LinkOne allows an attacker that manages to exploit the vulnerability can take advantage to exploit multiple web attacks and stole sensitive i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：15 | 回复：0
CVE-2021-41598

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：17 | 回复：0
CVE-2021-43298

The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacke ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：19 | 回复：0
CVE-2021-45729

The Privilege Escalation vulnerability discovered in the WP Google Map WordPress plugin (versions = 1.8.0) allows authenticated low-role users to create, edit, and delete maps.……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：19 | 回复：0
CVE-2021-4133

A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：19 | 回复：0
CVE-2021-4145

A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：21 | 回复：0
CVE-2022-0270

Prior to v0.6.1, bored-agent failed to sanitize incoming kubernetes impersonation headers allowing a user to override assigned user name and groups.……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：25 | 回复：0
CVE-2022-0332

A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data.……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：25 | 回复：0
CVE-2022-0333

A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The calendar:manageentries capability allowed managers to access or modify any ca ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：30 | 回复：0
CVE-2022-0334

A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. Insufficient capability checks could lead to users accessing their grade report f ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：29 | 回复：0
CVE-2022-0335

A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The delete badge alignment functionality did not include the necessary token chec ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：29 | 回复：0
CVE-2022-22789

Charactell - FormStorm Enterprise Account takeover – An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：31 | 回复：0
CVE-2022-23008

On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the user or admin role can use undisclosed API endpoints on NGINX Controller API Management to injec ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：29 | 回复：0
CVE-2022-23009

On BIG-IQ Centralized Management 8.x before 8.1.0, an authenticated administrative role user on a BIG-IQ managed BIG-IP device can access other BIG-IP devices managed by the same BIG-IQ system. Note: ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：29 | 回复：0
CVE-2022-23010

On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a FastL4 profile and an HTTP profile are configured on a vir ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：23 | 回复：0
CVE-2022-23011

On certain hardware BIG-IP platforms, in version 15.1.x before 15.1.4 and 14.1.x before 14.1.3, virtual servers may stop responding while processing TCP traffic due to an issue in the SYN Cookie Prote ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：26 | 回复：0
CVE-2022-23012

On BIG-IP versions 15.1.x before 15.1.4.1 and 14.1.x before 14.1.4.5, when the HTTP/2 profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：23 | 回复：0