漏洞 - 第925页-OStack程序员社区-中国程序员成长平台

OStack程序员社区-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-26713

A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebR ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：53 | 回复：0
CVE漏洞

CVE-2021-20588

Improper handling of length parameter inconsistency vulnerability in Mitsubishi Electric FA Engineering Software(C Controller module setting and monitoring tool all versions, CPU Module Logging Config ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-20587

Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Engineering Software (C Controller module setting and monitoring tool all versions, CPU Module Logging Configuration Tool versions 1. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：11 | 回复：0
CVE漏洞

CVE-2020-35499

A NULL pointer dereference flaw in Linux kernel versions prior to 5.11 may be seen if sco_sock_getsockopt function in net/bluetooth/sco.c do not have a sanity check for a socket connection, when using ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-27351

The Terminate Session feature in the Telegram application through 7.2.1 for Android, and through 2.4.7 for Windows and UNIX, fails to invalidate a recently active session.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-27328

Yeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Traversal. An authenticated user can decrypt firmware and can read sensitive information, such as a password or decryption key.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-27214

A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requ ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：32 | 回复：0
CVE漏洞

CVE-2020-9050

Path Traversal vulnerability exists in Metasys Reporting Engine (MRE) Web Services which could allow a remote unauthenticated attacker to access and download arbitrary files from the system.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：24 | 回复：0
CVE漏洞

CVE-2020-25171

The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-23342

This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1) When parsing HTML from ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-21512

Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an Information Disclosure vulnerability. A locally authenticated high privileged Cyber Recovery user may potentially exploit this vulne ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：11 | 回复：0
CVE漏洞

CVE-2020-13549

An exploitable local privilege elevation vulnerability exists in the file system permissions of Sytech XL Reporter v14.0.1 install directory. Depending on the vector chosen, an attacker can overwrite ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-22703

A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affect ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-22702

A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notificat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-22701

A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：34 | 回复：0
CVE漏洞

CVE-2020-12374

Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow a privileged user to potentially enable escalation of privilege vi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-3210

components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound = 4.0.1 allows remote attackers to execute arbitrary system commands when the victim imports a malicious data file containing JavaSc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-3204

SSRF in the document conversion component of Webware Webdesktop 5.1.15 allows an attacker to read all files from the server.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-26296

In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site reques ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-3339

ModernFlow before 1.3.00.208 does not constrain web-page access to members of a security group, as demonstrated by the Search Screen and the Profile Screen.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：20 | 回复：0
CVE漏洞

CVE-2020-36248

The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：15 | 回复：0
CVE漏洞

CVE-2020-36252

ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：20 | 回复：0
CVE漏洞

CVE-2020-36251

ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else's access to that share.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：28 | 回复：0
CVE漏洞

CVE-2020-36250

In the ownCloud application before 2.15 for Android, the lock protection mechanism can be bypassed by moving the system date/time into the past.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：19 | 回复：0
CVE漏洞

CVE-2020-36249

The File Firewall before 2.8.0 for ownCloud Server does not properly enforce file-type restrictions for public shares.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：19 | 回复：0
CVE漏洞

CVE-2020-10254

An issue was discovered in ownCloud before 10.4. An attacker can bypass authentication on a password-protected image by displaying its preview.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：18 | 回复：0
CVE漏洞

CVE-2020-10252

An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharing/external remote parameter), an authenticated attacker can interact with local services blindly (ak ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：18 | 回复：0
CVE漏洞

CVE-2020-36247

Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：21 | 回复：0
CVE漏洞

CVE-2020-24908

Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%\checkmk\agent\local directory.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-27405

A ReDoS (regular expression denial of service) flaw was found in the @progfay/scrapbox-parser package before 6.0.3 for Node.js.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-26746

Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= URI.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：20 | 回复：0
CVE漏洞

CVE-2020-36246

Amaze File Manager before 3.5.1 allows attackers to obtain root privileges via shell metacharacters in a symbolic link.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-27404

Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injection of a Host HTTP header.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-27403

Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow cgi-bin/te_acceso_router.cgi curWebPage XSS.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：12 | 回复：0
CVE漏洞

CVE-2019-25024

OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters in the functions/ajax_system.php post_service parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：10 | 回复：0
CVE漏洞

CVE-2020-19513

Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 allows attackers to execute arbitrary code by creating a crafted input that will overwrite the SEH handler.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-26747

Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-26712

Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-26906

An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-26717

An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remot ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：34 | 回复：0