漏洞 - 第938页-OStack程序员社区-中国程序员成长平台

OStack程序员社区-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-23885

Privilege escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-23339

This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of package com.typesafe.akka:akka-http-core. It allows multiple Transfer-Encoding headers.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：33 | 回复：0
CVE漏洞

CVE-2020-2502

This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. Pho ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：35 | 回复：0
CVE漏洞

CVE-2020-2501

A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-20655

FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-20653

Calsos CSDJ (CSDJ-B 01.08.00 and earlier, CSDJ-H 01.08.00 and earlier, CSDJ-D 01.08.00 and earlier, and CSDJ-A 03.08.00 and earlier) allows remote attackers to bypass access restriction and to obtain ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-26934

An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-26933

An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is allowed to control whether memory accesses are bypassing the cache. This means that Xen needs to ensure that all writes (such as t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：91 | 回复：0
CVE漏洞

CVE-2021-26932

An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：94 | 回复：0
CVE漏洞

CVE-2021-26931

An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-26930

An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, err ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-27104

Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA_9_12_380 and later.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：42 | 回复：0
CVE漏洞

CVE-2021-27103

Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA_9_12_416 and later.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-27102

Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-27101

Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is FTA_9_12_380 and later.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-27203

In Dekart Private Disk 2.15, invalid use of the Type3 user buffer for IOCTL codes using METHOD_NEITHER results in arbitrary memory dereferencing.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-20075

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for privilege escalation via configd.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-20074

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows users to escape the provided command line interface and execute arbitrary OS commands.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-20073

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for cross-site request forgeries.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-20072

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to arbitrarily access and delete files via an authenticated directory traveral.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-20071

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the sms.php dialogs.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-20070

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the virtualization.php dialogs.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-20069

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scripting attacks via the regionalSettings.php dialogs.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-20068

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scripting attacks via the error handling functionality of web pages.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-20067

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to view sensitive syslog events without authentication.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-20066

JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：24 | 回复：0
CVE漏洞

CVE-2020-29457

A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 could allow a rogue application to establish a secure connection.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：17 | 回复：0
CVE漏洞

CVE-2020-28918

DualShield 5.9.8.0821 allows username enumeration on its login form. A valid username results in prompting for the password, whereas an invalid one will produce an unknown username error message.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：38 | 回复：0
CVE漏洞

CVE-2020-11635

The Zscaler Client Connector prior to 3.1.0 did not sufficiently validate RPC clients, which allows a local adversary to execute code with system privileges or perform limited actions for which they d ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-27237

The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) via the Display Name field to backend/preferences/ajax_save.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-21317

uap-core in an open-source npm package which contains the core of BrowserScope's original user agent string parser. In uap-core before version 0.11.0, some regexes are vulnerable to regular expres ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-21316

less-openui5 is an npm package which enables building OpenUI5 themes with Less.js. In less-openui5 before version 0.10., when processing theming resources (i.e. `*.less` files) with less-openui5 that ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-23841

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-23840

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an intege ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-23839

OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rol ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：42 | 回复：0
CVE漏洞

CVE-2021-21315

The System Information Library for Node.JS (npm package systeminformation) is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation befo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-20987

A denial of service and memory corruption vulnerability was found in Hilscher EtherNet/IP Core V2 prior to V2.13.0.21that may lead to code injection through network or make devices crash without recov ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：48 | 回复：0
CVE漏洞

CVE-2021-20986

A Denial of Service vulnerability was found in Hilscher PROFINET IO Device V3 in versions prior to V3.14.0.7. This may lead to unexpected loss of cyclic communication or interruption of acyclic commun ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：9 | 回复：0
CVE漏洞

CVE-2020-35570

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. An unauthenticated attacker is able to access files (that should have been restricted) via forceful browsing.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：22 | 回复：0
CVE漏洞

CVE-2020-35569

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is a self XSS issue with a crafted cookie in the login page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：17 | 回复：0