CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-46320

In OpenZeppelin =v4.4.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view e ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：166 | 回复：0
CVE-2022-23316

An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=filectrl=downloadpath=../../1.txt.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：161 | 回复：0
CVE-2021-44983

In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download vulnerability at the File Management column.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：168 | 回复：0
CVE-2021-43145

With certain LDAP configurations, Zammad 5.0.1 was found to be vulnerable to unauthorized access with existing user accounts.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：165 | 回复：0
CVE-2021-44886

In Zammad 5.0.2, agents can configure out of office periods and substitute persons. If the substitute persons didn't have the same permissions as the original agent, they could receive ticket noti ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：172 | 回复：0
CVE-2021-44977

In iCMS =8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：168 | 回复：0
CVE-2021-44978

iCMS = 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：156 | 回复：0
CVE-2021-46398

A Cross-Site Request Forgery (CSRF) vulnerability exists in Filebrowser 2.18.0 that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HT ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：183 | 回复：0
CVE-2022-24259

An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows unauthenticated attackers to escalate privileges via a crafted request.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：155 | 回复：0
CVE-2022-24260

A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：160 | 回复：0
CVE-2022-24262

The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the w ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：165 | 回复：0
CVE-2021-43635

A Cross Site Scripting (XSS) vulnerability exists in Codex before 1.4.0 via Notebook/Page name field, which allows malicious users to execute arbitrary code via a crafted http code in a .json file.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：176 | 回复：0
CVE-2021-29393

Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to inject and execute arbitrary system commands ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：190 | 回复：0
CVE-2021-29394

Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote authenticated users to change the password of any targeted user accou ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：179 | 回复：0
CVE-2021-29395

Directory travesal in /northstar/filemanager/download.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to download arbitrary files, including JSP sou ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：158 | 回复：0
CVE-2021-29396

Systemic Insecure Permissions in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to use various functionalities without authentication.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：170 | 回复：0
CVE-2021-29397

Cleartext Transmission of Sensitive Information in /northstar/Admin/login.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote local user to intercept users credentials transm ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：175 | 回复：0
CVE-2021-29398

Directory traversal in /northstar/Common/NorthFileManager/fileManagerObjects.jsp Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to browse and list the dir ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：171 | 回复：0
CVE-2021-45429

A Buffer Overflow vulnerablity exists in VirusTotal YARA git commit: 605b2edf07ed8eb9a2c61ba22eb2e7c362f47ba7 via yr_set_configuration in yara/libyara/libyara.c, which could cause a Denial of Service.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：194 | 回复：0
CVE-2022-24249

A Null Pointer Dereference vulnerability exists in GPAC 1.1.0 via the xtra_box_write function in /box_code_base.c, which causes a Denial of Service. This vulnerability was fixed in commit 71f9871.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：151 | 回复：0
CVE-2021-23470

This affects the package putil-merge before 3.8.0. The merge() function does not check the values passed into the argument. An attacker can supply a malicious value by adjusting the value to include t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：154 | 回复：0
CVE-2021-23497

This affects the package @strikeentco/set before 1.0.2. It allows an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an incomplet ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：150 | 回复：0
CVE-2021-23507

The package object-path-set before 1.0.2 are vulnerable to Prototype Pollution via the setPath method, as it allows an attacker to merge object prototypes into it. *Note:* This vulnerability derives f ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：156 | 回复：0
CVE-2021-45408

Open Redirect vulnerability exists in SeedDMS 6.0.15 in out.Login.php, which llows remote malicious users to redirect users to malicious sites using the referuri parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：172 | 回复：0
CVE-2022-24129

The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter. This allows attackers to intera ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：177 | 回复：0
CVE-2022-24448

An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. I ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：178 | 回复：0
CVE-2021-46671

options.c in atftp before 0.7.5 reads past the end of an array, and consequently discloses server-side /etc/group data to a remote client.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：169 | 回复：0
CVE-2022-24348

Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover cre ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：147 | 回复：0
CVE-2022-23329

A vulnerability in ${freemarker.template.utility.Execute?new() of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading malicious files.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：177 | 回复：0
CVE-2022-23330

A remote code execution (RCE) vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitrary code via a crafted JAR package.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：169 | 回复：0
CVE-2013-20003

Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) may use a known, shared network key of all zeros, allowing an attacker within radio range to spoof Z-Wave traffic.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：177 | 回复：0
CVE-2018-25029

The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure protocols, allowing an attacker within radio range during pairing to downgrade and then exploit a differ ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：155 | 回复：0
CVE-2020-12891

AMD Radeon Software may be vulnerable to DLL Hijacking through path variable. An unprivileged user may be able to drop its malicious DLL file in any location which is in path environment variable.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：150 | 回复：0
CVE-2020-12965

When combined with specific software sequences, AMD CPUs may transiently execute non-canonical loads and store using only the lower 48 address bits potentially resulting in data leakage.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：166 | 回复：0
CVE-2020-12966

AMD EPYC™ Processors contain an information disclosure vulnerability in the Secure Encrypted Virtualization with Encrypted State (SEV-ES) and Secure Encrypted Virtualization with Secure Nested Paging ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：162 | 回复：0
CVE-2020-7534

A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：183 | 回复：0
CVE-2021-21959

A misconfiguration exists in the MQTTS functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. This misconfiguration significantly simplifies a man-in-the-middle attack, which directly leads ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：170 | 回复：0
CVE-2021-21960

A stack-based buffer overflow vulnerability exists in both the LLMNR functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted network packet can lead to remote code executi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：175 | 回复：0
CVE-2021-21961

A stack-based buffer overflow vulnerability exists in the NBNS functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted network packet can lead to remote code execution. An ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：172 | 回复：0
CVE-2021-21962

A heap-based buffer overflow vulnerability exists in the OTA Update u-download functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A series of specially-crafted MQTT payloads can lead to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：173 | 回复：0