CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-21963

An information disclosure vulnerability exists in the Web Server functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted man-in-the-middle attack can lead to a disclosure ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：156 | 回复：0
CVE-2021-21964

A denial of service vulnerability exists in the Modbus configuration functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. Specially-crafted network packets can lead to denial of service. A ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：159 | 回复：0
CVE-2021-21965

A denial of service vulnerability exists in the SeaMax remote configuration functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. Specially-crafted network packets can lead to denial of ser ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：152 | 回复：0
CVE-2021-21968

A file write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to arbitrary file overwrite. An atta ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：157 | 回复：0
CVE-2021-21969

An out-of-bounds write vulnerability exists in the HandleSeaCloudMessage functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. The HandleIncomingSeaCloudMessage function uses at the json_o ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：178 | 回复：0
CVE-2021-21970

An out-of-bounds write vulnerability exists in the HandleSeaCloudMessage functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. The HandleIncomingSeaCloudMessage function uses at the json_o ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：158 | 回复：0
CVE-2021-21971

An out-of-bounds write vulnerability exists in the URL_decode functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to an out-of-bounds write. An a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：142 | 回复：0
CVE-2021-22284

Incorrect Permission Assignment for Critical Resource vulnerability in OPC Server for AC 800M allows an attacker to execute arbitrary code in the node running the AC800M OPC Server.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：166 | 回复：0
CVE-2021-22285

Improper Handling of Exceptional Conditions, Improper Check for Unusual or Exceptional Conditions vulnerability in the ABB SPIET800 and PNI800 module that allows an attacker to cause the denial of ser ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：160 | 回复：0
CVE-2021-22286

Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 module allows an attacker to cause the denial of service or make the module unresponsive.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：158 | 回复：0
CVE-2021-22288

Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 module allows an attacker to cause the denial of service or make the module unresponsive.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：165 | 回复：0
CVE-2021-28503

The impact of this vulnerability is that Arista's EOS eAPI may skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：162 | 回复：0
CVE-2021-29218

A local unquoted search path security vulnerability has been identified in HPE Agentless Management Service for Windows version(s): Prior to 1.44.0.0, 10.96.0.0. This vulnerability could be exploited ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：169 | 回复：0
CVE-2021-29219

A potential local buffer overflow vulnerability has been identified in HPE FlexNetwork 5130 EL Switch Series version: Prior to 5130_EI_7.10.R3507P02. HPE has made the following software update to reso ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：165 | 回复：0
CVE-2021-32036

An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：207 | 回复：0
CVE-2021-32732

### Impact It's possible to know if a user has or not an account in a wiki related to an email address, and which username(s) is actually tied to that email by forging a request to the Forgot user ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：164 | 回复：0
CVE-2021-36151

In Apache Gobblin, the Hadoop token is written to a temp file that is visible to all local users on Unix-like systems. This affects versions = 0.15.0. Users should update to version 0.16.0 which addre ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：154 | 回复：0
CVE-2021-36152

Apache Gobblin trusts all certificates used for LDAP connections in Gobblin-as-a-Service. This affects versions = 0.15.0. Users should update to version 0.16.0 which addresses this issue.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：160 | 回复：0
CVE-2021-38130

A potential Information leakage vulnerability has been identified in versions of Micro Focus Voltage SecureMail Mail Relay prior to 7.3.0.1. The vulnerability could be exploited to create an informati ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：160 | 回复：0
CVE-2021-38960

IBM OPENBMC OP920, OP930, and OP940 could allow an unauthenticated user to obtain sensitive information. IBM X-Force ID: 212047.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：170 | 回复：0
CVE-2021-40401

A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. A specially-crafted gerber file can ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：184 | 回复：0
CVE-2021-40403

An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. A specially-crafted pick-and-place ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：206 | 回复：0
CVE-2021-40420

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. A specially-crafted PDF document can trigger the reuse of previously freed memory, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：207 | 回复：0
CVE-2021-43841

XWiki is a generic wiki platform offering runtime services for applications built on top of it. When using default XWiki configuration, it's possible for an attacker to upload an SVG containing a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：179 | 回复：0
CVE-2021-44204

Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) bef ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：173 | 回复：0
CVE-2021-44205

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) be ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：174 | 回复：0
CVE-2021-44206

Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：163 | 回复：0
CVE-2021-44779

Unauthenticated SQL Injection (SQLi) vulnerability discovered in AutoResponder WordPress plugin (versions = 2.3), vulnerable at (listid). No patched version available, plugin closed.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：187 | 回复：0
CVE-2021-4043

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：182 | 回复：0
CVE-2021-4154

A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalatio ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：176 | 回复：0
CVE-2022-0218

The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesetti ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：417 | 回复：0
CVE-2022-0227

Business Logic Errors in GitHub repository silverstripe/silverstripe-framework prior to 4.10.1.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：166 | 回复：0
CVE-2022-0264

A vulnerability was found in the Linux kernel's eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permission ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：165 | 回复：0
CVE-2022-0317

An improper input validation vulnerability in go-attestation before 0.3.3 allows local users to provide a maliciously-formed Quote over no/some PCRs, causing AKPublic.Verify to succeed despite the inc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：171 | 回复：0
CVE-2022-0365

The affected product is vulnerable to an authenticated OS command injection, which may allow an attacker to inject and execute arbitrary shell commands as the Admin (root) user.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：170 | 回复：0
CVE-2022-0380

The Fotobook WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient escaping and the use of $_SERVER found in the ~/options-fotobook.php file which allows attackers to in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：151 | 回复：0
CVE-2022-0381

The Embed Swagger WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient escaping/sanitization and validation via the url parameter found in the ~/swagger-iframe.php file ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：163 | 回复：0
CVE-2022-0472

Unrestricted Upload of File with Dangerous Type in Packagist jsdecena/laracom prior to v2.0.9.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：152 | 回复：0
CVE-2022-0481

NULL Pointer Dereference in Homebrew mruby prior to 3.2.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：169 | 回复：0
CVE-2022-0484

Lack of validation of URLs causes Mirantis Container Cloud Lens Extension before v3.1.1 to open external programs other than the default browser to perform sign on to a new cluster. An attacker could ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:41 | 阅读：151 | 回复：0