CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2020-5075

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：87 | 回复：0
CVE-2020-5076

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：89 | 回复：0
CVE-2020-5077

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：91 | 回复：0
CVE-2020-5078

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：100 | 回复：0
CVE-2020-5079

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：96 | 回复：0
CVE-2020-36109

ASUS RT-AX86U router firmware below version under 9.0.0.4_386 has a buffer overflow in the blocking_request.cgi function of the httpd module that can cause code execution when an attacker constructs m ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：86 | 回复：0
CVE-2020-24271

A CSRF vulnerability was discovered in EasyCMS v1.6 that can add an admin account through index.php?s=/admin/rbacuser/insert/navTabId/rbacuser/callbackType/closeCurrent, then post username=***password ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：97 | 回复：0
CVE-2021-21266

openHAB is a vendor and technology agnostic open source automation software for your home. In openHAB before versions 2.5.12 and 3.0.1 the XML external entity (XXE) attack allows attackers in the same ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：104 | 回复：0
CVE-2021-21276

Polr is an open source URL shortener. in Polr before version 2.3.0, a vulnerability in the setup process allows attackers to gain admin access to site instances, even if they do not possess an existin ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：99 | 回复：0
CVE-2021-21277

angular-expressions is angular's nicest part extracted as a standalone module for the browser and node. In angular-expressions before version 1.1.2 there is a vulnerability which allows Remote Cod ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：83 | 回复：0
CVE-2021-23330

All versions of package launchpad are vulnerable to Command Injection via stop.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：103 | 回复：0
CVE-2020-13562

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a craft ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：104 | 回复：0
CVE-2020-13563

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a craft ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：84 | 回复：0
CVE-2020-13564

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a craft ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：112 | 回复：0
CVE-2020-25594

HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. Fixed in 1.6.2 1.5.7.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：90 | 回复：0
CVE-2020-28426

All versions of package kill-process-on-port are vulnerable to Command Injection via a.getProcessPortId.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：84 | 回复：0
CVE-2021-21286

AVideo Platform is an open-source Audio and Video platform. It is similar to a self-hosted YouTube. In AVideo Platform before version 10.2 there is an authorization bypass vulnerability which enables ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：98 | 回复：0
CVE-2021-3024

HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. Fixed in 1.6.2 1.5.7.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：107 | 回复：0
CVE-2021-3282

HashiCorp Vault Enterprise 1.6.0 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：111 | 回复：0
CVE-2021-3283

HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same node. Fixed in 0.12.10, and 1.0.3.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：109 | 回复：0
CVE-2020-20287

Unrestricted file upload vulnerability in the yccms 3.3 project. The xhUp function's improper judgment of the request parameters, triggers remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：99 | 回复：0
CVE-2020-20289

Sql injection vulnerability in the yccms 3.3 project. The no_top function's improper judgment of the request parameters, triggers a sql injection vulnerability.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：103 | 回复：0
CVE-2020-20290

Directory traversal vulnerability in the yccms 3.3 project. The delete, deletesite, and deleteAll functions' improper judgment of the request parameters, triggers a directory traversal vulnerabili ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：118 | 回复：0
CVE-2020-20294

An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：89 | 回复：0
CVE-2020-20295

An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：98 | 回复：0
CVE-2020-20296

An issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL commands.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：100 | 回复：0
CVE-2020-21176

SQL injection vulnerability in the model.increment and model.decrement function in ThinkJS 3.2.10 allows remote attackers to execute arbitrary SQL commands via the step parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：89 | 回复：0
CVE-2020-21179

Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signin page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：97 | 回复：0
CVE-2020-21180

Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signup page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：84 | 回复：0
CVE-2021-21287

MinIO is a High Performance Object Storage released under Apache License v2.0. In MinIO before version RELEASE.2021-01-30T00-20-58Z there is a server-side request forgery vulnerability. The target app ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：89 | 回复：0
CVE-2020-28493

This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re regex` operator and its use of multiple wildcards. The last wildcard is the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：99 | 回复：0
CVE-2019-20468

An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It has unnecessary permissions such as READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE, and READ_CONTACTS.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：100 | 回复：0
CVE-2019-20470

An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs actions based on certain SMS commands. This can be used to set up a voice communication channel from the wa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：89 | 回复：0
CVE-2019-20471

An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. When using the device at initial setup, a default password is used (123456) for administrative purposes. There is no pr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：98 | 回复：0
CVE-2019-20473

An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. Any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device simply produces a Re ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：87 | 回复：0
CVE-2021-3340

A cross-site scripting (XSS) vulnerability in many forms of Wikindx before 5.7.0 and 6.x through 6.4.0 allows remote attackers to inject arbitrary web script or HTML via the message parameter to index ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：84 | 回复：0
CVE-2021-3378

FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a Content-Type: image/png header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：86 | 回复：0
CVE-2020-14192

Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product's SEN via an Information Disclosure vulnerability in the x-asen response header from Atlassian Analytic ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：86 | 回复：0
CVE-2020-36231

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References (IDOR) vulnerab ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：85 | 回复：0
CVE-2020-25037

UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with admin user privileges via an escape from a restricted command.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：95 | 回复：0