CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2020-25035

UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with root privileges using chroothole_client's PHP call, a related issue to CVE-2017-11322.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：107 | 回复：0
CVE-2020-25036

UCOPIA Wi-Fi appliances 6.0.5 allow authenticated remote attackers to escape the restricted administration shell CLI, and access a shell with admin user rights, via an unprotected less command.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：114 | 回复：0
CVE-2020-1896

A stack overflow vulnerability in Facebook Hermes 'builtin apply' prior to commit 86543ac47e59c522976b5632b8bf9a2a4583c7d2 (https://github.com/facebook/hermes/commit/86543ac47e59c522976b5632b8 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：99 | 回复：0
CVE-2020-24335

An issue was discovered in uIP through 1.0, as used in Contiki and Contiki-NG. Domain name parsing lacks bounds checks, allowing an attacker to corrupt memory with crafted DNS packets.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：80 | 回复：0
CVE-2021-20207

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs:CVE-2021-3348. Reason: This candidate is a reservation duplicate of CVE-2021-3348. Notes: All CVE users should reference CVE-2021-3348 instead ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：81 | 回复：0
CVE-2021-3281

In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by startapp --template and startproject --template) allows directory traversal via a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：97 | 回复：0
CVE-2020-28494

This affects the package total.js before 3.4.7. The issue occurs in the image.pipe and image.stream functions. The type parameter is used to build the command that is then executed using child_process ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：86 | 回复：0
CVE-2020-28495

This affects the package total.js before 3.4.7. The set function can be used to set a value into the object according to the path. However the keys of the path being set are not properly sanitized, le ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：106 | 回复：0
CVE-2020-8101

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in HTTP interface of ADT LifeShield DIY HD Video Doorbell allows an attacker on the same netwo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：80 | 回复：0
CVE-2020-25506

D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：119 | 回复：0
CVE-2020-18568

The D-Link DSR-250 (3.14) DSR-1000N (2.11B201) UPnP service contains a command injection vulnerability, which can cause remote command execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：111 | 回复：0
CVE-2020-4934

IBM Content Navigator 3.0.CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arb ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：90 | 回复：0
CVE-2021-25310

** UNSUPPORTED WHEN ASSIGNED ** The administration web interface on Belkin Linksys WRT160NL 1.0.04.002_US_20130619 devices allows remote authenticated attackers to execute system commands with root pr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：100 | 回复：0
CVE-2019-25017

An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to the rcp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：88 | 回复：0
CVE-2019-25018

In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of . or an empty filename, similar to CVE-2018-20685 and CVE-2019-7282. T ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：97 | 回复：0
CVE-2020-15097

loklak is an open-source server application which is able to collect messages from various sources, including twitter. The server contains a search index and a peer-to-peer index sharing interface. Al ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：113 | 回复：0
CVE-2021-21284

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using --userns-r ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：103 | 回复：0
CVE-2021-21285

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：102 | 回复：0
CVE-2020-28498

The package elliptic before 6.5.4 are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm that the public key point passed into the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：100 | 回复：0
CVE-2020-7775

This affects all versions of package freediskspace. The vulnerability arises out of improper neutralization of arguments in line 71 of freediskspace.js.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：104 | 回复：0
CVE-2021-20199

Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：93 | 回复：0
CVE-2021-21289

Mechanize is an open-source ruby library that makes automated web interaction easy. In Mechanize from version 2.0.0 and before version 2.7.7 there is a command injection vulnerability. Affected versio ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：109 | 回复：0
CVE-2021-21291

OAuth2 Proxy is an open-source reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group. In OAuth2 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：101 | 回复：0
CVE-2021-23271

The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Stored Cross Sit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：93 | 回复：0
CVE-2021-25912

Prototype pollution vulnerability in 'dotty' versions 0.0.1 through 0.1.0 allows attackers to cause a denial of service and may lead to remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：55 | 回复：0
CVE-2020-14221

HCL Digital Experience 8.5, 9.0, and 9.5 exposes information about the server to unauthorized users.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：47 | 回复：0
CVE-2020-14255

HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized parties via crafted requests. These affect containers only. These do not affect tradition ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：62 | 回复：0
CVE-2020-1910

A missing bounds check in WhatsApp for Android prior to v2.21.1.13 and WhatsApp Business for Android prior to v2.21.1.13 could have allowed out-of-bounds read and write if a user applied specific imag ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：48 | 回复：0
CVE-2021-21292

Traccar is an open source GPS tracking system. In Traccar before version 4.12 there is an unquoted Windows binary path vulnerability. Only Windows versions are impacted. Attacker needs write access to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：60 | 回复：0
CVE-2020-29662

In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog’s registry API is exposed on an unauthenticated path.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：60 | 回复：0
CVE-2020-4081

In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is vulnerable to cross-site scripting (XSS).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：37 | 回复：0
CVE-2020-8734

Improper input validation in the firmware for Intel(R) Server Board M10JNP2SB before version 7.210 may allow a privileged user to potentially enable escalation of privilege via local access.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：53 | 回复：0
CVE-2021-3395

A cross-site scripting (XSS) vulnerability in Pryaniki 6.44.3 allows remote authenticated users to upload an arbitrary file. The JavaScript code will execute when someone visits the attachment.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：56 | 回复：0
CVE-2020-24490

Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：60 | 回复：0
CVE-2020-8672

Out of bound read in BIOS firmware for 8th, 9th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 Series Processors may allow an unauthenticated user to potentially enable elevation of ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：44 | 回复：0
CVE-2021-21293

blaze is a Scala library for building asynchronous pipelines, with a focus on network IO. All servers running blaze-core before version 0.14.15 are affected by a vulnerability in which unbounded conne ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：47 | 回复：0
CVE-2021-21294

Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface for HTTP services. Http4s before versions 0.21.17, 0.22.0-M2, and 1.0.0-M14 have a vulnerability which can lead to a denial-of-serv ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：50 | 回复：0
CVE-2021-21043

ACS Commons version 4.9.2 (and earlier) suffers from a Reflected Cross-site Scripting (XSS) vulnerability in version-compare and page-compare due to invalid JCR characters that are not handled correct ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：73 | 回复：0
CVE-2020-35152

Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：54 | 回复：0
CVE-2021-0352

In RT regmap driver, there is a possible memory corruption due to type confusion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：65 | 回复：0