2b45 / vuln-list

0 stars 0 forks source link

【2021-12-31 10:36:16.100495】抓取 1 天内的NVD数据 #5

Open actanble opened 2 years ago

actanble commented 2 years ago
CVE 描述 更新时间
CVE-2021-4181 Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file 2021-12-30 22:15:10+00:00
CVE-2021-4182 Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file 2021-12-30 22:15:10+00:00
CVE-2021-4183 Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file 2021-12-30 22:15:10+00:00
CVE-2021-4184 Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file 2021-12-30 22:15:10+00:00
CVE-2021-4185 Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file 2021-12-30 22:15:10+00:00
CVE-2021-4186 Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file 2021-12-30 22:15:10+00:00
CVE-2021-4190 Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service via packet injection or crafted capture file 2021-12-30 22:15:10+00:00
CVE-2021-45077 Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device. 2021-12-30 22:15:10+00:00
CVE-2021-45732 Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded credential. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted/obfuscated. By extracting the configuration using readily available public tools, a user can reconfigure settings not intended to be manipulated, repackage the configuration, and restore a backup causing these settings to be changed. 2021-12-30 22:15:10+00:00
CVE-2021-20159 Trendnet AC2600 TEW-827DRU version 2.08B01 is vulnerable to command injection. The system log functionality of the firmware allows for command injection as root by supplying a malformed parameter. 2021-12-30 22:15:09+00:00
CVE-2021-20160 Trendnet AC2600 TEW-827DRU version 2.08B01 contains a command injection vulnerability in the smb functionality of the device. The username parameter used when configuring smb functionality for the device is vulnerable to command injection as root. 2021-12-30 22:15:09+00:00
CVE-2021-20161 Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient protections for the UART functionality. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection. No username or password is required and the user is given a root shell with full control of the device. 2021-12-30 22:15:09+00:00
CVE-2021-20162 Trendnet AC2600 TEW-827DRU version 2.08B01 stores credentials in plaintext. Usernames and passwords are stored in plaintext in the config files on the device. For example, /etc/config/cameo contains the admin password in plaintext. 2021-12-30 22:15:09+00:00
CVE-2021-20163 Trendnet AC2600 TEW-827DRU version 2.08B01 leaks information via the ftp web page. Usernames and passwords for all ftp users are revealed in plaintext on the ftpserver.asp page. 2021-12-30 22:15:09+00:00
CVE-2021-20164 Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses credentials for the smb functionality of the device. Usernames and passwords for all smb users are revealed in plaintext on the smbserver.asp page. 2021-12-30 22:15:09+00:00
CVE-2021-20165 Trendnet AC2600 TEW-827DRU version 2.08B01 does not properly implement csrf protections. Most pages lack proper usage of CSRF protections or mitigations. Additionally, pages that do make use of CSRF tokens are trivially bypassable as the server does not appear to validate them properly (i.e. re-using an old token or finding the token thru some other method is possible). 2021-12-30 22:15:09+00:00
CVE-2021-20166 Netgear RAX43 version 1.0.3.96 contains a buffer overrun vulnerability. The URL parsing functionality in the cgi-bin endpoint of the router containers a buffer overrun issue that can redirection control flow of the applicaiton. 2021-12-30 22:15:09+00:00
CVE-2021-20167 Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter. 2021-12-30 22:15:09+00:00
CVE-2021-20168 Netgear RAX43 version 1.0.3.96 does not have sufficient protections to the UART interface. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection, login with default credentials, and execute commands as the root user. These default credentials are admin:admin. 2021-12-30 22:15:09+00:00
CVE-2021-20169 Netgear RAX43 version 1.0.3.96 does not utilize secure communications to the web interface. By default, all communication to/from the device is sent via HTTP, which causes potentially sensitive information (such as usernames and passwords) to be transmitted in cleartext. 2021-12-30 22:15:09+00:00
CVE-2021-20170 Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted. This encryption is accomplished via a password-protected zip file with a hardcoded password (RAX50w!a4udk). By unzipping the configuration using this password, a user can reconfigure settings not intended to be manipulated, re-zip the configuration, and restore a backup causing these settings to be changed. 2021-12-30 22:15:09+00:00
CVE-2021-20171 Netgear RAX43 version 1.0.3.96 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device. 2021-12-30 22:15:09+00:00
CVE-2021-20172 All known versions of the Netgear Genie Installer for macOS contain a local privilege escalation vulnerability. The installer of the macOS version of Netgear Genie handles certain files in an insecure way. A malicious actor who has local access to the endpoint on which the software is going to be installed may overwrite certain files to obtain privilege escalation to root. 2021-12-30 22:15:09+00:00
CVE-2021-20173 Netgear Nighthawk R6700 version 1.0.4.120 contains a command injection vulnerability in update functionality of the device. By triggering a system update check via the SOAP interface, the device is susceptible to command injection via preconfigured values. 2021-12-30 22:15:09+00:00
CVE-2021-20174 Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the web interface. By default, all communication to/from the device's web interface is sent via HTTP, which causes potentially sensitive information (such as usernames and passwords) to be transmitted in cleartext. 2021-12-30 22:15:09+00:00
CVE-2021-20175 Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the SOAP interface. By default, all communication to/from the device's SOAP Interface (port 5000) is sent via HTTP, which causes potentially sensitive information (such as usernames and passwords) to be transmitted in cleartext 2021-12-30 22:15:09+00:00
CVE-2021-23147 Netgear Nighthawk R6700 version 1.0.4.120 does not have sufficient protections for the UART console. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection and execute commands as the root user without authentication. 2021-12-30 22:15:09+00:00
CVE-2021-44466 Bitmask Riseup VPN 0.21.6 contains a local privilege escalation flaw due to improper access controls. When the software is installed with a non-default installation directory off of the system root, the installer fails to properly set ACLs. This allows lower privileged users to replace the VPN executable with a malicious one. When a higher privileged user such as an Administrator launches that executable, it is possible for the lower privileged user to escalate to Administrator privileges. 2021-12-30 22:15:09+00:00
CVE-2021-20133 Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set the "message of the day" banner to any file on the system, allowing them to read all or some of the contents of those files. Such sensitive information as hashed credentials, hardcoded plaintext passwords for other services, configuration files, and private keys can be disclosed in this fashion. Improper handling of filenames that identify virtual resources, such as "/dev/urandom" allows an attacker to effect a denial of service attack against the command line interfaces of the Quagga services (zebra and ripd). 2021-12-30 22:15:08+00:00
CVE-2021-20134 Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set an arbitrary file on the router's filesystem as the log file used by either Quagga service (zebra or ripd). Subsequent log messages will be appended to the file, prefixed by a timestamp and some logging metadata. Remote code execution can be achieved by using this vulnerability to append to a shell script on the router's filesystem, and then awaiting or triggering the execution of that script. A remote, unauthenticated root shell can easily be obtained on the device in this fashion. 2021-12-30 22:15:08+00:00
CVE-2021-20149 Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN interface. The default iptables ruleset for governing access to services on the device only apply to IPv4. All services running on the devices are accessible via the WAN interface via IPv6 by default. 2021-12-30 22:15:08+00:00
CVE-2021-20150 Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. Authentication can be bypassed and a user may view information as Admin by manually browsing to the setup wizard and forcing it to redirect to the desired page. 2021-12-30 22:15:08+00:00
CVE-2021-20151 Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the session management for the device. The router's management software manages web sessions based on IP address rather than verifying client cookies/session tokens/etc. This allows an attacker (whether from a different computer, different web browser on the same machine, etc.) to take over an existing session. This does require the attacker to be able to spoof or take over original IP address of the original user's session. 2021-12-30 22:15:08+00:00
CVE-2021-20152 Trendnet AC2600 TEW-827DRU version 2.08B01 lacks proper authentication to the bittorrent functionality. If enabled, anyone is able to visit and modify settings and files via the Bittorent web client by visiting: http://192.168.10.1:9091/transmission/web/ 2021-12-30 22:15:08+00:00
CVE-2021-20153 Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerability in the bittorrent functionality. If enabled, the bittorrent functionality is vulnerable to a symlink attack that could lead to remote code execution on the device. If an end user inserts a flash drive with a malicious symlink on it that the bittorrent client can write downloads to, then a user is able to download arbitrary files to any desired location on the devices filesystem, which could lead to remote code execution. Example directories vulnerable to this include "config", "downloads", and "torrents", though it should be noted that "downloads" is the only vector that allows for arbitrary files to be downloaded to arbitrary locations. 2021-12-30 22:15:08+00:00
CVE-2021-20154 Trendnet AC2600 TEW-827DRU version 2.08B01 contains an security flaw in the web interface. HTTPS is not enabled on the device by default. This results in cleartext transmission of sensitive information such as passwords. 2021-12-30 22:15:08+00:00
CVE-2021-20155 Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of hardcoded credentials. It is possible to backup and restore device configurations via the management web interface. These devices are encrypted using a hardcoded password of "12345678". 2021-12-30 22:15:08+00:00
CVE-2021-20156 Trendnet AC2600 TEW-827DRU version 2.08B01 contains an improper access control configuration that could allow for a malicious firmware update. It is possible to manually install firmware that may be malicious in nature as there does not appear to be any signature validation done to determine if it is from a known and trusted source. This includes firmware updates that are done via the automated "check for updates" in the admin interface. If an attacker is able to masquerade as the update server, the device will not verify that the firmware updates downloaded are legitimate. 2021-12-30 22:15:08+00:00
CVE-2021-20157 It is possible for an unauthenticated, malicious user to force the device to reboot due to a hidden administrative command. 2021-12-30 22:15:08+00:00
CVE-2021-20158 Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is possible for an unauthenticated, malicous actor to force the change of the admin password due to a hidden administrative command. 2021-12-30 22:15:08+00:00
CVE-2021-20132 Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 use default hard-coded credentials, which can allow a remote attacker to gain administrative access to the zebra or ripd those services. Both are running with root privileges on the router (i.e., as the "admin" user, UID 0). 2021-12-30 22:15:07+00:00
CVE-2021-45379 Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect access control vulnerability. One user can attempt to log in as another user without its password. 2021-12-30 18:15:07+00:00
CVE-2020-29292 iBall WRD12EN 1.0.0 devices allow cross-site request forgery (CSRF) attacks as demonstrated by enabling DNS settings or modifying the range for IP addresses. 2021-12-30 17:15:12+00:00
CVE-2021-38876 IBM i 7.2, 7.3, and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208404. 2021-12-30 17:15:12+00:00
CVE-2021-43862 jQuery Terminal Emulator is a plugin for creating command line interpreters in your applications. Versions prior to 2.31.1 contain a low impact and limited cross-site scripting (XSS) vulnerability. The code for XSS payload is always visible, but an attacker can use other techniques to hide the code the victim sees. If the application uses the execHash option and executes code from URL, the attacker can use this URL to execute their code. The scope is limited because the javascript attribute used is added to span tag, so no automatic execution like with onerror on images is possible. This issue is fixed in version 2.31.1. As a workaround, the user can use formatting that wrap whole user input and its no op. The code for this workaround is available in the GitHub Security Advisory. The fix will only work when user of the library is not using different formatters (e.g. to highlight code in different way). 2021-12-30 15:15:07+00:00
CVE-2021-43861 Mermaid is a Javascript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Prior to version 8.13.8, malicious diagrams can run javascript code at diagram readers' machines. Users should upgrade to version 8.13.8 to receive a patch. There are no known workarounds aside from upgrading. 2021-12-30 14:15:07+00:00
CVE-2021-45815 Quectel UC20 UMTS/HSPA+ UC20 6.3.14 is affected by a Cross Site Scripting (XSS) vulnerability. 2021-12-30 13:15:07+00:00
CVE-2021-45818 SAFARI Montage 8.7.32 is affected by a CRLF injection vulnerability which can lead to can lead to HTTP response splitting. 2021-12-30 13:15:07+00:00
CVE-2021-45427 Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal. An attacker can browse and delete files without any authentication due to incorrect access control and directory traversal. 2021-12-30 12:15:07+00:00