• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

CVE漏洞

RSS
  • CVE-2021-44901
    CVE-2021-44901
    Micro-Star International (MSI) Dragon Center = 2.0.116.0 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X6 ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:8 | 回复:0
  • CVE-2021-44903
    CVE-2021-44903
    Micro-Star International (MSI) Center Pro = 2.0.16.0 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sy ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:11 | 回复:0
  • CVE-2021-46320
    CVE-2021-46320
    In OpenZeppelin =v4.4.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view e ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:16 | 回复:0
  • CVE-2022-23316
    CVE-2022-23316
    An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=filectrl=downloadpath=../../1.txt.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:18 | 回复:0
  • CVE-2021-44983
    CVE-2021-44983
    In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download vulnerability at the File Management column.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:19 | 回复:0
  • CVE-2021-43145
    CVE-2021-43145
    With certain LDAP configurations, Zammad 5.0.1 was found to be vulnerable to unauthorized access with existing user accounts.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:17 | 回复:0
  • CVE-2021-44886
    CVE-2021-44886
    In Zammad 5.0.2, agents can configure out of office periods and substitute persons. If the substitute persons didn't have the same permissions as the original agent, they could receive ticket noti ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:24 | 回复:0
  • CVE-2021-44977
    CVE-2021-44977
    In iCMS =8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:31 | 回复:0
  • CVE-2021-44978
    CVE-2021-44978
    iCMS = 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:34 | 回复:0
  • CVE-2021-46398
    CVE-2021-46398
    A Cross-Site Request Forgery vulnerability exists in Filebrowser 2.18.0 that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webp ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:185 | 回复:0
  • CVE-2022-24259
    CVE-2022-24259
    An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows unauthenticated attackers to escalate privileges via a crafted request.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:35 | 回复:0
  • CVE-2022-24260
    CVE-2022-24260
    A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:44 | 回复:0
  • CVE-2022-24262
    CVE-2022-24262
    The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the w ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:44 | 回复:0
  • CVE-2021-43635
    CVE-2021-43635
    A Cross Site Scripting (XSS) vulnerability exists in Codex before 1.4.0 via Notebook/Page name field, which allows malicious users to execute arbitrary code via a crafted http code in a .json file.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:44 | 回复:0
  • CVE-2021-29393
    CVE-2021-29393
    Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to inject and execute arbitrary system commands ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:49 | 回复:0
  • CVE-2021-29394
    CVE-2021-29394
    Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote authenticated users to change the password of any targeted user accou ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:76 | 回复:0
  • CVE-2021-29395
    CVE-2021-29395
    Directory travesal in /northstar/filemanager/download.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to download arbitrary files, including JSP sou ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:226 | 回复:0
  • CVE-2021-29396
    CVE-2021-29396
    Systemic Insecure Permissions in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to use various functionalities without authentication.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:109 | 回复:0
  • CVE-2021-29397
    CVE-2021-29397
    Cleartext Transmission of Sensitive Information in /northstar/Admin/login.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote local user to intercept users credentials transm ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:82 | 回复:0
  • CVE-2021-29398
    CVE-2021-29398
    Directory traversal in /northstar/Common/NorthFileManager/fileManagerObjects.jsp Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to browse and list the dir ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:65 | 回复:0
  • CVE-2021-45429
    CVE-2021-45429
    A Buffer Overflow vulnerablity exists in VirusTotal YARA git commit: 605b2edf07ed8eb9a2c61ba22eb2e7c362f47ba7 via yr_set_configuration in yara/libyara/libyara.c, which could cause a Denial of Service.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:69 | 回复:0
  • CVE-2022-24249
    CVE-2022-24249
    A Null Pointer Dereference vulnerability exists in GPAC 1.1.0 via the xtra_box_write function in /box_code_base.c, which causes a Denial of Service. This vulnerability was fixed in commit 71f9871.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:56 | 回复:0
  • CVE-2021-23470
    CVE-2021-23470
    This affects the package putil-merge before 3.8.0. The merge() function does not check the values passed into the argument. An attacker can supply a malicious value by adjusting the value to include t ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:46 | 回复:0
  • CVE-2021-23497
    CVE-2021-23497
    This affects the package @strikeentco/set before 1.0.2. It allows an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an incomplet ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:34 | 回复:0
  • CVE-2021-23507
    CVE-2021-23507
    The package object-path-set before 1.0.2 are vulnerable to Prototype Pollution via the setPath method, as it allows an attacker to merge object prototypes into it. *Note:* This vulnerability derives f ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:37 | 回复:0
  • CVE-2021-45408
    CVE-2021-45408
    Open Redirect vulnerability exists in SeedDMS 6.0.15 in out.Login.php, which llows remote malicious users to redirect users to malicious sites using the referuri parameter.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:36 | 回复:0
  • CVE-2022-24129
    CVE-2022-24129
    The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter. This allows attackers to intera ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:35 | 回复:0
  • CVE-2022-24448
    CVE-2022-24448
    An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. I ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:31 | 回复:0
  • CVE-2021-46671
    CVE-2021-46671
    options.c in atftp before 0.7.5 reads past the end of an array, and consequently discloses server-side /etc/group data to a remote client.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:34 | 回复:0
  • CVE-2022-24348
    CVE-2022-24348
    Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover cre ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:34 | 回复:0
  • CVE-2022-23329
    CVE-2022-23329
    A vulnerability in ${freemarker.template.utility.Execute?new() of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading malicious files.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:44 | 回复:0
  • CVE-2022-23330
    CVE-2022-23330
    A remote code execution (RCE) vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitrary code via a crafted JAR package.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:42 | 回复:0
  • CVE-2013-20003
    CVE-2013-20003
    Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) may use a known, shared network key of all zeros, allowing an attacker within radio range to spoof Z-Wave traffic.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:119 | 回复:0
  • CVE-2018-25029
    CVE-2018-25029
    The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure protocols, allowing an attacker within radio range during pairing to downgrade and then exploit a differ ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:60 | 回复:0
  • CVE-2020-12891
    CVE-2020-12891
    AMD Radeon Software may be vulnerable to DLL Hijacking through path variable. An unprivileged user may be able to drop its malicious DLL file in any location which is in path environment variable.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:71 | 回复:0
  • CVE-2020-12965
    CVE-2020-12965
    When combined with specific software sequences, AMD CPUs may transiently execute non-canonical loads and store using only the lower 48 address bits potentially resulting in data leakage.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:69 | 回复:0
  • CVE-2020-12966
    CVE-2020-12966
    AMD EPYC™ Processors contain an information disclosure vulnerability in the Secure Encrypted Virtualization with Encrypted State (SEV-ES) and Secure Encrypted Virtualization with Secure Nested Paging ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:89 | 回复:0
  • CVE-2020-7534
    CVE-2020-7534
    A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user i ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:111 | 回复:0
  • CVE-2021-21959
    CVE-2021-21959
    A misconfiguration exists in the MQTTS functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. This misconfiguration significantly simplifies a man-in-the-middle attack, which directly leads ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:178 | 回复:0
  • CVE-2021-21960
    CVE-2021-21960
    A stack-based buffer overflow vulnerability exists in both the LLMNR functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted network packet can lead to remote code executi ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:100 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
专题导读
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap