• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号
登陆 注册
描述文字
OGeek|极客世界-中国程序员成长平台 门户 漏洞CVE漏洞

CVE漏洞

RSS
  • CVE-2021-39946
    CVE-2021-39946
    Improper neutralization of user input in GitLab CE/EE versions 14.3 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed an attacker to exploit XSS by abusing the generation of the HTML code related ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:04 | 阅读:17 | 回复:0
  • CVE-2021-41807
    CVE-2021-41807
    Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873.0 in certain type of user accounts allows unlimited amount of attempts and therefore makes brute-forci ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:04 | 阅读:14 | 回复:0
  • CVE-2021-41808
    CVE-2021-41808
    In M-Files Server product with versions before 21.11.10775.0, enabling logging of Federated authentication to event log wrote sensitive information to log. Mitigating factors are logging is disabled b ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:04 | 阅读:24 | 回复:0
  • CVE-2021-41809
    CVE-2021-41809
    SSRF vulnerability in M-Files Server products with versions before 22.1.11017.1, in a preview function allowed making queries from the server with certain document types referencing external entities.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:04 | 阅读:32 | 回复:0
  • CVE-2021-43353
    CVE-2021-43353
    The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the crisp_plugin_settings_page function found in the ~/crisp.php file, which made i ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:04 | 阅读:18 | 回复:0
  • CVE-2021-4074
    CVE-2021-4074
    The WHMCS Bridge WordPress plugin is vulnerable to Stored Cross-Site Scripting via the cc_whmcs_bridge_url parameter found in the ~/whmcs-bridge/bridge_cp.php file which allows attackers to inject arb ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:04 | 阅读:14 | 回复:0
  • CVE-2021-4083
    CVE-2021-4083
    A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially tr ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:04 | 阅读:15 | 回复:0
  • CVE-2022-0090
    CVE-2022-0090
    An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab is configured in a way that it doesn't ignore replacement r ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:04 | 阅读:16 | 回复:0
  • CVE-2022-0093
    CVE-2022-0093
    An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab allows a user with an expired password to access sensitive info ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:04 | 阅读:12 | 回复:0
  • CVE-2022-0124
    CVE-2022-0124
    An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. Gitlab's Slack integration is incorrectly validating user input an ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:04 | 阅读:10 | 回复:0
  • CVE-2022-0125
    CVE-2022-0125
    An issue has been discovered in GitLab affecting all versions starting from 12.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:04 | 阅读:21 | 回复:0
  • CVE-2022-0151
    CVE-2022-0151
    An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLa ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:04 | 阅读:11 | 回复:0
  • CVE-2022-0152
    CVE-2022-0152
    An issue has been discovered in GitLab affecting all versions starting from 13.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLa ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:04 | 阅读:15 | 回复:0
  • CVE-2022-0154
    CVE-2022-0154
    An issue has been discovered in GitLab affecting all versions starting from 7.7 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:04 | 阅读:16 | 回复:0
  • CVE-2022-0172
    CVE-2022-0172
    An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.3. Under certain conditions it was possible to bypass the IP restriction for public projects through GraphQL allowi ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:04 | 阅读:14 | 回复:0
  • CVE-2022-0210
    CVE-2022-0210
    The Random Banner WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the category parameter found in the ~/include/models/model.php file which allowed attac ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:04 | 阅读:17 | 回复:0
  • CVE-2022-0215
    CVE-2022-0215
    The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ), and Side Cart Woocommerce (Ajax) WordPress plugins by XootiX are vulnerable to Cross-Site Request Forgery via the save_settings ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:04 | 阅读:22 | 回复:0
  • CVE-2022-0232
    CVE-2022-0232
    The User Registration, Login Landing Pages WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the loader_text parameter found in the ~/includes/templates/l ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:04 | 阅读:21 | 回复:0
  • CVE-2022-0233
    CVE-2022-0233
    The ProfileGrid – User Profiles, Memberships, Groups and Communities WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the pm_user_avatar and pm_cover_ima ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:04 | 阅读:22 | 回复:0
  • CVE-2022-0236
    CVE-2022-0236
    The WP Import Export WordPress plugin (both free and premium versions) is vulnerable to unauthenticated sensitive data disclosure due to a missing capability check on the download function wpie_proces ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:04 | 阅读:15 | 回复:0
  • CVE-2022-0244
    CVE-2022-0244
    An issue has been discovered in GitLab CE/EE affecting all versions starting with 14.5. Arbitrary file read was possible by importing a group was due to incorrect handling of file.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:04 | 阅读:15 | 回复:0
  • CVE-2022-22690
    CVE-2022-22690
    Within the Umbraco CMS, a configuration element named UmbracoApplicationUrl (or just ApplicationUrl) is used whenever application code needs to build a URL pointing back to the site. For example, when ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:04 | 阅读:40 | 回复:0
  • CVE-2022-22691
    CVE-2022-22691
    The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbr ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:04 | 阅读:29 | 回复:0
  • CVE-2022-23083
    CVE-2022-23083
    NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transfer Management contain a XSS (Cross-Site Scripting) vulnerability in ReportCenter UI due to insufficient input validation that coul ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:04 | 阅读:21 | 回复:0
  • CVE-2021-34401
    CVE-2021-34401
    NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVGPU_IOCTL_CHANNEL_SET_ERROR_NOTIFIER, where improper access control may lead to code execution, compromised integrity, or denial of ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:04 | 阅读:28 | 回复:0
  • CVE-2021-34402
    CVE-2021-34402
    NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVDEC, where a user with high privileges might be able to read from or write to a memory location that is outside the intended boundary of ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:04 | 阅读:25 | 回复:0
  • CVE-2021-34403
    CVE-2021-34403
    NVIDIA Linux distributions contain a vulnerability in nvmap ioctl, which allows any user with a local account to exploit a use-after-free condition, leading to code privilege escalation, loss of confi ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:04 | 阅读:11 | 回复:0
  • CVE-2021-34404
    CVE-2021-34404
    Android images for T210 provided by NVIDIA contain a vulnerability in BROM, where failure to limit access to AHB-DMA when BROM fails may allow an unprivileged attacker with physical access to cause de ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:04 | 阅读:17 | 回复:0
  • CVE-2021-34405
    CVE-2021-34405
    NVIDIA Linux distributions contain a vulnerability in TrustZone’s TEE_Malloc function, where an unchecked return value causing a null pointer dereference may lead to denial of service.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:04 | 阅读:41 | 回复:0
  • CVE-2021-34406
    CVE-2021-34406
    NVIDIA Tegra kernel driver contains a vulnerability in NVHost, where a specific race condition can lead to a null pointer dereference, which may lead to a system reboot.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:04 | 阅读:22 | 回复:0
  • CVE-2021-46005
    CVE-2021-46005
    Sourcecodester Car Rental Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via vehicalorcview parameter.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:04 | 阅读:17 | 回复:0
  • CVE-2021-46012
    CVE-2021-46012
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:04 | 阅读:20 | 回复:0
  • CVE-2021-46013
    CVE-2021-46013
    An unrestricted file upload vulnerability exists in Sourcecodester Free school management software 1.0. An attacker can leverage this vulnerability to enable remote code execution on the affected web ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:04 | 阅读:12 | 回复:0
  • CVE-2022-21683
    CVE-2022-21683
    Wagtail is a Django based content management system focused on flexibility and user experience. When notifications for new replies in comment threads are sent, they are sent to all users who have repl ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:04 | 阅读:14 | 回复:0
  • CVE-2021-44840
    CVE-2021-44840
    An issue was discovered in Delta RM 1.2. Using an privileged account, it is possible to edit, create, and delete risk labels, such as Criticality and Priority Indication labels. By using the /core/tab ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:04 | 阅读:9 | 回复:0
  • CVE-2021-44836
    CVE-2021-44836
    An issue was discovered in Delta RM 1.2. The /risque/risque/workflow/reset endpoint is lacking access controls, and it is possible for an unprivileged user to reopen a risk with a POST request, using ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:04 | 阅读:31 | 回复:0
  • CVE-2021-44838
    CVE-2021-44838
    An issue was discovered in Delta RM 1.2. Using the /risque/risque/ajax-details endpoint, with a POST request indicating the risk to access with the id parameter, it is possible for users to access ris ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:04 | 阅读:29 | 回复:0
  • CVE-2021-44839
    CVE-2021-44839
    An issue was discovered in Delta RM 1.2. It is possible to request a new password for any other account using the account ID. Using the /listes/DTsendmaildata/adm_utilisateur/send-mail.json endpoint, ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:04 | 阅读:14 | 回复:0
  • CVE-2022-21696
    CVE-2022-21696
    OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions it is possible to change the user ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:04 | 阅读:21 | 回复:0
  • CVE-2022-23408
    CVE-2022-23408
    wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections (without AEAD) using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of m ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:04 | 阅读:31 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap