CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-21699

Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the parameter name of reactive parameters and dynamic reference parameters, resulting in a stored cross-site scripting (XSS) vulnerabili ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：20 | 回复：0
CVE-2021-21700

Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of scripts on the UI when asking to confirm their deletion, resulting in a stored cross-site scripting (XSS) vulnerability exploitable ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：14 | 回复：0
CVE-2021-21701

Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：8 | 回复：0
CVE-2021-43576

Jenkins pom2config Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers with Overall/Read and Item/Read permissions to have Jenkins ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：20 | 回复：0
CVE-2021-43577

Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：17 | 回复：0
CVE-2021-43578

Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：20 | 回复：0
CVE-2021-3934

ohmyzsh is vulnerable to Improper Neutralization of Special Elements used in an OS Command……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：18 | 回复：0
CVE-2021-43494

OpenCV-REST-API master branch as of commit 69be158c05d4dd5a4aff38fdc680a162dd6b9e49 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：24 | 回复：0
CVE-2021-43496

Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd70bfcaa70 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywh ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：15 | 回复：0
CVE-2021-43492

AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：24 | 回复：0
CVE-2021-43493

ServerManagement master branch as of commit 49491cc6f94980e6be7791d17be947c27071eb56 is affected by a directory traversal vulnerability. This vulnerability can be used to extract credentials which can ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：10 | 回复：0
CVE-2020-4140

IBM Security SiteProtector System 3.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：17 | 回复：0
CVE-2020-4146

IBM Security SiteProtector System 3.1.1 could allow a remote attacker to obtain sensitive information, caused by missing 'HttpOnly' flag. A remote attacker could exploit this vulnerability to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：22 | 回复：0
CVE-2021-38972

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the d ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：21 | 回复：0
CVE-2021-38973

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the d ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：11 | 回复：0
CVE-2021-38985

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the d ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：20 | 回复：0
CVE-2021-41254

kustomize-controller is a Kubernetes operator, specialized in running continuous delivery pipelines for infrastructure and workloads defined with Kubernetes manifests and assembled with Kustomize. Use ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：13 | 回复：0
CVE-2021-41259

Nim is a systems programming language with a focus on efficiency, expressiveness, and elegance. In affected versions the uri.parseUri function which may be used to validate URIs accepts null bytes in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：25 | 回复：0
CVE-2021-41264

OpenZeppelin Contracts is a library for smart contract development. In affected versions upgradeable contracts using `UUPSUpgradeable` may be vulnerable to an attack affecting uninitialized implementa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：21 | 回复：0
CVE-2021-41972

Apache Superset up to and including 1.3.1 allowed for database connections password leak for authenticated users. This information could be accessed in a non-trivial way.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：28 | 回复：0
CVE-2021-39303

The server in Jamf Pro before 10.32.0 has an SSRF vulnerability, aka PI-006352. NOTE: Jamf Nation will also publish an article about this vulnerability.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：36 | 回复：0
CVE-2021-42563

There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) in versions prior to 18.0 on Windows. This may allow an authorized local user to insert arbitrary code into the unquoted service ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：34 | 回复：0
CVE-2021-43331

In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：19 | 回复：0
CVE-2021-43332

In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offli ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：27 | 回复：0
CVE-2020-21141

iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admincp.php?app=membersdo=add.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：25 | 回复：0
CVE-2021-3519

A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the BIOS Password At Boot Device List BIOS setting is Yes.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：16 | 回复：0
CVE-2021-3577

An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker on the same network unauthorized access to the device.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：32 | 回复：0
CVE-2021-3599

A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：25 | 回复：0
CVE-2021-3718

A denial of service vulnerability was reported in some ThinkPad models that could cause a system to crash when the Enhanced Biometrics setting is enabled in BIOS.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：13 | 回复：0
CVE-2021-3719

A potential vulnerability in the SMI callback function that saves and restore boot script tables used for resuming from sleep state in some ThinkCentre and ThinkStation models may allow an attacker wi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：11 | 回复：0
CVE-2021-3720

An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) that could allow other applications to access device ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：22 | 回复：0
CVE-2021-3723

A command injection vulnerability was reported in the Integrated Management Module (IMM) of legacy IBM System x 3550 M3 and IBM System x 3650 M3 servers that could allow the execution of operating sys ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：25 | 回复：0
CVE-2021-3786

A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：30 | 回复：0
CVE-2021-3787

A vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with local access to obtain the MQTT credentials that could result in unauthorized access to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：19 | 回复：0
CVE-2021-3788

An exposed debug interface was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access unauthorized access to the device.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：12 | 回复：0
CVE-2021-3789

An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access to obtain the encryption key used to decrypt fir ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：18 | 回复：0
CVE-2021-3790

A buffer overflow was reported in the local web server of some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same network to perform a denial-of-service ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：23 | 回复：0
CVE-2021-3791

An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same subnet to download an encrypted log file ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：34 | 回复：0
CVE-2021-3792

Some device communications in some Motorola-branded Binatone Hubble Cameras with backend Hubble services are not encrypted which could lead to the communication channel being accessible by an attacker ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：16 | 回复：0
CVE-2021-3840

A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：6 | 回复：0