CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-31599

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. A reports (.prpt) file allows the inclusion of BeanShell scripts to ease the produc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：23 | 回复：0
CVE-2021-31600

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：20 | 回复：0
CVE-2021-31601

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：11 | 回复：0
CVE-2021-31602

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. The Security Model has different layers of Access Control. One of these layers is t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：5 | 回复：0
CVE-2021-34684

Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：7 | 回复：0
CVE-2021-34685

UploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：8 | 回复：0
CVE-2021-42072

An issue was discovered in Barrier before 2.4.0. The barriers component (aka the server-side implementation of Barrier) does not sufficiently verify the identify of connecting clients. Clients can thu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：17 | 回复：0
CVE-2021-42073

An issue was discovered in Barrier before 2.4.0. An attacker can enter an active session state with the barriers component (aka the server-side implementation of Barrier) simply by supplying a client ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：5 | 回复：0
CVE-2021-42074

An issue was discovered in Barrier before 2.3.4. An unauthenticated attacker can cause a segmentation fault in the barriers component (aka the server-side implementation of Barrier) by quickly opening ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：36 | 回复：0
CVE-2021-42075

An issue was discovered in Barrier before 2.3.4. The barriers component (aka the server-side implementation of Barrier) does not correctly close file descriptors for established TCP connections. An un ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：17 | 回复：0
CVE-2021-42076

An issue was discovered in Barrier before 2.3.4. An attacker can cause memory exhaustion in the barriers component (aka the server-side implementation of Barrier) and barrierc by sending long TCP mess ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：10 | 回复：0
CVE-2021-42077

PHP Event Calendar before 2021-09-03 allows SQL injection, as demonstrated by the /server/ajax/user_manager.php username parameter. This can be used to execute SQL statements directly on the database, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：11 | 回复：0
CVE-2021-42078

PHP Event Calendar through 2021-11-04 allows persistent cross-site scripting (XSS), as demonstrated by the /server/ajax/events_manager.php title parameter. This can be exploited by an adversary in mul ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：23 | 回复：0
CVE-2021-42370

A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. (Viewing the passw ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：16 | 回复：0
CVE-2021-42371

lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：13 | 回复：0
CVE-2021-42372

A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：6 | 回复：0
CVE-2021-41771

ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：23 | 回复：0
CVE-2021-41772

Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：22 | 回复：0
CVE-2021-29243

Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：21 | 回复：0
CVE-2021-29994

Cloudera Hue 4.6.0 allows XSS.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：21 | 回复：0
CVE-2021-32481

Cloudera Hue 4.6.0 allows XSS via the type parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：20 | 回复：0
CVE-2021-32482

Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS via the path parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：14 | 回复：0
CVE-2021-22051

Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following m ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：34 | 回复：0
CVE-2021-30132

Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：32 | 回复：0
CVE-2021-32483

Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges to view the restricted Dashboard.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：22 | 回复：0
CVE-2021-37850

ESET was made aware of a vulnerability in its consumer and business products for macOS that enables a user logged on to the system to stop the ESET daemon, effectively disabling the protection of the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：28 | 回复：0
CVE-2021-25979

Apostrophe CMS versions between 2.63.0 to 3.3.1 affected by an insufficient session expiration vulnerability, which allows unauthenticated remote attackers to hijack recently logged-in users' sess ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：10 | 回复：0
CVE-2021-28022

Blind SQL injection in the login form in ServiceTonic Helpdesk software 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：8 | 回复：0
CVE-2021-28023

Arbitrary file upload in Service import feature in ServiceTonic Helpdesk software version 9.0.35937 allows a malicious user to execute JSP code by uploading a zip that extracts files in relative path ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：6 | 回复：0
CVE-2021-28024

Unauthorized system access in the login form in ServiceTonic Helpdesk software version 9.0.35937 allows attacker to login without using a password.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：9 | 回复：0
CVE-2021-39182

EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problem ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：13 | 回复：0
CVE-2021-41733

Oppia 3.1.4 does not verify that certain URLs are valid before navigating to them.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：14 | 回复：0
CVE-2021-42770

A Cross-site scripting (XSS) vulnerability was discovered in OPNsense before 21.7.4 via the LDAP attribute return in the authentication tester.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：16 | 回复：0
CVE-2020-4152

IBM QRadar Network Security 5.4.0 and 5.5.0 transmits sensitive or security-critical data in cleartext in a communication channel that can be obtained using man in the middle techniques. IBM X-Force I ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：11 | 回复：0
CVE-2020-4153

IBM QRadar Network Security 5.4.0 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：6 | 回复：0
CVE-2020-4160

IBM QRadar Network Security 5.4.0 and 5.5.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could ex ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：28 | 回复：0
CVE-2021-29735

IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, and 11.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：13 | 回复：0
CVE-2021-29843

IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial of service attack caused by an issue processing message properties. IBM X-Force ID: 205203.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：5 | 回复：0
CVE-2021-24537

The Similar Posts WordPress plugin through 3.1.5 allow high privilege users to execute arbitrary PHP code in an hardened environment (ie with DISALLOW_FILE_EDIT, DISALLOW_FILE_MODS and DISALLOW_UNFILT ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：17 | 回复：0
CVE-2021-24575

The School Management System â€“ WPSchoolPress WordPress plugin before 2.1.10 does not properly sanitize or use prepared statements before using POST variable in SQL queries, leading to SQL injecti ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：29 | 回复：0