CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-39897

Improper access control in GitLab CE/EE version 10.5 and above allowed subgroup members with inherited access to a project from a parent group to still have access even after the subgroup is transferr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：133 | 回复：0
CVE-2021-39898

In all versions of GitLab CE/EE since version 10.6, a project export leaks the external webhook token value which may allow access to the project which it was exported from.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：117 | 回复：0
CVE-2021-39901

In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：114 | 回复：0
CVE-2021-39904

An Improper Access Control vulnerability in the GraphQL API in GitLab CE/EE since version 13.1 allows a Merge Request creator to resolve discussions and apply suggestions after a project owner has loc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：116 | 回复：0
CVE-2021-39905

An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：133 | 回复：0
CVE-2021-39906

Improper validation of ipynb files in GitLab CE/EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：129 | 回复：0
CVE-2021-39907

A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 13.7. The stripping of EXIF data from certain images resulted in high CPU usage.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：160 | 回复：0
CVE-2021-39909

Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE since version 11.3 allows an attacker to bypass CODEOWNERS Merge Request approval requirement under ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：172 | 回复：0
CVE-2021-39911

An improper access control flaw in GitLab CE/EE since version 13.9 exposes private email address of Issue and Merge Requests assignee to Webhook data consumers……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：145 | 回复：0
CVE-2021-39912

A potential DoS vulnerability was discovered in GitLab CE/EE starting with version 13.7. Using a malformed TIFF images was possible to trigger memory exhaustion.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：112 | 回复：0
CVE-2021-39913

Accidental logging of system root password in the migration log in all versions of GitLab CE/EE allows an attacker with local file system access to obtain system root-level privileges……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：46 | 回复：0
CVE-2021-25500

A missing input validation in HDCP LDFW prior to SMR Nov-2021 Release 1 allows attackers to overwrite TZASC allowing TEE compromise.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：53 | 回复：0
CVE-2021-25501

An improper access control vulnerability in SCloudBnRReceiver in SecTelephonyProvider prior to SMR Nov-2021 Release 1 allows untrusted application to call some protected providers.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：48 | 回复：0
CVE-2021-25502

A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without priviledge.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：39 | 回复：0
CVE-2021-25503

Improper input validation vulnerability in HDCP prior to SMR Nov-2021 Release 1 allows attackers to arbitrary code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：31 | 回复：0
CVE-2021-25504

Intent redirection vulnerability in Group Sharing prior to 10.8.03.2 allows attacker to access contact information.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：17 | 回复：0
CVE-2021-25505

Improper authentication in Samsung Pass prior to 3.0.02.4 allows to use app without authentication when lockscreen is unlocked.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：18 | 回复：0
CVE-2021-25506

Non-existent provider in Samsung Health prior to 6.19.1.0001 allows attacker to access it via malicious content provider or lead to denial of service.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：33 | 回复：0
CVE-2021-25507

Improper authorization vulnerability in Samsung Flow mobile application prior to 4.8.03.5 allows Samsung Flow PC application connected with user device to access part of notification data in Secure Fo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：36 | 回复：0
CVE-2021-25508

Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows an attacker to abuse the API key without limitation.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：37 | 回复：0
CVE-2021-25509

A missing input validation in Samsung Flow Windows application prior to Version 4.8.5.0 allows attackers to overwrite abtraty file in the Windows known folders.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：22 | 回复：0
CVE-2021-42237

Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authenticati ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：23 | 回复：0
CVE-2021-26844

A cross-site scripting (XSS) vulnerability in Power Admin PA Server Monitor 8.2.1.1 allows remote attackers to inject arbitrary web script or HTML via Console.exe.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：23 | 回复：0
CVE-2021-42662

A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday reason parameter. An attacker can leverage this vuln ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：33 | 回复：0
CVE-2021-42663

An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：33 | 回复：0
CVE-2021-42664

A Stored Cross Site Scripting (XSS) Vulneraibiilty exists in Sourcecodester Engineers Online Portal in PHP via the (1) Quiz title and (2) quiz description parameters to add_quiz.php. An attacker can l ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：25 | 回复：0
CVE-2021-42665

An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of index.php, which can allow an attacker to bypass authentication.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：22 | 回复：0
CVE-2021-42666

A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to quiz_question.php, which could let a malicious user extract sensitive data from the web se ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：31 | 回复：0
CVE-2021-42667

A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：18 | 回复：0
CVE-2021-42668

A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter in the my_classmates.php web page.. As a result, an attacker can extract sensitive data from ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：24 | 回复：0
CVE-2021-42669

A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_teacher.php, which allows changing the avatar through teacher_avatar.php. Once an avatar gets uploaded ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：16 | 回复：0
CVE-2021-42670

A SQL injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to the announcements_student.php web page. As a result a malicious user can extract sensitive ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：22 | 回复：0
CVE-2021-42671

An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. An attacker can leverage this vulnerability in order to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：11 | 回复：0
CVE-2021-39411

Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the (1) searchdata parameter in (a) doctor/search.php and (b) admin/patient-search.php, and t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：26 | 回复：0
CVE-2021-39412

Multiple Cross Site Scripting (XSS) vulnerabilities exists in PHPGurukul Shopping v3.1 via the (1) callback parameter in (a) server_side/scripts/id_jsonp.php, (b) server_side/scripts/jsonp.php, and (c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：33 | 回复：0
CVE-2021-3916

bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：17 | 回复：0
CVE-2021-3924

grav is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：20 | 回复：0
CVE-2021-24570

The Accept Donations with PayPal WordPress plugin before 1.3.1 offers a function to create donation buttons, which internally are posts. The process to create a new button is lacking a CSRF check. An ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：53 | 回复：0
CVE-2021-24572

The Accept Donations with PayPal WordPress plugin before 1.3.1 provides a function to create donation buttons which are internally stored as posts. The deletion of a button is not CSRF protected and t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：63 | 回复：0
CVE-2021-24624

The MP3 Audio Player for Music, Radio Podcast by Sonaar WordPress plugin before 2.4.2 does not properly sanitize or escape data in some of its Playlist settings, allowing high privilege users to perf ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：46 | 回复：0