• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

CVE漏洞

RSS
  • CVE-2021-20806
    CVE-2021-20806
    Open redirect vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:24 | 回复:0
  • CVE-2021-20807
    CVE-2021-20807
    Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.0.0 to 3.1.9 allows a remote attacker to inject an arbitrary script via unspecified vectors.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:6 | 回复:0
  • CVE-2021-20831
    CVE-2021-20831
    Cross-site request forgery (CSRF) vulnerability in OG Tags versions prior to 2.0.2 allows a remote attacker to hijack the authentication of administrators and unintended operation may be performed via ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:15 | 回复:0
  • CVE-2021-20832
    CVE-2021-20832
    InBody App for iOS versions prior to 2.3.30 and InBody App for Android versions prior to 2.2.90(510) contain a vulnerability which may lead to information disclosure only when it works with the body c ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:14 | 回复:0
  • CVE-2021-20833
    CVE-2021-20833
    The SNKRDUNK Market Place App for iOS versions prior to 2.2.0 does not verify server certificate properly, which allows man-in-the-middle attackers to eavesdrop on and/or alter encrypted communication ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:17 | 回复:0
  • CVE-2021-20834
    CVE-2021-20834
    Improper authorization in handler for custom URL scheme vulnerability in Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1 allows a remote attacker to lead a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:10 | 回复:0
  • CVE-2021-33609
    CVE-2021-33609
    Missing check in DataCommunicator class in com.vaadin:vaadin-server versions 8.0.0 through 8.14.0 (Vaadin 8.0.0 through 8.14.0) allows authenticated network attacker to cause heap exhaustion by reques ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:21 | 回复:0
  • CVE-2021-41137
    CVE-2021-41137
    Minio is a Kubernetes native application for cloud storage. All users on release `RELEASE.2021-10-10T16-53-30Z` are affected by a vulnerability that involves bypassing policy restrictions on regular u ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:22 | 回复:0
  • CVE-2021-34814
    CVE-2021-34814
    Proofpoint Spam Engine before 8.12.0-2106240000 has a Security Control Bypass.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:18 | 回复:0
  • CVE-2021-39304
    CVE-2021-39304
    Proofpoint Enterprise Protection before 8.12.0-2108090000 allows security control bypass.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:18 | 回复:0
  • CVE-2021-20123
    CVE-2021-20123
    A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vul ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:25 | 回复:0
  • CVE-2021-20124
    CVE-2021-20124
    A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerabilit ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:11 | 回复:0
  • CVE-2021-20125
    CVE-2021-20125
    An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of DownloadFileServlet in Draytek VigorConnect 1.6.0-B3. An unauthenticated attacker could levera ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:16 | 回复:0
  • CVE-2021-20126
    CVE-2021-20126
    Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protections and does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:19 | 回复:0
  • CVE-2021-20127
    CVE-2021-20127
    An arbitrary file deletion vulnerability exists in the file delete functionality of the Html5Servlet endpoint of Draytek VigorConnect 1.6.0-B3. This allows an authenticated user to arbitrarily delete ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:22 | 回复:0
  • CVE-2021-20128
    CVE-2021-20128
    The Profile Name field in the floor plan (Network Menu) page in Draytek VigorConnect 1.6.0-B3 was found to be vulnerable to stored XSS, as user input is not properly sanitized.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:45 | 回复:0
  • CVE-2021-20129
    CVE-2021-20129
    An information disclosure vulnerability exists in Draytek VigorConnect 1.6.0-B3, allowing an unauthenticated attacker to export system logs.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:31 | 回复:0
  • CVE-2021-22033
    CVE-2021-22033
    Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:38 | 回复:0
  • CVE-2021-22035
    CVE-2021-22035
    VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-adminis ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:34 | 回复:0
  • CVE-2021-22036
    CVE-2021-22036
    VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. A malicious actor may be able to redirect victim to an attacker controlled domai ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:27 | 回复:0
  • CVE-2021-3057
    CVE-2021-3057
    A stack-based buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect app that enables a man-in-the-middle attacker to disrupt system processes and potentially execute arbitrary c ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:19 | 回复:0
  • CVE-2021-41138
    CVE-2021-41138
    Frontier is Substrate's Ethereum compatibility layer. In the newly introduced signed Frontier-specific extrinsic for `pallet-ethereum`, a large part of transaction validation logic was only called ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:22 | 回复:0
  • CVE-2021-35498
    CVE-2021-35498
    The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, and TIBCO Product and Service Catalog powered by TIBCO EBX contains a vulnerability that under certain ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:18 | 回复:0
  • CVE-2021-40732
    CVE-2021-40732
    XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer dereference vulnerability that could result in leaking data from certain memory locations and causing a local denial of service i ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:17 | 回复:0
  • CVE-2021-41139
    CVE-2021-41139
    Anuko Time Tracker is an open source, web-based time tracking application written in PHP. When a logged on user selects a date in Time Tracker, it is being passed on via the date parameter in URI. Bec ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:20 | 回复:0
  • CVE-2021-20130
    CVE-2021-20130
    ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:9 | 回复:0
  • CVE-2021-20131
    CVE-2021-20131
    ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the Personalization interface.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:21 | 回复:0
  • CVE-2021-40842
    CVE-2021-40842
    Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:24 | 回复:0
  • CVE-2021-40843
    CVE-2021-40843
    Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execu ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:29 | 回复:0
  • CVE-2021-42223
    CVE-2021-42223
    Cross Site Scripting (XSS).vulnerability exists in Online DJ Booking Management System 1.0 in view-booking-detail.php.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:31 | 回复:0
  • CVE-2021-42224
    CVE-2021-42224
    SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via the searchifsccode POST parameter in /search.php.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:15 | 回复:0
  • CVE-2021-26318
    CVE-2021-26318
    A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD CPUs could potentially result in leaked kernel address space information.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:51 | 回复:0
  • CVE-2021-40493
    CVE-2021-40493
    Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:37 | 回复:0
  • CVE-2021-41075
    CVE-2021-41075
    The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:18 | 回复:0
  • CVE-2021-40854
    CVE-2021-40854
    AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obtain administrator privileges by using the Open Chat Log feature to launch a privileged Notepad process that can launch other appli ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:25 | 回复:0
  • CVE-2021-42341
    CVE-2021-42341
    checkpath in OpenRC before 0.44.7 uses the direct output of strlen() to allocate strings, which does not account for the '\0' byte at the end of the string. This results in memory corruption. ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:35 | 回复:0
  • CVE-2021-42342
    CVE-2021-42342
    An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the file upload filter, user form variables can be passed to CGI scripts without being prefixed with the CGI prefix. This permits tunnel ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:77 | 回复:0
  • CVE-2021-3882
    CVE-2021-3882
    LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an un ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:71 | 回复:0
  • CVE-2020-22724
    CVE-2020-22724
    A remote command execution vulnerability exists in add_server_service of PPTP_SERVER in Mercury Router MER1200 v1.0.1 and Mercury Router MER1200G v1.0.1.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:63 | 回复:0
  • CVE-2020-19954
    CVE-2020-19954
    An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:49 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
专题导读
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap