• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

CVE漏洞

RSS
  • CVE-2021-39886
    CVE-2021-39886
    Permissions rules were not applied while issues were moved between projects of the same group in GitLab versions starting with 10.6 and up to 14.1.7 allowing users to read confidential Epic references ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:23 | 回复:0
  • CVE-2021-39889
    CVE-2021-39889
    In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a malicious user who makes a crafted API ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:27 | 回复:0
  • CVE-2021-39891
    CVE-2021-39891
    In all versions of GitLab CE/EE since version 8.0, access tokens created as part of admin's impersonation of a user are not cleared at the end of impersonation which may lead to unnecessary sensit ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:24 | 回复:0
  • CVE-2021-39880
    CVE-2021-39880
    A Denial Of Service vulnerability in the apollo_upload_server Ruby gem in GitLab CE/EE version 11.11 and above allows an attacker to deny access to all users via specially crafted requests to the apol ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:33 | 回复:0
  • CVE-2021-41554
    CVE-2021-41554
    ** UNSUPPORTED WHEN ASSIGNED ** ARCHIBUS Web Central 21.3.3.815 (a version from 2014) does not properly validate requests for access to data and functionality in these affected endpoints: /archibus/sc ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:35 | 回复:0
  • CVE-2021-41555
    CVE-2021-41555
    ** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), XSS occurs in /archibus/dwr/call/plaincall/workflow.runWorkflowRule.dwr because the data received as input fro ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:22 | 回复:0
  • CVE-2021-35491
    CVE-2021-35491
    A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a user account via the /enginemanager/server/user/delete.htm userName pa ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:31 | 回复:0
  • CVE-2021-35492
    CVE-2021-35492
    Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust filesystem resources via the /enginemanager/server/vhost/historical.jsdata vhost parameter. This is due ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:22 | 回复:0
  • CVE-2021-41286
    CVE-2021-41286
    Omikron MultiCash Desktop 4.00.008.SP5 relies on a client-side authentication mechanism. When a user logs into the application, the validity of the password is checked locally. All communication to th ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:32 | 回复:0
  • CVE-2021-41553
    CVE-2021-41553
    ** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), the Web Application in /archibus/login.axvw assign a session token that could be already in use by another use ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:30 | 回复:0
  • CVE-2021-35497
    CVE-2021-35497
    The FTL Server (tibftlserver) and Docker images containing tibftlserver components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, TIBCO Ac ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:32 | 回复:0
  • CVE-2021-39226
    CVE-2021-39226
    Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:30 | 回复:0
  • CVE-2021-41113
    CVE-2021-41113
    TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in th ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:27 | 回复:0
  • CVE-2021-41114
    CVE-2021-41114
    TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:34 | 回复:0
  • CVE-2021-41116
    CVE-2021-41116
    Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should up ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:28 | 回复:0
  • CVE-2021-3319
    CVE-2021-3319
    DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses. Zephyr versions = v2.4.0 contain NULL Pointer Dereference (CWE-476), Attempt to Access Child of a Non-structure Pointer (CW ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:35 | 回复:0
  • CVE-2021-3436
    CVE-2021-3436
    BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. Zephyr versions = 1.14.2, = 2.4.0, = 2.5.0 contain Use of Multiple Resources w ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:30 | 回复:0
  • CVE-2021-3510
    CVE-2021-3510
    Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions = 1.14.0, = 2.5.0 contain Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:34 | 回复:0
  • CVE-2021-3581
    CVE-2021-3581
    Buffer Access with Incorrect Length Value in zephyr. Zephyr versions = =2.5.0 contain Buffer Access with Incorrect Length Value (CWE-805). For more information, see https://github.com/zephyrproject-rt ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:32 | 回复:0
  • CVE-2021-3625
    CVE-2021-3625
    Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions = v2.5.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisor ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:42 | 回复:0
  • CVE-2021-41120
    CVE-2021-41120
    sylius/paypal-plugin is a paypal plugin for the Sylius development platform. In affected versions the URL to the payment page done after checkout was created with autoincremented payment id (/pay-with ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:34 | 回复:0
  • CVE-2021-41124
    CVE-2021-41124
    Scrapy-splash is a library which provides Scrapy and JavaScript integration. In affected versions users who use (http://doc.scrapy.org/en/latest/topics/downloader-middleware.html#module-scrapy.downloa ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:31 | 回复:0
  • CVE-2020-21503
    CVE-2020-21503
    waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=gifta=addsave credit paramete ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:30 | 回复:0
  • CVE-2020-21504
    CVE-2020-21504
    waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php?m=Publica=login.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:25 | 回复:0
  • CVE-2020-21505
    CVE-2020-21505
    waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php/Link/addsave.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:31 | 回复:0
  • CVE-2020-21506
    CVE-2020-21506
    waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php?m=Configa=add.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:29 | 回复:0
  • CVE-2021-31986
    CVE-2021-31986
    User controlled parameters related to SMTP notifications are not correctly validated. This can lead to a buffer overflow resulting in crashes and data leakage.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:32 | 回复:0
  • CVE-2021-31987
    CVE-2021-31987
    A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to bypass blocked network recipients.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:34 | 回复:0
  • CVE-2021-23893
    CVE-2021-23893
    Privilege Escalation vulnerability in a Windows system driver of McAfee Drive Encryption (DE) prior to 7.3.0 could allow a local non-admin user to gain elevated system privileges via exploiting an unu ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:07 | 阅读:21 | 回复:0
  • CVE-2021-41456
    CVE-2021-41456
    There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1004 in the nhmldmx_send_sample() function szXmlTo parameter which leads to a denial of service vulnerability.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:07 | 阅读:27 | 回复:0
  • CVE-2021-41457
    CVE-2021-41457
    There is a stack buffer overflow in MP4Box 1.1.0 at src/filters/dmx_nhml.c in nhmldmx_init_parsing which leads to a denial of service vulnerability.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:07 | 阅读:20 | 回复:0
  • CVE-2021-41459
    CVE-2021-41459
    There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1008 in the nhmldmx_send_sample() function szXmlFrom parameter which leads to a denial of service vulnerability.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:07 | 阅读:24 | 回复:0
  • CVE-2021-35297
    CVE-2021-35297
    Scalabium dBase Viewer version 2.6 (Build 5.751) is vulnerable to remote code execution via a crafted DBF file that triggers a buffer overflow. An attacker can use the Structured Exception Handler (SE ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:07 | 阅读:20 | 回复:0
  • CVE-2021-41110
    CVE-2021-41110
    cwlviewer is a web application to view and share Common Workflow Language workflows. Versions prior to 1.3.1 contain a Deserialization of Untrusted Data vulnerability. Commit number f6066f09edb70033a2 ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:07 | 阅读:22 | 回复:0
  • CVE-2021-40960
    CVE-2021-40960
    Galera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal information from /etc/passwd and /etc/shadow.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:07 | 阅读:30 | 回复:0
  • CVE-2021-41648
    CVE-2021-41648
    An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /action.php prId parameter. Using a post request does not sanitize the user input.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:07 | 阅读:38 | 回复:0
  • CVE-2021-41649
    CVE-2021-41649
    An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /homeaction.php cat_id parameter. Using a post request does not sanitize the user input.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:07 | 阅读:20 | 回复:0
  • CVE-2021-29108
    CVE-2021-29108
    There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below that may allow a remote, authenticated attacker to impersonate another ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:07 | 阅读:17 | 回复:0
  • CVE-2021-29109
    CVE-2021-29109
    A reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:07 | 阅读:15 | 回复:0
  • CVE-2021-29110
    CVE-2021-29110
    Stored cross-site scripting (XSS) issue in Esri Portal for ArcGIS may allow a remote unauthenticated attacker to pass and store malicious strings in the home application.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:07 | 阅读:15 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
专题导读
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap