• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

CVE漏洞

RSS
  • CVE-2021-20578
    CVE-2021-20578
    IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform unauthorized actions due to improper or missing authentication controls. IBM X-Force ID: 199 ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:49 | 回复:0
  • CVE-2021-29894
    CVE-2021-29894
    IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X- ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:43 | 回复:0
  • CVE-2021-35198
    CVE-2021-35198
    NETSCOUT nGeniusONE 6.3.0 build 1004 and earlier allows Stored Cross-Site Scripting (XSS) in the Packet Analysis module.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:40 | 回复:0
  • CVE-2021-35199
    CVE-2021-35199
    NETSCOUT nGeniusONE 6.3.0 build 1196 and earlier allows Stored Cross-Site Scripting (XSS) in UploadFile.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:37 | 回复:0
  • CVE-2021-35200
    CVE-2021-35200
    NETSCOUT nGeniusONE 6.3.0 build 1196 allows high-privileged users to achieve Stored Cross-Site Scripting (XSS) in FDSQueryService.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:45 | 回复:0
  • CVE-2021-35201
    CVE-2021-35201
    NEI in NETSCOUT nGeniusONE 6.3.0 build 1196 allows XML External Entity (XXE) attacks.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:43 | 回复:0
  • CVE-2021-35202
    CVE-2021-35202
    NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Authorization Bypass (to access an endpoint) in FDSQueryService.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:46 | 回复:0
  • CVE-2021-35203
    CVE-2021-35203
    NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Arbitrary File Read operations via the FDSQueryService endpoint.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:61 | 回复:0
  • CVE-2021-35204
    CVE-2021-35204
    NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Reflected Cross-Site Scripting (XSS) in the support endpoint.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:49 | 回复:0
  • CVE-2021-35205
    CVE-2021-35205
    NETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows URL redirection in redirector.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:34 | 回复:0
  • CVE-2021-41288
    CVE-2021-41288
    Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:53 | 回复:0
  • CVE-2021-41323
    CVE-2021-41323
    Directory traversal in the Compress feature in Pydio Cells 2.2.9 allows remote authenticated users to overwrite personal files, or Cells files belonging to any user, via the format parameter.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:54 | 回复:0
  • CVE-2021-41325
    CVE-2021-41325
    Broken access control for user creation in Pydio Cells 2.2.9 allows remote anonymous users to create standard users via the profile parameter. (In addition, such users can be granted several admin per ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:70 | 回复:0
  • CVE-2021-33583
    CVE-2021-33583
    REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa password that is hardcoded in the TCServer.jar file.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:54 | 回复:0
  • CVE-2021-41101
    CVE-2021-41101
    wire-server is an open-source back end for Wire, a secure collaboration platform. Before version 2.106.0, the CORS ` Access-Control-Allow-Origin ` header set by `nginz` is set for all subdomains of `. ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:77 | 回复:0
  • CVE-2020-20746
    CVE-2020-20746
    A stack-based buffer overflow in the httpd server on Tenda AC9 V15.03.06.60_EN allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via a crafted POST request to /gofor ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:85 | 回复:0
  • CVE-2021-41324
    CVE-2021-41324
    Directory traversal in the Copy, Move, and Delete features in Pydio Cells 2.2.9 allows remote authenticated users to enumerate personal files (or Cells files belonging to any user) via the nodes param ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:92 | 回复:0
  • CVE-2020-20796
    CVE-2020-20796
    FlameCMS 3.3.5 contains a SQL injection vulnerability in /master/article.php via the Id parameter.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:50 | 回复:0
  • CVE-2020-20797
    CVE-2020-20797
    FlameCMS 3.3.5 contains a time-based blind SQL injection vulnerability in /account/register.php.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:58 | 回复:0
  • CVE-2020-20799
    CVE-2020-20799
    JeeCMS 1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the commentText parameter.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:69 | 回复:0
  • CVE-2021-33626
    CVE-2021-33626
    A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). Thi ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:88 | 回复:0
  • CVE-2021-34352
    CVE-2021-34352
    A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed th ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:63 | 回复:0
  • CVE-2021-34354
    CVE-2021-34354
    A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have alr ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:51 | 回复:0
  • CVE-2021-34355
    CVE-2021-34355
    A cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have alread ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:53 | 回复:0
  • CVE-2021-34356
    CVE-2021-34356
    A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have alr ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:85 | 回复:0
  • CVE-2021-38675
    CVE-2021-38675
    A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Image2PDF. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:71 | 回复:0
  • CVE-2021-3626
    CVE-2021-3626
    The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts from the operating system to a guest, allowing for privilege es ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:89 | 回复:0
  • CVE-2021-3709
    CVE-2021-3709
    Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior t ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:57 | 回复:0
  • CVE-2021-3710
    CVE-2021-3710
    An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions pr ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:75 | 回复:0
  • CVE-2021-3747
    CVE-2021-3747
    The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, accidentally installed the application directory with incorrect owner.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:71 | 回复:0
  • CVE-2021-29832
    CVE-2021-29832
    IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:17 | 回复:0
  • CVE-2021-29833
    CVE-2021-29833
    IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:19 | 回复:0
  • CVE-2021-29904
    CVE-2021-29904
    IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI displays user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 207610.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:20 | 回复:0
  • CVE-2021-29905
    CVE-2021-29905
    IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:15 | 回复:0
  • CVE-2021-38870
    CVE-2021-38870
    IBM Aspera Cloud is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:26 | 回复:0
  • CVE-2021-38877
    CVE-2021-38877
    IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended funct ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:31 | 回复:0
  • CVE-2020-19949
    CVE-2020-19949
    A cross-site scripting (XSS) vulnerability in the /link/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:26 | 回复:0
  • CVE-2020-19950
    CVE-2020-19950
    A cross-site scripting (XSS) vulnerability in the /banner/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:11 | 回复:0
  • CVE-2020-19951
    CVE-2020-19951
    A cross-site request forgery (CSRF) in /controller/pay.class.php of YzmCMS v5.5 allows attackers to access sensitive components of the application.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:14 | 回复:0
  • CVE-2021-41088
    CVE-2021-41088
    Elvish is a programming language and interactive shell, combined into one package. In versions prior to 0.14.0 Elvish's web UI backend (started by `elvish -web`) hosts an endpoint that allows exec ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:20 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
专题导读
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap