• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

CVE漏洞

RSS
  • CVE-2021-37424
    CVE-2021-37424
    ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:27 | 回复:0
  • CVE-2021-37741
    CVE-2021-37741
    ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:13 | 回复:0
  • CVE-2021-41531
    CVE-2021-41531
    NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length parameter in a ROA. This will lead to RTR clients such as routers to reject the ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:10 | 回复:0
  • CVE-2021-41525
    CVE-2021-41525
    An issue related to modification of otherwise restricted files through a locally authenticated attacker exists in FlexNet inventory agent and inventory beacon versions 2020 R2.5 and prior.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:9 | 回复:0
  • CVE-2021-29795
    CVE-2021-29795
    IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a partition that could crash the system. IBM X-Force ID: ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:32 | 回复:0
  • CVE-2021-29831
    CVE-2021-29831
    IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit thi ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:23 | 回复:0
  • CVE-2021-23443
    CVE-2021-23443
    This affects the package edge.js before 5.3.2. A type confusion vulnerability can be used to bypass input sanitization when the input to be rendered is an array (instead of a string or a SafeValue), e ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:25 | 回复:0
  • CVE-2021-23444
    CVE-2021-23444
    This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:10 | 回复:0
  • CVE-2021-39230
    CVE-2021-39230
    Butter is a system usability utility. Due to a kernel error the JPNS kernel is being discontinued. Affected users are recommend to update to the Trinity kernel. There are no workarounds.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:5 | 回复:0
  • CVE-2021-40868
    CVE-2021-40868
    In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:8 | 回复:0
  • CVE-2021-40847
    CVE-2021-40847
    The update process of the Circle Parental Control Service on various NETGEAR routers allows remote attackers to achieve remote code execution as root via a MitM attack. While the parental controls the ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:30 | 回复:0
  • CVE-2021-41084
    CVE-2021-41084
    http4s is an open source scala interface for HTTP. In affected versions http4s is vulnerable to response-splitting or request-splitting attacks when untrusted user input is used to create any of the f ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:23 | 回复:0
  • CVE-2020-19551
    CVE-2020-19551
    Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 in common.func.php, which when uploaded can cause remote code executiong.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:7 | 回复:0
  • CVE-2020-19553
    CVE-2020-19553
    Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:12 | 回复:0
  • CVE-2020-19554
    CVE-2020-19554
    Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager =12.5.174 when the API key contains an XML-based XSS payload.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:5 | 回复:0
  • CVE-2020-35540
    CVE-2020-35540
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:9 | 回复:0
  • CVE-2020-35541
    CVE-2020-35541
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:19 | 回复:0
  • CVE-2021-41086
    CVE-2021-41086
    jsuites is an open source collection of common required javascript web components. In affected versions users are subject to cross site scripting (XSS) attacks via clipboard content. jsuites is vulner ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:12 | 回复:0
  • CVE-2021-41087
    CVE-2021-41087
    in-toto-golang is a go implementation of the in-toto framework to protect software supply chain integrity. In affected versions authenticated attackers posing as functionaries (i.e., within a trusted ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:16 | 回复:0
  • CVE-2020-23266
    CVE-2020-23266
    An issue was discovered in gpac 0.8.0. The OD_ReadUTF8String function in odf_code.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media file.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:33 | 回复:0
  • CVE-2020-23267
    CVE-2020-23267
    An issue was discovered in gpac 0.8.0. The gf_hinter_track_process function in isom_hinter_track_process.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted me ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:27 | 回复:0
  • CVE-2020-23269
    CVE-2020-23269
    An issue was discovered in gpac 0.8.0. The stbl_GetSampleSize function in isomedia/stbl_read.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media file.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:12 | 回复:0
  • CVE-2020-23273
    CVE-2020-23273
    Heap-buffer overflow in the randomize_iparp function in edit_packet.c. of Tcpreplay v4.3.2 allows attackers to cause a denial of service (DOS) via a crafted pcap.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:16 | 回复:0
  • CVE-2021-41382
    CVE-2021-41382
    Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server management interface.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:17 | 回复:0
  • CVE-2021-31819
    CVE-2021-31819
    In Halibut versions prior to 4.4.7 there is a deserialisation vulnerability that could allow remote code execution on systems that already trust each other based on certificate verification.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:6 | 回复:0
  • CVE-2021-38112
    CVE-2021-38112
    In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, argument injection in the workspaces:// URI handler can lead to remote code execution because of the Chromium Embedded Framework (C ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:14 | 回复:0
  • CVE-2021-38153
    CVE-2021-38153
    Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:9 | 回复:0
  • CVE-2021-39339
    CVE-2021-39339
    The Telefication WordPress plugin is vulnerable to Open Proxy and Server-Side Request Forgery via the ~/bypass.php file due to a user-supplied URL request value that gets called by a curl requests. Th ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:11 | 回复:0
  • CVE-2021-3583
    CVE-2021-3583
    A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi- ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:22 | 回复:0
  • CVE-2021-36260
    CVE-2021-36260
    A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:33 | 回复:0
  • CVE-2021-39404
    CVE-2021-39404
    MaianAffiliate v1.0 allows an authenticated administrative user to save an XSS to the database.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:9 | 回复:0
  • CVE-2021-31836
    CVE-2021-31836
    Improper privilege management vulnerability in maconfig for McAfee Agent for Windows prior to 5.7.4 allows a local user to gain access to sensitive information. The utility was able to be run from any ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:22 | 回复:0
  • CVE-2021-31841
    CVE-2021-31841
    A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific loca ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:8 | 回复:0
  • CVE-2021-31847
    CVE-2021-31847
    Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:7 | 回复:0
  • CVE-2021-37925
    CVE-2021-37925
    Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnerability.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:6 | 回复:0
  • CVE-2021-37927
    CVE-2021-37927
    Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:8 | 回复:0
  • CVE-2021-40875
    CVE-2021-40875
    Improper Access Control in Gurock TestRail versions 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail applic ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:7 | 回复:0
  • CVE-2021-41011
    CVE-2021-41011
    LINE client for iOS before 11.15.0 might expose authentication information for a certain service to external entities under certain conditions. This is usually impossible, but in combination with a se ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:15 | 回复:0
  • CVE-2019-6288
    CVE-2019-6288
    Edgecore ECS2020 Firmware 1.0.0.0 devices allow Unauthenticated Command Injection via the command1 HTTP header to the /EXCU_SHELL URI.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:17 | 回复:0
  • CVE-2021-37860
    CVE-2021-37860
    Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard contents, which allows a user-assisted attacker to inject arbitrary web script in product deployments that explicitly disable the d ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:17 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
专题导读
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap