• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

CVE漏洞

RSS
  • CVE-2021-33675
    CVE-2021-33675
    Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. This allows an attacker to exploit a Reflected Cross-Site Scripting (XSS) vulnerability ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:43 | 阅读:17 | 回复:0
  • CVE-2021-33679
    CVE-2021-33679
    The SAP BusinessObjects BI Platform version - 420 allows an attacker, who has basic access to the application, to inject a malicious script while creating a new module document, file, or folder. When ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:43 | 阅读:29 | 回复:0
  • CVE-2021-33685
    CVE-2021-33685
    SAP Business One version - 10.0 allows low-level authorized attacker to traverse the file system to access files or directories that are outside of the restricted directory. A successful attack allows ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:43 | 阅读:30 | 回复:0
  • CVE-2021-33686
    CVE-2021-33686
    Under certain conditions, SAP Business One version - 10.0, allows an unauthorized attacker to get access to some encrypted sensitive information, but does not have control over kind or degree.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:43 | 阅读:16 | 回复:0
  • CVE-2021-33688
    CVE-2021-33688
    SAP Business One allows an attacker with business privileges to execute crafted database queries, exposing the back-end database. Due to framework restrictions, only some information can be obtained.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:43 | 阅读:11 | 回复:0
  • CVE-2021-36581
    CVE-2021-36581
    Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. It is possible to upload any file extension to the server. The server does not verify the extension of the file and the tester was able to upl ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:43 | 阅读:8 | 回复:0
  • CVE-2021-36582
    CVE-2021-36582
    In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell (e.g., aspx) to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Te ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:43 | 阅读:10 | 回复:0
  • CVE-2021-37531
    CVE-2021-37531
    SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, contains an XSLT vulnerability which allows a non-administrative authenticated attacker to craft a malicious ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:43 | 阅读:23 | 回复:0
  • CVE-2021-37532
    CVE-2021-37532
    SAP Business One version - 10, due to improper input validation, allows an authenticated User to gain access to directory and view the contents of index in the directory, which would otherwise be rest ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:43 | 阅读:33 | 回复:0
  • CVE-2021-37535
    CVE-2021-37535
    SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:43 | 阅读:18 | 回复:0
  • CVE-2021-38150
    CVE-2021-38150
    When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:43 | 阅读:13 | 回复:0
  • CVE-2021-38162
    CVE-2021-38162
    SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC -7.22, 7.22EXT, 7.49, 7.53, KERNEL - 7.22, 7.49, 7.53, 7.77, 7.81, 7.83 processes allow an unauthenticat ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:43 | 阅读:11 | 回复:0
  • CVE-2021-38163
    CVE-2021-38163
    SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and tri ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:43 | 阅读:6 | 回复:0
  • CVE-2021-38164
    CVE-2021-38164
    SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105, allows ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:43 | 阅读:14 | 回复:0
  • CVE-2021-38174
    CVE-2021-38174
    When a user opens manipulated files received from untrusted sources in SAP 3D Visual Enterprise Viewer version - 9, the application crashes and becomes temporarily unavailable to the user until restar ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:43 | 阅读:14 | 回复:0
  • CVE-2021-38175
    CVE-2021-38175
    SAP Analysis for Microsoft Office - version 2.8, allows an attacker with high privileges to read sensitive data over the network, and gather or change information in the current system without user in ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:43 | 阅读:9 | 回复:0
  • CVE-2021-38176
    CVE-2021-38176
    Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call NZDT function modules listed in Solution Section to execute manipulated query or inject ABA ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:43 | 阅读:13 | 回复:0
  • CVE-2021-38177
    CVE-2021-38177
    SAP CommonCryptoLib version 8.5.38 or lower is vulnerable to null pointer dereference vulnerability when an unauthenticated attacker sends crafted malicious data in the HTTP requests over the network, ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:43 | 阅读:11 | 回复:0
  • CVE-2021-23048
    CVE-2021-23048
    On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x, when GPRS Tunneling Protocol (GTP) iRules comma ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:43 | 阅读:15 | 回复:0
  • CVE-2021-23049
    CVE-2021-23049
    On BIG-IP version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3, when the iRules RESOLVER::summarize command is used on a virtual server, undisclosed requests can cause an increase in Traffic Manage ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:43 | 阅读:11 | 回复:0
  • CVE-2021-23050
    CVE-2021-23050
    On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all versions before 3.5.0, when a cross-site request forgery (CSRF)-enabled polic ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:43 | 阅读:21 | 回复:0
  • CVE-2021-23051
    CVE-2021-23051
    On BIG-IP versions 15.1.0.4 through 15.1.3, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP on Amazon Web Services (AWS) systems, undisclosed reques ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:43 | 阅读:17 | 回复:0
  • CVE-2021-23052
    CVE-2021-23052
    On version 14.1.x before 14.1.4.4 and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy. This vulnerability allows an unauthentic ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:43 | 阅读:23 | 回复:0
  • CVE-2021-23053
    CVE-2021-23053
    On version 15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6, when the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and the ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:43 | 阅读:19 | 回复:0
  • CVE-2021-20508
    CVE-2021-20508
    IBM Security Secret Server up to 11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used i ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:43 | 阅读:20 | 回复:0
  • CVE-2021-20569
    CVE-2021-20569
    IBM Security Secret Server up to 11.0 could allow an attacker to enumerate usernames due to improper input validation. IBM X-Force ID: 199243.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:43 | 阅读:18 | 回复:0
  • CVE-2021-20582
    CVE-2021-20582
    IBM Security Secret Server up to 11.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:43 | 阅读:20 | 回复:0
  • CVE-2021-23041
    CVE-2021-23041
    On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a DOM based cross-site scripting (XSS) vulnerability exists ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:43 | 阅读:22 | 回复:0
  • CVE-2021-23047
    CVE-2021-23047
    On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, and all versions of 13.1.x, 12.1.x and 11.6.x, when BIG-IP APM performs Online Certificate Status Protocol (OCSP) verific ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:43 | 阅读:16 | 回复:0
  • CVE-2021-29841
    CVE-2021-29841
    IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:43 | 阅读:21 | 回复:0
  • CVE-2021-23040
    CVE-2021-23040
    On BIG-IP AFM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a SQL injection vulnerability exists in an undisclosed p ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:43 | 阅读:15 | 回复:0
  • CVE-2021-23042
    CVE-2021-23042
    On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, and 12.1.x before 12.1.6, when an HTTP profile is configured on a virtual server, undisclose ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:43 | 阅读:13 | 回复:0
  • CVE-2021-23043
    CVE-2021-23043
    On BIG-IP, on all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that all ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:43 | 阅读:12 | 回复:0
  • CVE-2021-23046
    CVE-2021-23046
    On all versions of Guided Configuration before 8.0.0, when a configuration that contains secure properties is created and deployed from Access Guided Configuration (AGC), secure properties are logged ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:43 | 阅读:6 | 回复:0
  • CVE-2020-21048
    CVE-2020-21048
    An issue in the dither.c component of libsixel prior to v1.8.4 allows attackers to cause a denial of service (DOS) via a crafted PNG file.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:43 | 阅读:13 | 回复:0
  • CVE-2020-21049
    CVE-2020-21049
    An invalid read in the stb_image.h component of libsixel prior to v1.8.5 allows attackers to cause a denial of service (DOS) via a crafted PSD file.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:43 | 阅读:16 | 回复:0
  • CVE-2020-21050
    CVE-2020-21050
    Libsixel prior to v1.8.3 contains a stack buffer overflow in the function gif_process_raster at fromgif.c.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:43 | 阅读:42 | 回复:0
  • CVE-2020-21081
    CVE-2020-21081
    A cross-site request forgery (CSRF) in Maccms 8.0 causes administrators to add and modify articles without their knowledge via clicking on a crafted URL.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:43 | 阅读:31 | 回复:0
  • CVE-2020-21082
    CVE-2020-21082
    A cross-site scripting (XSS) vulnerability in the background administrator article management module of Maccms 8.0 allows attackers to steal administrator and user cookies via crafted payloads in the ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:43 | 阅读:14 | 回复:0
  • CVE-2021-23044
    CVE-2021-23044
    On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x, when the Intel QuickAssist Technology (QAT) compres ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:43 | 阅读:29 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
专题导读
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap