• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

CVE漏洞

RSS
  • CVE-2021-24392
    CVE-2021-24392
    An id GET parameter of the WordPress Membership SwiftCloud.io WordPress plugin through 1.0 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:20 | 回复:0
  • CVE-2021-24393
    CVE-2021-24393
    A c GET parameter of the Comment Highlighter WordPress plugin through 0.13 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:23 | 回复:0
  • CVE-2021-24394
    CVE-2021-24394
    An id GET parameter of the Easy Testimonial Manager WordPress plugin through 1.2.0 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:23 | 回复:0
  • CVE-2021-24395
    CVE-2021-24395
    The editid GET parameter of the Embed Youtube Video WordPress plugin through 1.0 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:19 | 回复:0
  • CVE-2021-24435
    CVE-2021-24435
    The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected C ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:8 | 回复:0
  • CVE-2021-24513
    CVE-2021-24513
    The Form Builder | Create Responsive Contact Forms WordPress plugin before 1.9.8.4 does not sanitise or escape its Form Title, allowing high privilege users such as admin to set Cross-Site Scripting p ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:18 | 回复:0
  • CVE-2021-24517
    CVE-2021-24517
    The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2021.18 does not escape some of its settings, allowing high privilege users such as admin to set Cross-Site Scrip ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:7 | 回复:0
  • CVE-2021-24568
    CVE-2021-24568
    The AddToAny Share Buttons WordPress plugin before 1.7.46 does not sanitise its Sharing Header setting when outputting it in frontend pages, allowing high privilege users such as admin to perform Cros ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:12 | 回复:0
  • CVE-2021-24588
    CVE-2021-24588
    The SMS Alert Order Notifications WordPress plugin before 3.4.7 is affected by a cross site scripting (XSS) vulnerability in the plugin's setting page.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:7 | 回复:0
  • CVE-2021-24590
    CVE-2021-24590
    The Cookie Notice Consent Banner for GDPR CCPA Compliance WordPress plugin before 1.7.2 does not properly sanitize inputs to prevent injection of arbitrary HTML within the plugin's design custom ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:5 | 回复:0
  • CVE-2021-24591
    CVE-2021-24591
    The Highlight WordPress plugin before 0.9.3 does not sanitise its CustomCSS setting, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is d ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:9 | 回复:0
  • CVE-2021-24599
    CVE-2021-24599
    The Email Encoder – Protect Email Addresses WordPress plugin before 2.1.2 has an endpoint that requires no authentication and will render a user supplied value in the HTML response without escapi ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:7 | 回复:0
  • CVE-2021-24601
    CVE-2021-24601
    The WPFront Notification Bar WordPress plugin before 2.1.0.08087 does not properly sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:11 | 回复:0
  • CVE-2021-24603
    CVE-2021-24603
    The Site Reviews WordPress plugin before 5.13.1 does not sanitise some of its Review Details when adding a review as an admin, which could allow them to perform Cross-Site Scripting attacks when the u ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:9 | 回复:0
  • CVE-2021-24611
    CVE-2021-24611
    The Keyword Meta WordPress plugin through 3.0 does not sanitise of escape its settings before outputting them back in the page after they are saved, allowing for Cross-Site Scripting issues. Furthermo ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:20 | 回复:0
  • CVE-2021-25735
    CVE-2021-25735
    A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admi ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:9 | 回复:0
  • CVE-2021-25737
    CVE-2021-25737
    A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or l ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:16 | 回复:0
  • CVE-2021-32568
    CVE-2021-32568
    mrdoc is vulnerable to Deserialization of Untrusted Data……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:21 | 回复:0
  • CVE-2021-36744
    CVE-2021-36744
    Trend Micro Security (Consumer) 2021 and 2020 are vulnerable to a directory junction vulnerability which could allow an attacker to exploit the system to escalate privileges and create a denial of ser ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:27 | 回复:0
  • CVE-2021-37701
    CVE-2021-37701
    The npm package tar (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any fil ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:25 | 回复:0
  • CVE-2021-37712
    CVE-2021-37712
    The npm package tar (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any fi ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:14 | 回复:0
  • CVE-2021-37713
    CVE-2021-37713
    The npm package tar (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any fi ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:18 | 回复:0
  • CVE-2021-39134
    CVE-2021-39134
    `@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:16 | 回复:0
  • CVE-2021-39135
    CVE-2021-39135
    `@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts w ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:26 | 回复:0
  • CVE-2021-39164
    CVE-2021-39164
    Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership (list of members, with their display names) of ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:16 | 回复:0
  • CVE-2021-3634
    CVE-2021-3634
    A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other sessi ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:26 | 回复:0
  • CVE-2021-27668
    CVE-2021-27668
    HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondaries without authentication. Fixed in 1.6.3.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:51 | 回复:0
  • CVE-2021-36231
    CVE-2021-36231
    Deserialization of untrusted data in multiple functions in MIK.starlight 7.9.5.24363 allows authenticated remote attackers to execute operating system commands by crafting serialized objects.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:51 | 回复:0
  • CVE-2021-36232
    CVE-2021-36232
    Improper Authorization in multiple functions in MIK.starlight 7.9.5.24363 allows an authenticated attacker to escalate privileges.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:65 | 回复:0
  • CVE-2021-36233
    CVE-2021-36233
    The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5.24363 allows (by design) an authenticated attacker to read arbitrary files from the filesystem by specifying the file path.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:39 | 回复:0
  • CVE-2021-36234
    CVE-2021-36234
    Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt credentials via unspecified vectors.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:32 | 回复:0
  • CVE-2021-37794
    CVE-2021-37794
    A stored cross-site scripting (XSS) vulnerability exists in FileBrowser v2.16.0 that allows an authenticated user authorized to upload a malicious .svg file which acts as a stored XSS payload. If thi ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:64 | 回复:0
  • CVE-2021-39176
    CVE-2021-39176
    detect-character-encoding is a package for detecting character encoding using ICU. In detect-character-encoding v0.3.0 and earlier, allocated memory is not released. The problem has been patched in de ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:53 | 回复:0
  • CVE-2021-39180
    CVE-2021-39180
    OpenOLAT is a web-based learning management system (LMS). A path traversal vulnerability exists in versions prior to 15.3.18, 15.5.3, and 16.0.0. Using a specially prepared ZIP file, it is possible to ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:27 | 回复:0
  • CVE-2021-40085
    CVE-2021-40085
    An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:49 | 回复:0
  • CVE-2021-22029
    CVE-2021-22029
    VMware Workspace ONE UEM REST API contains a denial of service vulnerability. A malicious actor with access to /API/system/admins/session could cause an API denial of service due to improper rate limi ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:66 | 回复:0
  • CVE-2021-22002
    CVE-2021-22002
    VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:71 | 回复:0
  • CVE-2021-22003
    CVE-2021-22003
    VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:65 | 回复:0
  • CVE-2020-20486
    CVE-2020-20486
    IEC104 v1.0 contains a stack-buffer overflow in the parameter Iec10x_Sta_Addr.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:76 | 回复:0
  • CVE-2020-20490
    CVE-2020-20490
    A heap buffer-overflow in the client_example1.c component of libiec_iccp_mod v1.5 leads to a denial of service (DOS).……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:56 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
专题导读
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap