• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

CVE漏洞

RSS
  • CVE-2021-28694
    CVE-2021-28694
    IOMMU page mapping issues on x86 T Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translatio ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:28 | 回复:0
  • CVE-2021-28695
    CVE-2021-28695
    IOMMU page mapping issues on x86 T Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translatio ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:17 | 回复:0
  • CVE-2021-28696
    CVE-2021-28696
    IOMMU page mapping issues on x86 T Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translatio ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:17 | 回复:0
  • CVE-2021-28697
    CVE-2021-28697
    grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a g ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:24 | 回复:0
  • CVE-2021-28698
    CVE-2021-28698
    long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. In the ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:25 | 回复:0
  • CVE-2021-28699
    CVE-2021-28699
    inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. That is, when operating in this mode, a guest has two tables. As a resul ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:25 | 回复:0
  • CVE-2021-28700
    CVE-2021-28700
    xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:15 | 回复:0
  • CVE-2021-3264
    CVE-2021-3264
    SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:15 | 回复:0
  • CVE-2020-18106
    CVE-2020-18106
    The GET parameter id in WMS v1.0 is passed without filtering, which allows attackers to perform SQL injection.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:22 | 回复:0
  • CVE-2020-18114
    CVE-2020-18114
    An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows attackers to upload a webshell in HTM format.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:14 | 回复:0
  • CVE-2020-18116
    CVE-2020-18116
    A lack of filtering for searched keywords in the search bar of YouDianCMS 8.0 allows attackers to perform SQL injection.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:16 | 回复:0
  • CVE-2021-32759
    CVE-2021-32759
    OpenMage magento-lts is an alternative to the Magento CE official releases. Due to missing sanitation in data flow in versions prior to 19.4.15 and 20.0.13, it was possible for admin users to upload a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:17 | 回复:0
  • CVE-2021-39171
    CVE-2021-39171
    Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. Prior to version 3.1.0, a malicious SAML payload can require transforms that consume significant s ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:19 | 回复:0
  • CVE-2021-39172
    CVE-2021-39172
    Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can exploit a new line injection in the configuration edition ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:27 | 回复:0
  • CVE-2021-39173
    CVE-2021-39173
    Cachet is an open source status page system. Prior to version 2.5.1 authenticated users, regardless of their privileges (User or Admin), can trick Cachet and install the instance again, leading to arb ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:26 | 回复:0
  • CVE-2021-39174
    CVE-2021-39174
    Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can leak the value of any configuration entry of the dotenv fi ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:18 | 回复:0
  • CVE-2021-38154
    CVE-2021-38154
    Certain Canon devices manufactured in 2012 through 2020 (such as imageRUNNER ADVANCE iR-ADV C5250), when Catwalk Server is enabled for HTTP access, allow remote attackers to modify an e-mail address s ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:27 | 回复:0
  • CVE-2021-40172
    CVE-2021-40172
    Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on proxy settings.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:16 | 回复:0
  • CVE-2021-40173
    CVE-2021-40173
    Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:14 | 回复:0
  • CVE-2021-40174
    CVE-2021-40174
    Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:13 | 回复:0
  • CVE-2021-40175
    CVE-2021-40175
    Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:13 | 回复:0
  • CVE-2021-40176
    CVE-2021-40176
    Zoho ManageEngine Log360 before Build 5225 allows stored XSS.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:9 | 回复:0
  • CVE-2021-40177
    CVE-2021-40177
    Zoho ManageEngine Log360 before Build 5225 allows remote code execution via BCP file overwrite.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:9 | 回复:0
  • CVE-2021-40178
    CVE-2021-40178
    Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logon settings.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:6 | 回复:0
  • CVE-2021-37749
    CVE-2021-37749
    MapService.svc in Hexagon GeoMedia WebMap 2020 before Update 2 (aka 16.6.2.66) allows blind SQL Injection via the Id (within sourceItems) parameter to the GetMap method.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:11 | 回复:0
  • CVE-2021-36359
    CVE-2021-36359
    OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution (RCE) via XML tag injection because reportlab\platypus\paraparser.py (reached via bscw.cgi op=_editfolder.EditFo ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:11 | 回复:0
  • CVE-2021-38385
    CVE-2021-38385
    Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007 ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:10 | 回复:0
  • CVE-2021-39271
    CVE-2021-39271
    OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution (RCE) during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. This is fixed in ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:8 | 回复:0
  • CVE-2021-39272
    CVE-2021-39272
    Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:13 | 回复:0
  • CVE-2021-26084
    CVE-2021-26084
    In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:27 | 回复:0
  • CVE-2021-39111
    CVE-2021-39111
    The Editor plugin in Atlassian Jira Server and Data Center before version 8.5.18, from 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2 allows remote attackers to inject arbitrary HTML or J ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:17 | 回复:0
  • CVE-2021-39113
    CVE-2021-39113
    Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to continue to view cached content even after losing permissions, via a Broken Access Control vulnerability ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:30 | 回复:0
  • CVE-2021-39117
    CVE-2021-39117
    The AssociateFieldToScreens page in Atlassian Jira Server and Data Center before version 8.18.0 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerab ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:17 | 回复:0
  • CVE-2020-15744
    CVE-2020-15744
    Stack-based Buffer Overflow vulnerability in the ONVIF server component of Victure PC420 smart camera allows an attacker to execute remote code on the target device. This issue affects: Victure PC420 ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:67 | 回复:0
  • CVE-2021-25958
    CVE-2021-25958
    In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch exception to handle errors at multiple locations but leaks out sensitive table info which may aid the attacker for further recon. ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:17 | 回复:0
  • CVE-2021-24437
    CVE-2021-24437
    The Favicon by RealFaviconGenerator WordPress plugin through 1.3.20 does not sanitise or escape one of its parameter before outputting it back in the response, leading to a Reflected Cross-Site Script ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:18 | 回复:0
  • CVE-2021-24438
    CVE-2021-24438
    The ShareThis Dashboard for Google Analytics WordPress plugin before 2.5.2 does not sanitise or escape the 'ga_action' parameter in the stats view before outputting it back in an attribute whe ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:16 | 回复:0
  • CVE-2021-24528
    CVE-2021-24528
    The FluentSMTP WordPress plugin before 2.0.1 does not sanitize parameters before storing the settings in the database, nor does the plugin escape the values before outputting them when viewing the SMT ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:19 | 回复:0
  • CVE-2021-24579
    CVE-2021-24579
    The bt_bb_get_grid AJAX action of the Bold Page Builder WordPress plugin before 3.1.6 passes user input into the unserialize() function without any validation or sanitisation, which could lead to a PH ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:10 | 回复:0
  • CVE-2021-24580
    CVE-2021-24580
    The Side Menu Lite WordPress plugin before 2.2.6 does not sanitise user input from the List page in the admin dashboard before using it in SQL statement, leading to a SQL Injection issue……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:7 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
专题导读
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap