CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-32705

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public DAV endpoint. This may have allowed ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：22 | 回复：0
CVE-2021-36381

In Edifecs Transaction Management through 2021-07-12, an unauthenticated user can inject arbitrary text into a user's browser via logon.jsp?logon_error= on the login screen of the Web application. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：20 | 回复：0
CVE-2020-18982

Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAuthorUrl.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：18 | 回复：0
CVE-2020-19037

Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a malicious user to bypass encrption to view encrpted articles via cookies.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：42 | 回复：0
CVE-2020-19038

File Deletion vulnerability in Halo 0.4.3 via delBackup.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：17 | 回复：0
CVE-2020-23079

SSRF vulnerability in Halo =1.3.2 exists in the SMTP configuration, which can detect the server intranet.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：14 | 回复：0
CVE-2021-32689

Nextcloud Talk is a fully on-premises audio/video and chat communication service. In versions prior to 11.2.2, if a user was able to reuse an earlier used username, they could get access to any chat m ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：13 | 回复：0
CVE-2021-32707

Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter fail ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：21 | 回复：0
CVE-2020-18544

SQL Injection in WMS v1.0 allows remote attackers to execute arbitrary code via the username parameter in the component chkuser.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：15 | 回复：0
CVE-2021-33192

A vulnerability in the HTML pages of Apache Jena Fuseki allows an attacker to execute arbitrary javascript on certain page views. This issue affects Apache Jena Fuseki from version 2.0.0 to version 4. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：19 | 回复：0
CVE-2021-23401

This affects all versions of package Flask-User. When using the make_safe_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slash ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：14 | 回复：0
CVE-2020-26763

The Rocket.Chat desktop application 2.17.11 opens external links without user interaction.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：13 | 回复：0
CVE-2021-35331

** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：19 | 回复：0
CVE-2021-36158

In the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：7 | 回复：0
CVE-2021-32233

SmarterTools SmarterMail before Build 7776 allows XSS.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：9 | 回复：0
CVE-2021-24005

Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：9 | 回复：0
CVE-2021-24375

Lack of authentication or validation in motor_load_more, motor_gallery_load_more, motor_quick_view and motor_project_quick_view AJAX handlers of the Motor WordPress theme before 3.1.0 allows an unauth ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：15 | 回复：0
CVE-2021-24384

The joomsport_md_load AJAX action of the JoomSport WordPress plugin before 5.1.8, registered for both unauthenticated and unauthenticated users, unserialised user input from the shattr POST parameter, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：14 | 回复：0
CVE-2021-24386

The WP SVG images WordPress plugin before 3.4 did not sanitise the SVG files uploaded, which could allow low privilege users such as author+ to upload a malicious SVG and then perform XSS attacks by i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：10 | 回复：0
CVE-2021-24387

The WP Pro Real Estate 7 WordPress theme before 3.1.1 did not properly sanitise the ct_community parameter in its search listing page before outputting it back in it, leading to a reflected Cross-Site ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：17 | 回复：0
CVE-2021-24388

In the VikRentCar Car Rental Management System WordPress plugin before 1.1.7, there is a custom filed option by which we can manage all the fields that the users will have to fill in before saving the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：15 | 回复：0
CVE-2021-24389

The WP Foodbakery WordPress plugin before 2.2, used in the FoodBakery WordPress theme before 2.2 did not properly sanitize the foodbakery_radius parameter before outputting it back in the response, le ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：15 | 回复：0
CVE-2021-24405

The Easy Cookies Policy WordPress plugin through 1.6.2 is lacking any capability and CSRF check when saving its settings, allowing any authenticated users (such as subscriber) to change them. If users ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：18 | 回复：0
CVE-2021-24406

The wpForo Forum WordPress plugin before 1.9.7 did not validate the redirect_to parameter in the login form of the forum, leading to an open redirect issue after a successful login. Such issue could a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：9 | 回复：0
CVE-2021-24407

The Jannah WordPress theme before 5.4.5 did not properly sanitize the 'query' POST parameter in its tie_ajax_search AJAX action, leading to a Reflected Cross-site Scripting (XSS) vulnerability ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：36 | 回复：0
CVE-2021-24451

The Export Users With Meta WordPress plugin before 0.6.5 did not escape the list of roles to export before using them in a SQL statement in the export functionality, available to admins, leading to an ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：20 | 回复：0
CVE-2021-24494

The WP Offload SES Lite WordPress plugin before 1.4.5 did not escape some of the fields in the Activity page of the admin dashboard, such as the email's id, subject and recipient, which could lead ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：16 | 回复：0
CVE-2021-27930

Multiple stored XSS vulnerabilities in IrisNext Edition 9.5.16, which allows an authenticated (or compromised) user to inject malicious JavaScript in folder/file name within the application in order t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：17 | 回复：0
CVE-2021-32559

An integer overflow exists in pywin32 prior to version b301 when adding an access control entry (ACE) to an access control list (ACL) that would cause the size to be greater than 65535 bytes. An attac ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：20 | 回复：0
CVE-2021-31771

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：12 | 回复：0
CVE-2021-32740

Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 throug ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：7 | 回复：0
CVE-2021-35440

Smashing 1.3.4 is vulnerable to Cross Site Scripting (XSS). A URL for a widget can be crafted and used to execute JavaScript on the victim's computer. The JavaScript code can then steal data avail ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：23 | 回复：0
CVE-2021-3598

There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could caus ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：11 | 回复：0
CVE-2021-34190

A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：9 | 回复：0
CVE-2020-22249

Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with e ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：21 | 回复：0
CVE-2020-22251

Cross Site Scripting (XSS) vulnerability in phpList 3.5.3 via the login name field in Manage Administrators when adding a new admin.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：12 | 回复：0
CVE-2020-23697

Cross Site Scripting vulnerabilty in Monstra CMS 3.0.4 via the page feature in admin/index.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：7 | 回复：0
CVE-2021-22226

Under certain conditions, some users were able to push to protected branches that were restricted to deploy keys in GitLab CE/EE since version 13.9……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：16 | 回复：0
CVE-2021-22229

An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8. Under a special condition it was possible to access data of an internal repository through project fork done by ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：28 | 回复：0
CVE-2021-22232

HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：8 | 回复：0