CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-23398

All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting (XSS) via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：16 | 回复：0
CVE-2021-33348

An issue was discovered in JFinal framework v4.9.10 and below. The set method of the Controller class of jfinal framework is not strictly filtered, which will lead to XSS vulnerabilities in some cases ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：30 | 回复：0
CVE-2020-18662

SQL Injection vulnerability in gnuboard5 =v5.3.2.8 via the table_prefix parameter in install_db.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：25 | 回复：0
CVE-2020-18663

Cross Site Scripting (XSS) vulnerability in gnuboard5 =v5.3.2.8 via the act parameter in bbs/move_update.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：13 | 回复：0
CVE-2020-18664

Cross Site Scripting (XSS) vulnerability in WebPort =1.19.1via the connection name parameter in type-conn.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：14 | 回复：0
CVE-2020-18665

Directory Traversal vulnerability in WebPort =1.19.1 in tags of system settings.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：16 | 回复：0
CVE-2020-18666

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-18664. Reason: This candidate is a duplicate of CVE-2020-18664. Notes: All CVE users should reference CVE-2020-18664 instead of this ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：9 | 回复：0
CVE-2020-21783

In IBOS 4.5.4 the email function has a cross site scripting (XSS) vulnerability in emailbody parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：10 | 回复：0
CVE-2020-21784

phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setup.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：10 | 回复：0
CVE-2020-21785

In IBOS 4.5.4 Open, the database backup has Command Injection Vulnerability.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：13 | 回复：0
CVE-2020-21786

In IBOS 4.5.4 Open, Arbitrary File Inclusion causes getshell via /system/modules/dashboard/controllers/CronController.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：7 | 回复：0
CVE-2021-31649

In applications using jfinal 4.9.08 and below, there is a deserialization vulnerability when using redis,may be vulnerable to remote code execute……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：15 | 回复：0
CVE-2021-32704

DHIS 2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability has been found in specific versions of DHIS2. This vulnera ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：6 | 回复：0
CVE-2021-33346

There is an arbitrary password modification vulnerability in a D-LINK DSL-2888A router product. An attacker can use this vulnerability to modify the password of the admin user without authorization.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：10 | 回复：0
CVE-2020-18667

SQL Injection vulnerability in WebPort =1.19.1 via the new connection, parameter name in type-conn.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：14 | 回复：0
CVE-2021-21571

Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：6 | 回复：0
CVE-2021-21572

Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary cod ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：16 | 回复：0
CVE-2021-21573

Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary cod ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：26 | 回复：0
CVE-2021-21574

Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary cod ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：16 | 回复：0
CVE-2021-32708

Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially all ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：18 | 回复：0
CVE-2020-18668

Cross Site Scripting (XSS) vulnerabililty in WebPort =1.19.1 via the description parameter to script/listcalls.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：23 | 回复：0
CVE-2021-33000

Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perform arbitrary code execution. User interaction is required on the WebAccess HMI De ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：21 | 回复：0
CVE-2021-33002

Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbitrary code. User interaction is require on the WebAccess HMI Designer (versions ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：19 | 回复：0
CVE-2021-33004

The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code. User interaction is re ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：38 | 回复：0
CVE-2020-18670

Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：32 | 回复：0
CVE-2020-18671

Cross Site Scripting (XSS) vulnerability in Roundcube Mail =1.4.4 via smtp config in /installer/test.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：26 | 回复：0
CVE-2020-4885

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow a local user to access and change the configuration of Db2 due to a race condition of a symbolic link,. IBM X-Force I ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：171 | 回复：0
CVE-2020-4945

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to overwrite arbirary files due to improper group permissions. IBM X-Force ID: 191945.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：30 | 回复：0
CVE-2021-20579

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can create a view or inline SQL function to obtain sensitive information when A ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：32 | 回复：0
CVE-2021-29703

Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：36 | 回复：0
CVE-2021-29777

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5, under specific circumstance of a table being dropped while being accessed in another session, could a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：29 | 回复：0
CVE-2021-32490

A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds write in function DJVU::filter_bv() via crafted djvu file may lead to application crash and other consequences.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：28 | 回复：0
CVE-2021-32491

A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow in function render() in tools/ddjvu via crafted djvu file may lead to application crash and other consequences.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：35 | 回复：0
CVE-2021-32492

A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds read in function DJVU::DataPool::has_data() via crafted djvu file may lead to application crash and other consequences.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：29 | 回复：0
CVE-2021-32493

A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::decode() via crafted djvu file may lead to application crash and other consequences.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：22 | 回复：0
CVE-2021-32709

Shopware is an open source eCommerce platform. Creation of order credits was not validated by ACL in admin orders. Users are recommend to update to the current version 6.4.1.1. You can get the update ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：34 | 回复：0
CVE-2021-3500

A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in function DJVU::DjVuDocument::get_djvu_file() via crafted djvu file may lead to application crash and other consequences.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：29 | 回复：0
CVE-2020-17752

Integer overflow vulnerability in payable function of a smart contract implementation for an Ethereum token, as demonstrated by the smart contract implemented at address 0xB49E984A83d7A638E7F2889fc832 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：21 | 回复：0
CVE-2020-17753

An issue was discovered in function addMeByRC in the smart contract implementation for RC, an Ethereum token, allows attackers to transfer an arbitrary amount of tokens to an arbitrary address.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：44 | 回复：0
CVE-2020-17759

An issue was found in the Evernote client for Windows 10, 7, and 2008 in the protocol handler. This enables attackers for arbitrary command execution if the user clicks on a specially crafted URL. AKA ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：27 | 回复：0