CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2020-26885

An issue was discovered in 2sic 2sxc before 11.22. A XSS vulnerability in the sxcver parameter of dnn/ui.html allows an attacker to craft a malicious URL that executes a JavaScript payload in a victim ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：5 | 回复：0
CVE-2021-28382

Zoho ManageEngine Key Manager Plus before 6001 allows Stored XSS on the user-management page while importing malicious user details from AD.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：8 | 回复：0
CVE-2020-36383

PageLayer before 1.3.5 allows reflected XSS via the font-size parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：15 | 回复：0
CVE-2020-36384

PageLayer before 1.3.5 allows reflected XSS via color settings.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：20 | 回复：0
CVE-2021-24336

The FlightLog WordPress plugin through 3.0.2 does not sanitise, validate or escape various POST parameters before using them a SQL statement, leading to SQL injections exploitable by editor and admini ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：16 | 回复：0
CVE-2021-24337

The id GET parameter of one of the Video Embed WordPress plugin through 1.0's page (available via forced browsing) is not sanitised, validated or escaped before being used in a SQL statement, allo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：25 | 回复：0
CVE-2021-24340

The WP Statistics WordPress plugin before 13.0.8 relied on using the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query. Additionally, the page, which ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：39 | 回复：0
CVE-2021-24342

The JNews WordPress theme before 8.0.6 did not sanitise the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*), leading to a Reflected Cross-Site Scrip ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：29 | 回复：0
CVE-2021-24343

The iFlyChat - WordPress Chat plugin through 4.6.4 does not sanitise its APP ID setting before outputting it back in the page, leading to an authenticated Stored Cross-Site Scripting issue……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：23 | 回复：0
CVE-2021-24344

The Easy Preloader WordPress plugin through 1.0.0 does not sanitise its setting fields, leading to authenticated (admin+) Stored Cross-Site scripting issues……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：17 | 回复：0
CVE-2020-36385

An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：32 | 回复：0
CVE-2021-29099

A SQL injection vulnerability exists in some configurations of ArcGIS Server versions 10.8.1 and earlier. Specially crafted web requests can expose information that is not intended to be disclosed (no ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：36 | 回复：0
CVE-2021-33904

** DISPUTED ** In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS. NOTE: The vendor states there are configurable security flags and we are u ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：21 | 回复：0
CVE-2021-22222

Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：35 | 回复：0
CVE-2020-5008

IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.14 stores sensitive information in GET request parameters. This may lead to information disclosure if unauthorized parti ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：15 | 回复：0
CVE-2021-20517

IBM WebSphere Application Server Network Deployment 8.5 and 9.0 could allow a remote authenticated attacker to traverse directories. An attacker could send a specially-crafted URL request containing d ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：22 | 回复：0
CVE-2021-20698

Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：22 | 回复：0
CVE-2021-20699

Sharp NEC Displays ((UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prio ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：21 | 回复：0
CVE-2020-1719

A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentia ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：21 | 回复：0
CVE-2020-18264

Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component Simple-Log/admin/admin.php?act=act_edit_member.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：11 | 回复：0
CVE-2020-18265

Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component Simple-Log/admin/admin.php?act=act_add_member.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：18 | 回复：0
CVE-2020-18268

Open Redirect in Z-BlogPHP v1.5.2 and earlier allows remote attackers to obtain sensitive information via the redirect parameter in the component zb_system/cmd.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：15 | 回复：0
CVE-2021-29621

Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder = 3.2.3. Allows for a non authenticated user to enumerate existing a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：23 | 回复：0
CVE-2021-33896

Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (only for creation of new files) via URI-encoded path separators.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：16 | 回复：0
CVE-2018-25015

An issue was discovered in the Linux kernel before 4.14.16. There is a use-after-free in net/sctp/socket.c for a held lock after a peel off, aka CID-a0ff660058b8.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：16 | 回复：0
CVE-2019-25045

An issue was discovered in the Linux kernel before 5.0.19. The XFRM subsystem has a use-after-free, related to an xfrm_state_fini panic, aka CID-dbb2483b2a46.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：33 | 回复：0
CVE-2020-1690

An improper authorization flaw was discovered in openstack-selinux's applied policy where it does not prevent a non-root user in a container from privilege escalation. A non-root attacker in one o ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：15 | 回复：0
CVE-2020-1742

An insecure modification vulnerability flaw was found in containers using nmstate/kubernetes-nmstate-handler. An attacker with access to the container could use this flaw to modify /etc/passwd and esc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：41 | 回复：0
CVE-2020-36386

An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：33 | 回复：0
CVE-2020-36387

An issue was discovered in the Linux kernel before 5.8.2. fs/io_uring.c has a use-after-free related to io_async_task_func and ctx reference holding, aka CID-6d816e088c35.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：31 | 回复：0
CVE-2021-30521

Heap buffer overflow in Autofill in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：40 | 回复：0
CVE-2021-30522

Use after free in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：19 | 回复：0
CVE-2021-30523

Use after free in WebRTC in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：39 | 回复：0
CVE-2021-30524

Use after free in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML pa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：30 | 回复：0
CVE-2021-30525

Use after free in TabGroups in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：30 | 回复：0
CVE-2021-30526

Out of bounds write in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：29 | 回复：0
CVE-2021-30527

Use after free in WebUI in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：20 | 回复：0
CVE-2021-30528

Use after free in WebAuthentication in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker who had compromised the renderer process of a user who had saved a credit card in their ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：14 | 回复：0
CVE-2021-30529

Use after free in Bookmarks in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：19 | 回复：0
CVE-2021-30530

Out of bounds memory access in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：18 | 回复：0