CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2020-24862

The catID parameter in Pharmacy Medical Store and Sale Point v1.0 has been found to be vulnerable to a Time-Based blind SQL injection via the /medical/inventories.php path which allows attackers to re ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：31 | 回复：0
CVE-2020-25362

The id paramater in Online Shopping Alphaware 1.0 has been discovered to be vulnerable to an Error-Based blind SQL injection in the /alphaware/details.php path. This allows an attacker to retrieve all ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：25 | 回复：0
CVE-2021-30474

aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use-after-free.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：21 | 回复：0
CVE-2021-3529

A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a pay ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：16 | 回复：0
CVE-2020-22054

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in dict.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：23 | 回复：0
CVE-2020-22056

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the config_input function in af_acrossover.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：20 | 回复：0
CVE-2021-32625

Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer, could be exploited using t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：19 | 回复：0
CVE-2020-4495

IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request to the REST AP ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：27 | 回复：0
CVE-2020-4732

IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to obtain sensitive information due to lack of security restrictions. IBM X-Force ID: 188126.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：27 | 回复：0
CVE-2020-4977

IBM Engineering Lifecycle Optimization - Publishing is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the int ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：22 | 回复：0
CVE-2020-5030

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended fun ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：26 | 回复：0
CVE-2021-20338

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended fun ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：18 | 回复：0
CVE-2021-20343

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potential ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：19 | 回复：0
CVE-2021-20345

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potential ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：30 | 回复：0
CVE-2021-20346

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potential ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：21 | 回复：0
CVE-2021-20347

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potential ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：17 | 回复：0
CVE-2021-20348

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potential ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：28 | 回复：0
CVE-2021-20371

IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to obtain sensitive information when an error message is returned in the browser. This information could be used in furth ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：21 | 回复：0
CVE-2021-29668

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended fun ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：20 | 回复：0
CVE-2021-29670

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended fun ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：21 | 回复：0
CVE-2020-35441

FDCMS (aka Fangfa Content Management System) 4.0 contains a front-end SQL injection via Admin/Lib/Action/FloginAction.class.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：19 | 回复：0
CVE-2020-35442

FDCMS (also known as Fangfa Content Management System) 4.0 allows remote attackers to get a webshell in the background via Front/lib/Action/FindexAction.class.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：27 | 回复：0
CVE-2021-28806

A DOM-based XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Syste ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：15 | 回复：0
CVE-2021-28807

A post-authentication reflected XSS vulnerability has been reported to affect QNAP NAS running Q’center. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：23 | 回复：0
CVE-2021-28812

A command injection vulnerability has been reported to affect certain versions of Video Station. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：23 | 回复：0
CVE-2021-33805

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-10906. Reason: This candidate is a duplicate of CVE-2018-10906. Notes: All CVE users should reference CVE-2018-10906 instead of this ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：25 | 回复：0
CVE-2021-31831

Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：28 | 回复：0
CVE-2021-22130

A stack-based buffer overflow vulnerability in FortiProxy physical appliance CLI 2.0.0 to 2.0.1, 1.2.0 to 1.2.9, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 may allow an authenticated, remote attacker to perform a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：39 | 回复：0
CVE-2021-26584

A security vulnerability in HPE OneView for VMware vCenter (OV4VC) could be exploited remotely to allow Cross-Site Scripting. HPE has released the following software update to resolve the vulnerabilit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：23 | 回复：0
CVE-2021-28847

MobaXterm before 21.0 allows remote servers to cause a denial of service (Windows GUI hang) via tab title change requests that are sent repeatedly at high speed, which results in many SetWindowTextA o ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：27 | 回复：0
CVE-2021-31830

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to embed JavaScrip ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：15 | 回复：0
CVE-2021-32923

HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：18 | 回复：0
CVE-2021-28848

Mintty before 3.4.5 allows remote servers to cause a denial of service (Windows GUI hang) by telling the Mintty window to change its title repeatedly at high speed, which results in many SetWindowText ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：30 | 回复：0
CVE-2021-33806

The BDew BdLib library before 1.16.1.7 for Minecraft allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of its use of Java serialization.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：21 | 回复：0
CVE-2021-3569

A stack corruption bug was found in libtpms in versions before 0.7.2 and before 0.8.0 while decrypting data using RSA. This flaw could result in a SIGBUS (bad memory access) and termination of swtpm. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：22 | 回复：0
CVE-2021-32926

When an authenticated password change request takes place, this vulnerability could allow the attacker to intercept the message that includes the legitimate, new password hash and replace it with an i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：16 | 回复：0
CVE-2020-21003

Pbootcms v2.0.3 is vulnerable to Cross Site Scripting (XSS) via admin.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：19 | 回复：0
CVE-2020-21005

WellCMS 2.0 beta3 is vulnerable to File Upload. A user can log in to the CMS background and upload a picture. Because the upload file type is controllable, the user can modify the upload file type to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：17 | 回复：0
CVE-2021-20380

IBM QRadar Advisor With Watson App 1.1 through 2.5 as used on IBM QRadar SIEM 7.4 could allow a remote user to obtain sensitive information from HTTP requests that could aid in further attacks against ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：32 | 回复：0
CVE-2021-24023

An improper input validation in FortiAI v1.4.0 and earlier may allow an authenticated user to gain system shell access via a malicious payload in the diagnose command.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：24 | 回复：0