CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-31910

In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：13 | 回复：0
CVE-2021-31911

In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：19 | 回复：0
CVE-2021-31912

In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a password reset.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：14 | 回复：0
CVE-2021-31913

In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during GitHub SSO token exchange.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：20 | 回复：0
CVE-2021-31914

In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：11 | 回复：0
CVE-2021-31915

In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：11 | 回复：0
CVE-2021-21990

VMware Workspace one UEM console (2102 prior to 21.2.0.8, 2101 prior to 21.1.0.14, 2011 prior to 20.11.0.27, 2010 prior to 20.10.0.16,2008 prior to 20.8.0.28, 2007 prior to 20.7.0.14,2006 prior to 20. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：16 | 回复：0
CVE-2021-32560

The Logging subsystem in OctoPrint before 1.6.0 has incorrect access control because it attempts to manage files that are not *.log files.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：19 | 回复：0
CVE-2021-32561

OctoPrint before 1.6.0 allows XSS because API error messages include the values of input parameters.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：22 | 回复：0
CVE-2020-20265

Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /ram/pckg/wireless/nova/bin/wireless process. An authenticated remote attacker can cause a Denial of S ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：16 | 回复：0
CVE-2020-20267

Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/resolver process. An authenticated remote attacker can cause a Denial of Service due to inva ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：11 | 回复：0
CVE-2021-21648

Jenkins Credentials Plugin 2.3.18 and earlier does not escape user-controlled information on a view it provides, resulting in a reflected cross-site scripting (XSS) vulnerability.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：24 | 回复：0
CVE-2021-21649

Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：15 | 回复：0
CVE-2021-21650

Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform Run/Artifacts permission checks in various HTTP endpoints and API models, allowing attackers with Item/Read permission to obtain informa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：26 | 回复：0
CVE-2021-21651

Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain the list of configured profiles.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：24 | 回复：0
CVE-2021-21652

A cross-site request forgery (CSRF) vulnerability in Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：15 | 回复：0
CVE-2021-21653

Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier does not perform a permission check in an HTTP endpoint, allowing with Overall/Read permission to enumerate credentials IDs of credenti ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：16 | 回复：0
CVE-2021-21654

Jenkins P4 Plugin 1.11.4 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified Perforce server ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：12 | 回复：0
CVE-2021-21655

A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and pas ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：18 | 回复：0
CVE-2021-21656

Jenkins Xcode integration Plugin 2.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：14 | 回复：0
CVE-2021-27611

SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to inject malicious code by executing an ABAP report when the attacker has access to the local SAP system. T ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：13 | 回复：0
CVE-2021-27612

In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：19 | 回复：0
CVE-2021-27613

Under certain conditions, SAP Business One Chef cookbook, version - 9.2, 9.3, 10.0, used to install SAP Business One, allows an attacker to exploit an insecure temporary folder for incoming outgoing ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：20 | 回复：0
CVE-2021-27614

SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One on SAP HANA, allows an attacker to inject code that can be executed by the application. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：17 | 回复：0
CVE-2021-27616

Under certain conditions, SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One for SAP HANA, allows an attacker to exploit an insecure tempo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：8 | 回复：0
CVE-2021-27617

The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source. An attacker ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：10 | 回复：0
CVE-2021-27618

The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. An atta ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：13 | 回复：0
CVE-2021-27619

SAP Commerce (Backoffice Search), versions - 1808, 1811, 1905, 2005, 2011, allows a low privileged user to search for attributes which are not supposed to be displayed to them. Although the search res ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：17 | 回复：0
CVE-2021-29471

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 Push ru ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：10 | 回复：0
CVE-2021-31537

SIS SIS-REWE Go before 7.7 SP17 allows XSS: rewe/prod/web/index.php (affected parameters are config, version, win, db, pwd, and user) and /rewe/prod/web/rewe_go_check.php (version and all other parame ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：9 | 回复：0
CVE-2020-4535

IBM OpenPages GRC Platform 8.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentia ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：8 | 回复：0
CVE-2020-4536

IBM OpenPages GRC Platform 8.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in furth ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：11 | 回复：0
CVE-2021-29508

Due to how Wire handles type information in its serialization format, malicious payloads can be passed to a deserializer. e.g. using a surrogate on the sender end, an attacker can pass information abo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：18 | 回复：0
CVE-2021-29509

Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from hav ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：17 | 回复：0
CVE-2021-32573

** DISPUTED ** The express-cart package through 1.1.10 for Node.js allows Reflected XSS (for an admin) via a user input field for product options. NOTE: the vendor states that this would rely on an ad ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：24 | 回复：0
CVE-2020-18964

Cross Site Request Forgery (CSRF) Vulnerability in ForestBlog latest version via the website Management background, which could let a remote malicious gain privileges.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：19 | 回复：0
CVE-2021-26418

Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2021-28478, CVE-2021-31172.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：15 | 回复：0
CVE-2021-26419

Scripting Engine Memory Corruption Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：16 | 回复：0
CVE-2021-26421

Skype for Business and Lync Spoofing Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：13 | 回复：0
CVE-2021-26422

Skype for Business and Lync Remote Code Execution Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：17 | 回复：0