• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号
登陆 注册
描述文字
OGeek|极客世界-中国程序员成长平台 门户 漏洞CVE漏洞

CVE漏洞

RSS
  • CVE-2020-27239
    CVE-2020-27239
    An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The assetStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:28 | 回复:0
  • CVE-2020-28592
    CVE-2020-28592
    A heap-based buffer overflow vulnerability exists in the configuration server functionality of the Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to remote c ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:13 | 回复:0
  • CVE-2020-28593
    CVE-2020-28593
    A unauthenticated backdoor exists in the configuration server functionality of Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to code execution. An attacker ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:12 | 回复:0
  • CVE-2021-21087
    CVE-2021-21087
    Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation ('Cross-site ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:11 | 回复:0
  • CVE-2021-21091
    CVE-2021-21091
    Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Out-of-bounds read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vul ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:7 | 回复:0
  • CVE-2021-21092
    CVE-2021-21092
    Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:29 | 回复:0
  • CVE-2021-21093
    CVE-2021-21093
    Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:17 | 回复:0
  • CVE-2021-21094
    CVE-2021-21094
    Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Out-of-bounds write vulnerability when parsing a specially crafted file. An unauthenticated attacker could levera ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:6 | 回复:0
  • CVE-2021-21095
    CVE-2021-21095
    Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Out-of-bounds write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vu ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:10 | 回复:0
  • CVE-2021-21096
    CVE-2021-21096
    Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Improper Authorization vulnerability in the Genuine Software Service. A low-privileged attacker could leverage th ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:8 | 回复:0
  • CVE-2021-21100
    CVE-2021-21100
    Adobe Digital Editions version 4.5.11.187245 (and earlier) is affected by a Privilege Escalation vulnerability during installation. An unauthenticated attacker could leverage this vulnerability to ach ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:6 | 回复:0
  • CVE-2021-27672
    CVE-2021-27672
    SQL Injection in the admin_boxes.ajax.php component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the cID par ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:6 | 回复:0
  • CVE-2021-27673
    CVE-2021-27673
    Cross Site Scripting (XSS) in the admin_boxes.ajax.php component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the cID par ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:13 | 回复:0
  • CVE-2021-28242
    CVE-2021-28242
    SQL Injection in the evoadm.php component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database information by injecting SQL commands into the cf_name parameter when creati ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:16 | 回复:0
  • CVE-2021-28548
    CVE-2021-28548
    Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted JSX file. An unauthenticated attacker could levera ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:14 | 回复:0
  • CVE-2021-28549
    CVE-2021-28549
    Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted JSX file. An unauthenticated attacker could levera ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:20 | 回复:0
  • CVE-2021-30209
    CVE-2021-30209
    Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded in the background without any security verification, which may lead to obtaining system permissions.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:14 | 回复:0
  • CVE-2021-3487
    CVE-2021-3487
    There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:11 | 回复:0
  • CVE-2021-20288
    CVE-2021-20288
    An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker w ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:8 | 回复:0
  • CVE-2021-31229
    CVE-2021-31229
    An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd() performs incorrect memory handling while parsing crafted XML files, which leads to an out-of-bounds write of a o ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:21 | 回复:0
  • CVE-2021-27112
    CVE-2021-27112
    LightCMS v1.3.5 contains a remote code execution vulnerability in /app/Http/Controllers/Admin/NEditorController.php during the downloading of external images.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:10 | 回复:0
  • CVE-2021-29448
    CVE-2021-29448
    Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. The Stored XSS exists in the Pi-hole Admin portal, which can be exploited by the malicious actor with the netw ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:6 | 回复:0
  • CVE-2021-30138
    CVE-2021-30138
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:8 | 回复:0
  • CVE-2021-3243
    CVE-2021-3243
    Wfilter ICF 5.0.117 contains a cross-site scripting (XSS) vulnerability. An attacker in the same LAN can craft a packet with a malicious User-Agent header to inject a payload in its logs, where an att ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:15 | 回复:0
  • CVE-2021-26582
    CVE-2021-26582
    A security vulnerability in HPE IceWall SSO Domain Gateway Option (Dgfw) module version 10.0 on RHEL 5/6/7, version 10.0 on HP-UX 11i v3, version 10.0 on Windows and 11.0 on Windows could be exploited ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:14 | 回复:0
  • CVE-2021-29433
    CVE-2021-29433
    Sydent is a reference Matrix identity server. In Sydent versions 2.2.0 and prior, sissing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause exces ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:7 | 回复:0
  • CVE-2020-28898
    CVE-2020-28898
    In QED ResourceXpress through 4.9k, a large numeric or alphanumeric value submitted in specific URL parameters causes a server error in script execution due to insufficient input validation.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:12 | 回复:0
  • CVE-2021-28055
    CVE-2021-28055
    An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:12 | 回复:0
  • CVE-2021-31402
    CVE-2021-31402
    The dio package 4.0.0 for Dart allows CRLF injection if the attacker controls the HTTP method string, a different vulnerability than CVE-2020-35669.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:9 | 回复:0
  • CVE-2021-30245
    CVE-2021-30245
    The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-http(s) hyperlinks. The problem has existed since about 2006 and the issue is also in 4.1.9. If the link ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:10 | 回复:0
  • CVE-2021-29430
    CVE-2021-29430
    Sydent is a reference Matrix identity server. Sydent does not limit the size of requests it receives from HTTP clients. A malicious user could send an HTTP request with a very large body, leading to m ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:16 | 回复:0
  • CVE-2021-29431
    CVE-2021-29431
    Sydent is a reference Matrix identity server. Sydent can be induced to send HTTP GET requests to internal systems, due to lack of parameter validation or IP address blacklisting. It is not possible to ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:17 | 回复:0
  • CVE-2021-29432
    CVE-2021-29432
    Sydent is a reference matrix identity server. A malicious user could abuse Sydent to send out arbitrary emails from the Sydent email address. This could be used to construct plausible phishing emails, ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:25 | 回复:0
  • CVE-2021-29447
    CVE-2021-29447
    Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installa ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:17 | 回复:0
  • CVE-2021-21405
    CVE-2021-21405
    Lotus is an Implementation of the Filecoin protocol written in Go. BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms: serialized, a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:15 | 回复:0
  • CVE-2021-29450
    CVE-2021-29450
    Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. Thi ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:14 | 回复:0
  • CVE-2021-27691
    CVE-2021-27691
    Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_ ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:15 | 回复:0
  • CVE-2021-27692
    CVE-2021-27692
    Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted action/umountUSB ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:36 | 回复:0
  • CVE-2018-19942
    CVE-2018-19942
    A cross-site scripting (XSS) vulnerability has been reported to affect earlier versions of File Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have alre ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:63 | 回复:0
  • CVE-2021-26073
    CVE-2021-26073
    Broken Authentication in Atlassian Connect Express (ACE) from version 3.0.2 before version 6.6.0: Atlassian Connect Express is a Node.js package for building Atlassian Connect apps. Authentication bet ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:37 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap