• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号
登陆 注册
描述文字
OGeek|极客世界-中国程序员成长平台 门户 漏洞CVE漏洞

CVE漏洞

RSS
  • CVE-2021-26919
    CVE-2021-26919
    Apache Druid allows users to read data from other database systems using JDBC. This functionality is to allow trusted users with the proper permissions to set up lookups or submit ingestion tasks. The ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:55 | 阅读:30 | 回复:0
  • CVE-2021-21628
    CVE-2021-21628
    Jenkins Build With Parameters Plugin 1.5 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/ ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:55 | 阅读:30 | 回复:0
  • CVE-2021-21629
    CVE-2021-21629
    A cross-site request forgery (CSRF) vulnerability in Jenkins Build With Parameters Plugin 1.5 and earlier allows attackers to build a project with attacker-specified parameters.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:55 | 阅读:27 | 回复:0
  • CVE-2021-21630
    CVE-2021-21630
    Jenkins Extra Columns Plugin 1.22 and earlier does not escape parameter values in the build parameters column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers w ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:55 | 阅读:30 | 回复:0
  • CVE-2021-21631
    CVE-2021-21631
    Jenkins Cloud Statistics Plugin 0.26 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission and knowledge of random activity IDs to view r ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:55 | 阅读:37 | 回复:0
  • CVE-2021-21632
    CVE-2021-21632
    A missing permission check in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials store ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:55 | 阅读:32 | 回复:0
  • CVE-2021-21633
    CVE-2021-21633
    A cross-site request forgery (CSRF) vulnerability in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in J ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:55 | 阅读:29 | 回复:0
  • CVE-2021-21634
    CVE-2021-21634
    Jenkins Jabber (XMPP) notifier and control Plugin 1.41 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:55 | 阅读:38 | 回复:0
  • CVE-2021-21635
    CVE-2021-21635
    Jenkins REST List Parameter Plugin 1.3.0 and earlier does not escape a parameter name reference in embedded JavaScript, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by at ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:55 | 阅读:48 | 回复:0
  • CVE-2021-21636
    CVE-2021-21636
    A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:55 | 阅读:50 | 回复:0
  • CVE-2021-21637
    CVE-2021-21637
    A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified c ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:55 | 阅读:32 | 回复:0
  • CVE-2021-21638
    CVE-2021-21638
    A cross-site request forgery (CSRF) vulnerability in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credent ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:55 | 阅读:54 | 回复:0
  • CVE-2021-28935
    CVE-2021-28935
    CMS Made Simple (CMSMS) 2.2.15 allows authenticated XSS via the /admin/addbookmark.php script through the Site Admin My Preferences Title field.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:55 | 阅读:61 | 回复:0
  • CVE-2021-29343
    CVE-2021-29343
    Ovidentia CMS 6.x contains a SQL injection vulnerability in the id parameter of index.php. The checkbox property into text data can be extracted and displayed in the text region or in source code.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:55 | 阅读:41 | 回复:0
  • CVE-2020-15075
    CVE-2020-15075
    OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:55 | 阅读:50 | 回复:0
  • CVE-2021-26810
    CVE-2021-26810
    D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. An HTTP request parameter can be used in command string construction in the handler function of the /goform/dir_setWanWifi ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:55 | 阅读:46 | 回复:0
  • CVE-2021-21409
    CVE-2021-21409
    Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers clients. In Netty (io.netty:netty-codec-http2) ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:55 | 阅读:43 | 回复:0
  • CVE-2021-23363
    CVE-2021-23363
    This affects the package kill-by-port before 0.0.2. If (attacker-controlled) user input is given to the killByPort function, it is possible for an attacker to execute arbitrary commands. This is due t ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:55 | 阅读:25 | 回复:0
  • CVE-2021-27261
    CVE-2021-27261
    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:55 | 阅读:24 | 回复:0
  • CVE-2021-27262
    CVE-2021-27262
    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in t ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:55 | 阅读:31 | 回复:0
  • CVE-2021-27263
    CVE-2021-27263
    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in t ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:55 | 阅读:44 | 回复:0
  • CVE-2021-27264
    CVE-2021-27264
    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in t ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:55 | 阅读:46 | 回复:0
  • CVE-2021-27265
    CVE-2021-27265
    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in t ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:55 | 阅读:41 | 回复:0
  • CVE-2021-27266
    CVE-2021-27266
    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in t ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:55 | 阅读:38 | 回复:0
  • CVE-2021-27267
    CVE-2021-27267
    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:55 | 阅读:41 | 回复:0
  • CVE-2021-27268
    CVE-2021-27268
    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:55 | 阅读:34 | 回复:0
  • CVE-2021-27269
    CVE-2021-27269
    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:55 | 阅读:35 | 回复:0
  • CVE-2021-27270
    CVE-2021-27270
    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:55 | 阅读:37 | 回复:0
  • CVE-2021-27271
    CVE-2021-27271
    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:55 | 阅读:41 | 回复:0
  • CVE-2020-4848
    CVE-2020-4848
    IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 could allow an authenticated user to initiate a plugin or compare process resources that they should not have access to. IBM X-Force ID: 190293 ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:55 | 阅读:40 | 回复:0
  • CVE-2020-4884
    CVE-2020-4884
    IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 190908.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:55 | 阅读:57 | 回复:0
  • CVE-2020-4944
    CVE-2020-4944
    IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2, stores keystore passwords in plain text after a manual edit, which can be read by a local user. I ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:55 | 阅读:46 | 回复:0
  • CVE-2021-20482
    CVE-2021-20482
    IBM Cloud Pak for Automation 20.0.2 and 20.0.3 IF002 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to exp ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:55 | 阅读:50 | 回复:0
  • CVE-2021-21398
    CVE-2021-21398
    PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.7.3, an attacker can inject HTML when the Grid Column Type DataColumn is badly used. The problem is fix ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:55 | 阅读:26 | 回复:0
  • CVE-2021-20352
    CVE-2021-20352
    IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potential ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:55 | 阅读:36 | 回复:0
  • CVE-2021-20447
    CVE-2021-20447
    IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potential ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:55 | 阅读:39 | 回复:0
  • CVE-2021-20502
    CVE-2021-20502
    IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive informatio ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:55 | 阅读:42 | 回复:0
  • CVE-2021-20503
    CVE-2021-20503
    IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potential ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:55 | 阅读:48 | 回复:0
  • CVE-2021-20504
    CVE-2021-20504
    IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potential ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:55 | 阅读:41 | 回复:0
  • CVE-2021-20506
    CVE-2021-20506
    IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potential ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:55 | 阅读:33 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap