CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2020-29493

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：25 | 回复：0
CVE-2020-29494

Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：20 | 回复：0
CVE-2020-29495

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, le ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：32 | 回复：0
CVE-2020-6572

Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：32 | 回复：0
CVE-2020-27219

In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 (Not Found) JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：41 | 回复：0
CVE-2020-27220

The Eclipse Hono AMQP and MQTT protocol adapters do not check whether an authenticated gateway device is authorized to receive command control messages when it has subscribed only to commands for a s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：42 | 回复：0
CVE-2020-35581

A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/admin-ajax.php request with the me ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：63 | 回复：0
CVE-2020-35582

A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/post.php request with the post_tit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：27 | 回复：0
CVE-2021-23835

An issue was discovered in flatCore before 2.0.0 build 139. A local file disclosure vulnerability was identified in the docs_file HTTP request body parameter for the acp interface. This can be exploit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：31 | 回复：0
CVE-2021-23836

An issue was discovered in flatCore before 2.0.0 build 139. A stored XSS vulnerability was identified in the prefs_smtp_psw HTTP request body parameter for the acp interface. An admin user can inject ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：39 | 回复：0
CVE-2021-23837

An issue was discovered in flatCore before 2.0.0 build 139. A time-based blind SQL injection was identified in the selected_folder HTTP request body parameter for the acp interface. The affected param ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：35 | 回复：0
CVE-2021-23838

An issue was discovered in flatCore before 2.0.0 build 139. A reflected XSS vulnerability was identified in the media_filter HTTP request body parameter for the acp interface. The affected parameter a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：50 | 回复：0
CVE-2019-16961

SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：52 | 回复：0
CVE-2020-35733

An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：41 | 回复：0
CVE-2021-20189

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：38 | 回复：0
CVE-2020-26414

An issue has been discovered in GitLab affecting all versions starting from 12.4. The regex used for package names is written in a way that makes execution time have quadratic growth based on the leng ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：37 | 回复：0
CVE-2021-22166

An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：48 | 回复：0
CVE-2021-22167

An issue has been discovered in GitLab affecting all versions starting from 12.1. Incorrect headers in specific project page allows attacker to have a temporary read access to the private repository……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：38 | 回复：0
CVE-2021-22168

A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 12.8.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：37 | 回复：0
CVE-2021-22171

Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：35 | 回复：0
CVE-2020-35748

Cross-site scripting (XSS) vulnerability in models/list-table.php in the FV Flowplayer Video Player plugin before 7.4.37.727 for WordPress allows remote authenticated users to inject arbitrary web scr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：27 | 回复：0
CVE-2020-35749

Directory traversal vulnerability in class-simple_job_board_resume_download_handler.php in the Simple Board Job plugin 2.9.3 and earlier for WordPress allows remote attackers to read arbitrary files v ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：28 | 回复：0
CVE-2020-16255

ownCloud (Core) before 10.5 allows XSS in login page 'forgot password.'……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：35 | 回复：0
CVE-2021-0202

On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPC (Modular Port Concentrator) where Integrated Routing and Bridging (IRB) interface is configured and it is mapped to a VPLS ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：36 | 回复：0
CVE-2021-0203

On Juniper Networks EX and QFX5K Series platforms configured with Redundant Trunk Group (RTG), Storm Control profile applied on the RTG interface might not take affect when it reaches the threshold co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：27 | 回复：0
CVE-2021-0204

A sensitive information disclosure vulnerability in delta-export configuration utility (dexp) of Juniper Networks Junos OS may allow a locally authenticated shell user the ability to create and read d ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：30 | 回复：0
CVE-2021-0205

When the Intrusion Detection Service (IDS) feature is configured on Juniper Networks MX series with a dynamic firewall filter using IPv6 source or destination prefix, it may incorrectly match the pref ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：33 | 回复：0
CVE-2021-0206

A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to send a specific packet causing the packet forwarding engine (PFE) to crash and restart, resulting in a Denia ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：38 | 回复：0
CVE-2021-0207

An improper interpretation conflict of certain data between certain software components within the Juniper Networks Junos OS devices does not allow certain traffic to pass through the device upon rece ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：38 | 回复：0
CVE-2020-24841

PNPSCADA 2.200816204020 allows SQL injection via parameter 'interf' in /browse.jsp. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or explo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：31 | 回复：0
CVE-2020-25340

An issue was discovered in NFStream 5.2.0. Because some allocated modules are not correctly freed, if the nfstream object is directly destroyed without being used after it is created, it will cause a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：24 | 回复：0
CVE-2021-25648

Mobile application Testes de Codigo 11.4 and prior allows an attacker to gain access to the administrative interface and premium features by tampering the boolean value of parameters isAdmin and isPre ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：26 | 回复：0
CVE-2021-27232

The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.18.72.11464 has a SetCameraConnectionParameter stack-based buffer overflow. This can be exploited by a remote attacker to potential ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：29 | 回复：0
CVE-2020-29022

Failure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning attacks. This issue affects Secomea GateManager all versions prior ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：22 | 回复：0
CVE-2020-29023

Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows an authenticated administrator to generate a CSV file that may run arbitrary commands on a victim's ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：33 | 回复：0
CVE-2020-29024

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：12 | 回复：0
CVE-2020-29025

A vulnerability in SiteManager-Embedded (SM-E) Web server which may allow attacker to construct a URL that if visited by another application user, will cause JavaScript code supplied by the attacker t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：11 | 回复：0
CVE-2020-29027

Cross-site Scripting (XSS) vulnerability in GUI of Secomea SiteManager could allow an attacker to cause an XSS Attack. This issue affects: Secomea SiteManager all versions prior to 9.3.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：17 | 回复：0
CVE-2020-35557

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.6.2. Inproper use of access validation allows a logged in user to see devices in the account ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：17 | 回复：0
CVE-2020-35558

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an SSRF in thein the MySQL access check, allowing an attacker to scan for open ports and gain some info ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：15 | 回复：0