CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2020-27817

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：51 | 回复：0
CVE-2021-21324

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 there is an Insecure Dir ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：46 | 回复：0
CVE-2021-21325

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 a new budget type can be ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：58 | 回复：0
CVE-2021-21326

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 it is possible to create ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：64 | 回复：0
CVE-2021-21327

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 non-authenticated user c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：68 | 回复：0
CVE-2020-4695

IBM API Connect V10 is impacted by insecure communications during database replication. As the data replication happens over insecure communication channels, an attacker can view unencrypted data lead ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：32 | 回复：0
CVE-2020-4903

IBM API Connect V10 and V2018 could allow an attacker who has intercepted a registration invitation link to impersonate the registered user or obtain sensitive information. IBM X-Force ID: 191105.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：44 | 回复：0
CVE-2020-5014

IBM DataPower Gateway V10 and V2018 could allow a local attacker with administrative privileges to execute arbitrary code on the system using a server-side requesr forgery attack. IBM X-Force ID: 1932 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：53 | 回复：0
CVE-2021-21329

RATCF is an open-source framework for hosting Cyber-Security Capture the Flag events. In affected versions of RATCF users with multi factor authentication enabled are able to log in without a valid to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：40 | 回复：0
CVE-2021-21354

Pollbot is open source software which frees its human masters from the toilsome task of polling for the state of things during the Firefox release process. In Pollbot before version 1.4.4 there is an ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：30 | 回复：0
CVE-2021-21362

MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-04T00-53-13Z it is possible to by ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：47 | 回复：0
CVE-2020-27574

Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site request forgery (CSRF). If an authenticated user visits a malicious page, unintended actions could be performed in the web application as the a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：46 | 回复：0
CVE-2021-21335

In the SPNEGO HTTP Authentication Module for nginx (spnego-http-auth-nginx-module) before version 1.1.1 basic Authentication can be bypassed using a malformed username. This affects users of spnego-ht ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：56 | 回复：0
CVE-2021-21336

Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an information disclosure vulnerability - e ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：50 | 回复：0
CVE-2021-21337

Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an open redirect vulnerability. A malicious ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：61 | 回复：0
CVE-2021-22134

A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. Get requests do not properly apply security permissions when ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：59 | 回复：0
CVE-2020-27575

Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. The web administration contains functionality in which administrators are able to manage users. The edit users form con ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：60 | 回复：0
CVE-2020-27576

Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site scripting (XSS). Users are able to create folders in the web application. The folder name is insufficiently validated resulting in a stored cro ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：52 | 回复：0
CVE-2020-27838

A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：56 | 回复：0
CVE-2021-21503

PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in a command. The Compadmin user could potentially exploit this vulnerability, leading to potential privileges esca ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：51 | 回复：0
CVE-2021-21506

PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in its API handler. An un-authtenticated with ISI_PRIV_SYS_SUPPORT and ISI_PRIV_LOGIN_PAPI privileges could potenti ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：35 | 回复：0
CVE-2021-21510

Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ he ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：43 | 回复：0
CVE-2021-21360

Products.GenericSetup is a mini-framework for expressing the configured state of a Zope Site as a set of filesystem artifacts. In Products.GenericSetup before version 2.1.1 there is an information dis ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：50 | 回复：0
CVE-2021-21361

The `com.bmuschko:gradle-vagrant-plugin` Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：47 | 回复：0
CVE-2021-24033

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：51 | 回复：0
CVE-2021-20272

A flaw was found in privoxy before 3.0.32. An assertion failure could be triggered with a crafted CGI request leading to server crash.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：41 | 回复：0
CVE-2021-20273

A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：44 | 回复：0
CVE-2021-20274

A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：43 | 回复：0
CVE-2021-20275

A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete() leading to denial of service.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：35 | 回复：0
CVE-2021-20276

A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile() may lead to denial of service.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：38 | 回复：0
CVE-2021-28006

Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in admin.php through the options parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：51 | 回复：0
CVE-2021-20341

IBM Cloud Pak for Multicloud Management Monitoring 2.2 returns potentially sensitive information in headers which could lead to further attacks against the system. IBM X-Force ID: 194513.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：54 | 回复：0
CVE-2021-21480

SAP MII allows users to create dashboards and save them as JSP through the SSCE (Self Service Composition Environment). An attacker can intercept a request to the server, inject malicious JSP code in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：45 | 回复：0
CVE-2021-21481

The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. This might allow an unauthorized attacker to access con ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：46 | 回复：0
CVE-2021-21484

LDAP authentication in SAP HANA Database version 2.0 can be bypassed if the attached LDAP directory server is configured to enable unauthenticated bind.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：48 | 回复：0
CVE-2021-21486

SAP Enterprise Financial Services versions, 101, 102, 103, 104, 105, 600, 603, 604, 605, 606, 616, 617, 618, 800, does not perform necessary authorization checks for an authenticated user, resulting i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：46 | 回复：0
CVE-2021-21487

SAP Payment Engine version 500, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：59 | 回复：0
CVE-2021-21488

Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allows a remote attacker with basic privileges to deserialize user-controlled data without verification, leading to insecure deserializ ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：59 | 回复：0
CVE-2021-21493

When a user opens manipulated Graphics Interchange Format (.GIF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporar ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：55 | 回复：0
CVE-2021-25915

Prototype pollution vulnerability in 'changeset' versions 0.0.1 through 0.2.5 allows an attacker to cause a denial of service and may lead to remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：41 | 回复：0