CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2020-28374

In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：45 | 回复：0
CVE-2020-36191

JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：60 | 回复：0
CVE-2020-35686

The SECOMN service in Sound Research DCHU model software component modules (APO) through 2.0.9.17, delivered on HP Windows 10 computers, may allow escalation of privilege via a fake DLL. (As a resolut ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：66 | 回复：0
CVE-2020-5633

Multiple NEC products (Express5800/T110j, Express5800/T110j-S, Express5800/T110j (2nd-Gen), Express5800/T110j-S (2nd-Gen), iStorage NS100Ti, and Express5800/GT110j) where Baseboard Management Controll ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：78 | 回复：0
CVE-2020-5685

UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to execute arbitrary OS commands or cause a denial-of-service (DoS) condition by sending a specially crafted requ ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：43 | 回复：0
CVE-2020-5686

Incorrect implementation of authentication algorithm issue in UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to access the remote system maintenance feature and ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：34 | 回复：0
CVE-2021-20616

Untrusted search path vulnerability in the installer of SKYSEA Client View Ver.1.020.05b to Ver.16.001.01g allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：61 | 回复：0
CVE-2021-21602

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：53 | 回复：0
CVE-2021-21603

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape notification bar response contents, resulting in a cross-site scripting (XSS) vulnerability.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：48 | 回复：0
CVE-2021-21604

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantia ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：58 | 回复：0
CVE-2021-21605

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global `config.xml` file.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：56 | 回复：0
CVE-2021-21606

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier improperly validates the format of a provided fingerprint ID when checking for its existence allowing an attacker to check for the existence of XML f ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：54 | 回复：0
CVE-2021-21607

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：40 | 回复：0
CVE-2021-21608

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape button labels in the Jenkins UI, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：52 | 回复：0
CVE-2021-21609

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly match requested URLs to the list of always accessible paths, allowing attackers without Overall/Read permission to access some URL ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：58 | 回复：0
CVE-2021-21610

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not implement any restrictions for the URL rendering a formatted preview of markup passed as a query parameter, resulting in a reflected cross-s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：48 | 回复：0
CVE-2021-21611

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape display names and IDs of item types shown on the New Item page, resulting in a stored cross-site scripting (XSS) vulnerability exploi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：61 | 回复：0
CVE-2021-21612

Jenkins TraceTronic ECU-TEST Plugin 2.23.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Je ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：47 | 回复：0
CVE-2021-21613

Jenkins TICS Plugin 2020.3.0.6 and earlier does not escape TICS service responses, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control TICS service respons ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：66 | 回复：0
CVE-2021-21614

Jenkins Bumblebee HP ALM Plugin 4.1.5 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：59 | 回复：0
CVE-2021-23899

OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：58 | 回复：0
CVE-2021-23900

OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situ ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：62 | 回复：0
CVE-2021-3131

The Web server in 1C:Enterprise 8 before 8.3.17.1851 sends base64 encoded credentials in the creds URL parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：55 | 回复：0
CVE-2021-3139

In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopy_locate_udev in tcmur_cmd_handler.c lacks a check for transport-layer restrictions, allowing remote attackers to read or write fil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：62 | 回复：0
CVE-2020-15218

Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, admin pages are cached, so that their content is visible after deconnection by using the browser back b ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：35 | 回复：0
CVE-2020-15219

Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, when a download error is triggered in the user portal, an SQL query is displayed to the user. This is f ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：47 | 回复：0
CVE-2020-15220

Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, two cookies are created for the same session, which leads to a possibility to steal user session. This ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：57 | 回复：0
CVE-2020-15221

Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, by modifying target browser local storage, an XSS can be generated in the iTop console breadcrumb. This ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：65 | 回复：0
CVE-2020-35687

PHPFusion version 9.03.90 is vulnerable to CSRF attack which leads to deletion of all shoutbox messages by the attacker on behalf of the logged in victim.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：61 | 回复：0
CVE-2021-3028

git-big-picture before 1.0.0 mishandles ' characters in a branch name, leading to code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：42 | 回复：0
CVE-2019-4160

IBM Security Guardium Data Encryption (GDE) 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158577.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：53 | 回复：0
CVE-2019-4687

IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server l ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：46 | 回复：0
CVE-2019-4702

IBM Security Guardium Data Encryption (GDE) 3.0.0.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：41 | 回复：0
CVE-2020-23653

An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary r ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：53 | 回复：0
CVE-2021-3031

Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：52 | 回复：0
CVE-2021-3032

An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the “http”, “email”, and “snmptrap” v3 log forwarding server p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：34 | 回复：0
CVE-2020-26262

Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of `127.x ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：45 | 回复：0
CVE-2020-4594

IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184800.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：30 | 回复：0
CVE-2020-4595

IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184819.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：43 | 回复：0
CVE-2020-4596

IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184812.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：41 | 回复：0