• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

漏洞

RSS

下级分类:

  • CVE-2021-20320
    CVE-2021-20320
    A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may le ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:30 | 阅读:8 | 回复:0
  • CVE-2021-20315
    CVE-2021-20315
    A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the Application menu or Window list GNOME extensions are enabled. This flaw allows a ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:30 | 阅读:8 | 回复:0
  • CVE-2020-8242
    CVE-2020-8242
    Unsanitized user input in ExpressionEngine = 5.4.0 control panel member creation leads to an SQL injection. The user needs member creation/admin control panel access to execute the attack.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:30 | 阅读:8 | 回复:0
  • CVE-2020-25722
    CVE-2020-25722
    Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:30 | 阅读:8 | 回复:0
  • CVE-2020-25719
    CVE-2020-25719
    A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents i ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:30 | 阅读:7 | 回复:0
  • CVE-2020-25718
    CVE-2020-25718
    A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:30 | 阅读:7 | 回复:0
  • CVE-2020-25717
    CVE-2020-25717
    A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:30 | 阅读:11 | 回复:0
  • CVE-2016-2124
    CVE-2016-2124
    A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:30 | 阅读:14 | 回复:0
  • CVE-2022-25323
    CVE-2022-25323
    ZEROF Web Server 2.0 allows /admin.back XSS.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:30 | 阅读:15 | 回复:0
  • CVE-2022-25322
    CVE-2022-25322
    ZEROF Web Server 2.0 allows /HandleEvent SQL Injection.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:30 | 阅读:15 | 回复:0
  • CVE-2022-23647
    CVE-2022-23647
    Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism's command line plugin can be used by attackers to achieve a cross-site scripting attack. The ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:30 | 阅读:20 | 回复:0
  • CVE-2022-0666
    CVE-2022-0666
    CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:30 | 阅读:28 | 回复:0
  • CVE-2022-0664
    CVE-2022-0664
    Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker prior to 0.8.5,0.9.4,0.10.0,0.10.1.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:30 | 阅读:21 | 回复:0
  • CVE-2022-0631
    CVE-2022-0631
    Heap-based Buffer Overflow in Homebrew mruby prior to 3.2.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:30 | 阅读:17 | 回复:0
  • CVE-2022-0451
    CVE-2022-0451
    Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. These headers may be explicitly set and contain sensitive information. By ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:30 | 阅读:17 | 回复:0
  • CVE-2022-25299
    CVE-2022-25299
    This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mg_http_upload() method may enable attackers to write files to arbitrary locations outside t ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:30 | 阅读:17 | 回复:0
  • CVE-2022-25298
    CVE-2022-25298
    This affects the package sprinfall/webcc before 0.3.0. It is possible to traverse directories to fetch arbitrary files from the server.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:30 | 阅读:18 | 回复:0
  • CVE-2021-46372
    CVE-2021-46372
    Scoold 1.47.2 is a QA/knowledge base platform written in Java. When writing a QA, the markdown editor is vulnerable to a XSS attack when using uppercase letters.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:30 | 阅读:18 | 回复:0
  • CVE-2022-0660
    CVE-2022-0660
    Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:30 | 阅读:17 | 回复:0
  • CVE-2020-8107
    CVE-2020-8107
    A Process Control vulnerability in ProductAgentUI.exe as used in Bitdefender Antivirus Plus allows an attacker to tamper with product settings via a specially crafted DLL file. This issue affects: Bit ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:30 | 阅读:16 | 回复:0
  • CVE-2022-25321
    CVE-2022-25321
    An issue was discovered in Cerebrate through 1.4. XSS could occur in the bookmarks component.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:30 | 阅读:16 | 回复:0
  • CVE-2022-25320
    CVE-2022-25320
    An issue was discovered in Cerebrate through 1.4. Username enumeration could occur.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:30 | 阅读:16 | 回复:0
  • CVE-2022-25319
    CVE-2022-25319
    An issue was discovered in Cerebrate through 1.4. Endpoints could be open even when not enabled.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:30 | 阅读:16 | 回复:0
  • CVE-2022-25318
    CVE-2022-25318
    An issue was discovered in Cerebrate through 1.4. An incorrect sharing group ACL allowed an unprivileged user to edit and modify sharing groups.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:30 | 阅读:16 | 回复:0
  • CVE-2022-25317
    CVE-2022-25317
    An issue was discovered in Cerebrate through 1.4. genericForm allows reflected XSS in form descriptions via a user-controlled description.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:30 | 阅读:16 | 回复:0
  • CVE-2022-25315
    CVE-2022-25315
    In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:30 | 阅读:17 | 回复:0
  • CVE-2022-25314
    CVE-2022-25314
    In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:30 | 阅读:21 | 回复:0
  • CVE-2022-25313
    CVE-2022-25313
    In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:30 | 阅读:21 | 回复:0
  • CVE-2021-46108
    CVE-2021-46108
    D-Link DSL-2730E CT-20131125 devices allow XSS via the username parameter to the password page in the maintenance configuration.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:30 | 阅读:21 | 回复:0
  • CVE-2022-22922
    CVE-2022-22922
    TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovered to use highly predictable and easily detectable session keys, allowing attackers to gain administrative privileges.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:30 | 阅读:21 | 回复:0
  • CVE-2021-41599
    CVE-2021-41599
    A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permis ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:30 | 阅读:27 | 回复:0
  • CVE-2021-4120
    CVE-2021-4120
    snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content inter ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:30 | 阅读:20 | 回复:0
  • CVE-2021-44731
    CVE-2021-44731
    A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their o ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:30 | 阅读:13 | 回复:0
  • CVE-2021-44730
    CVE-2021-44730
    snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binar ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:30 | 阅读:15 | 回复:0
  • CVE-2021-3155
    CVE-2021-3155
    snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been priv ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:30 | 阅读:15 | 回复:0
  • CVE-2022-22916
    CVE-2022-22916
    O2OA v6.4.7 was discovered to contain a remote code execution (RCE) vulnerability via /x_program_center/jaxrs/invoke.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:30 | 阅读:11 | 回复:0
  • CVE-2021-46319
    CVE-2021-46319
    Remote Code Execution (RCE) vulnerability exists in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicious users can use this vulnerability to use \ or backticks to ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:30 | 阅读:13 | 回复:0
  • CVE-2021-46315
    CVE-2021-46315
    Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetWizardConfig.php in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicoius users can use this ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:30 | 阅读:14 | 回复:0
  • CVE-2022-23646
    CVE-2022-23646
    Next.js is a React framework. Starting with version 10.0.0 and prior to version 12.1.0, Next.js is vulnerable to User Interface (UI) Misrepresentation of Critical Information. In order to be affected, ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:30 | 阅读:13 | 回复:0
  • CVE-2022-22914
    CVE-2022-22914
    An incorrect access control issue in the component FileManager of Ovidentia CMS 6.0 allows authenticated attackers to to view and download content in the upload directory via path traversal.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:30 | 阅读:13 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap