• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

漏洞

RSS

下级分类:

  • CVE-2022-22820
    CVE-2022-22820
    Due to the lack of media file checks before rendering, it was possible for an attacker to cause abnormal CPU consumption for message recipient by sending specially crafted gif image in LINE for Window ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:08 | 阅读:47 | 回复:0
  • CVE-2022-0282
    CVE-2022-0282
    Code Injection in Packagist microweber/microweber prior to 1.2.11.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:08 | 阅读:38 | 回复:0
  • CVE-2021-34600
    CVE-2021-34600
    Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for local authorization of users. This may lead to total l ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:08 | 阅读:76 | 回复:0
  • CVE-2022-22733
    CVE-2022-22733
    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:08 | 阅读:110 | 回复:0
  • CVE-2022-0281
    CVE-2022-0281
    Exposure of Sensitive Information to an Unauthorized Actor in Packagist microweber/microweber prior to 1.2.11.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:08 | 阅读:135 | 回复:0
  • CVE-2021-45230
    CVE-2021-45230
    In Apache Airflow prior to 2.2.0. This CVE applies to a specific case where a User who has can_create permissions on DAG Runs can create Dag Runs for dags that they don't have edit permissions for ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:08 | 阅读:109 | 回复:0
  • CVE-2021-3866
    CVE-2021-3866
    Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip more than and including 44f935695d452cc3fb16845a0c6af710438b153d and prior to 3eb2791c3e9695f7d37ffe84e0c2184fae665cb6.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:08 | 阅读:77 | 回复:0
  • CVE-2022-0278
    CVE-2022-0278
    Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:08 | 阅读:70 | 回复:0
  • CVE-2022-0277
    CVE-2022-0277
    Improper Access Control in Packagist microweber/microweber prior to 1.2.11.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:08 | 阅读:51 | 回复:0
  • CVE-2021-43269
    CVE-2021-43269
    In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy configuration to use a malicious proxy auto-config (PAC) file, leading to arbitrary code execution. This affec ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:08 | 阅读:50 | 回复:0
  • CVE-2021-46028
    CVE-2021-46028
    In mblog = 3.5.0 there is a CSRF vulnerability in the background article management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, the article will be deleted.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:08 | 阅读:82 | 回复:0
  • CVE-2021-46026
    CVE-2021-46026
    mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting (XSS) via the add blog tag function in the blog tag in the background blog management.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:08 | 阅读:43 | 回复:0
  • CVE-2022-21704
    CVE-2022-21704
    log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable (in unix). This could ca ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:08 | 阅读:48 | 回复:0
  • CVE-2021-4143
    CVE-2021-4143
    Cross-site Scripting (XSS) - Generic in GitHub repository bigbluebutton/bigbluebutton prior to 2.4.0.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:08 | 阅读:58 | 回复:0
  • CVE-2021-46027
    CVE-2021-46027
    mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, a blog tag will be added……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:08 | 阅读:49 | 回复:0
  • CVE-2021-46025
    CVE-2021-46025
    A Cross SIte Scripting (XSS) vulnerability exists in OneBlog = 2.2.8. via the add function in the operation tab list in the background.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:08 | 阅读:43 | 回复:0
  • CVE-2022-21701
    CVE-2022-21701
    Istio is an open platform to connect, manage, and secure microservices. In versions 1.12.0 and 1.12.1 Istio is vulnerable to a privilege escalation attack. Users who have `CREATE` permission for `gate ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:08 | 阅读:55 | 回复:0
  • CVE-2022-21699
    CVE-2022-21699
    IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:08 | 阅读:40 | 回复:0
  • CVE-2022-21679
    CVE-2022-21679
    Istio is an open platform to connect, manage, and secure microservices. In Istio 1.12.0 and 1.12.1 The authorization policy with hosts and notHosts might be accidentally bypassed for ALLOW action or r ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:08 | 阅读:46 | 回复:0
  • CVE-2022-23046
    CVE-2022-23046
    PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the subnet parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:08 | 阅读:35 | 回复:0
  • CVE-2022-23045
    CVE-2022-23045
    PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent JavaScript code inside the Site title parameter while updating the site settings. The Site title setting is injected in several l ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:08 | 阅读:35 | 回复:0
  • CVE-2021-44777
    CVE-2021-44777
    Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or bulk e-mail entries deletion discovered in Email Tracker WordPress plugin (versions = 5.2.6).……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:08 | 阅读:28 | 回复:0
  • CVE-2021-3816
    CVE-2021-3816
    Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the group_prefix field during the creation of a new group via Copy method at user_group_admin.php.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:08 | 阅读:25 | 回复:0
  • CVE-2021-26247
    CVE-2021-26247
    As an unauthenticated remote user, visit http://CACTI_SERVER/auth_changepassword.php?ref=scriptalert(1)/script to successfully execute the JavaScript payload present in the ref URL parameter.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:08 | 阅读:22 | 回复:0
  • CVE-2021-23843
    CVE-2021-23843
    The Bosch software tools AccessIPConfig.exe and AmcIpConfig.exe are used to configure certains settings in AMC2 devices. The tool allows putting a password protection on configured devices to restrict ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:08 | 阅读:40 | 回复:0
  • CVE-2021-23842
    CVE-2021-23842
    Communication to the AMC2 uses a state-of-the-art cryptographic algorithm for symmetric encryption called Blowfish. An attacker could retrieve the key from the firmware to decrypt network traffic betw ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:08 | 阅读:36 | 回复:0
  • CVE-2021-23225
    CVE-2021-23225
    Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the new_username field during creation of a new user via Copy method at user_admin.ph ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:08 | 阅读:33 | 回复:0
  • CVE-2022-22769
    CVE-2022-22769
    The Web server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, TIBCO EBX Add-ons, TIBCO EBX Add-ons, TIBCO EBX Add-ons, and TIBCO Product and Service Catalog powered by TIBCO E ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:08 | 阅读:32 | 回复:0
  • CVE-2022-0243
    CVE-2022-0243
    Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:08 | 阅读:35 | 回复:0
  • CVE-2021-38789
    CVE-2021-38789
    Allwinner R818 SoC Android Q SDK V1.0 is affected by an incorrect access control vulnerability that does not check the caller's permission, in which a third-party app could change system settings. ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:08 | 阅读:43 | 回复:0
  • CVE-2022-0274
    CVE-2022-0274
    Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:08 | 阅读:42 | 回复:0
  • CVE-2021-46204
    CVE-2021-46204
    Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. SQL injection vulnerability via taocms\include\Model\Article.php.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:08 | 阅读:62 | 回复:0
  • CVE-2021-46203
    CVE-2021-46203
    Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:08 | 阅读:127 | 回复:0
  • CVE-2021-44299
    CVE-2021-44299
    A reflected cross-site scripting (XSS) vulnerability in \lib\packages\themes\themes.php of Navigate CMS v2.9.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted pay ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:08 | 阅读:57 | 回复:0
  • CVE-2021-42810
    CVE-2021-42810
    A flaw in the previous versions of the product may allow an authenticated attacker the ability to execute code as a privileged user on a system where the agent is installed.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:08 | 阅读:65 | 回复:0
  • CVE-2021-33913
    CVE-2021-33913
    libspf2 before 1.2.11 has a heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:08 | 阅读:47 | 回复:0
  • CVE-2021-33912
    CVE-2021-33912
    libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:08 | 阅读:41 | 回复:0
  • CVE-2022-23221
    CVE-2022-23221
    H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a dif ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:08 | 阅读:139 | 回复:0
  • CVE-2022-22310
    CVE-2022-22310
    IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:08 | 阅读:34 | 回复:0
  • CVE-2021-38788
    CVE-2021-38788
    The Background service in Allwinner R818 SoC Android Q SDK V1.0 is used to manage background applications. Malicious apps can use the interface provided by the service to set the number of application ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:08 | 阅读:29 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap