• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号
登陆 注册
描述文字
OGeek|极客世界-中国程序员成长平台 门户 漏洞

漏洞

RSS

下级分类:

  • CVE-2022-23106
    CVE漏洞
    CVE-2022-23106
    Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a val ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:15 | 回复:0
  • CVE-2022-23105
    CVE漏洞
    CVE-2022-23105
    Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:14 | 回复:0
  • CVE-2022-20621
    CVE漏洞
    CVE-2022-20621
    Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins contro ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:14 | 回复:0
  • CVE-2022-20620
    CVE漏洞
    CVE-2022-20620
    Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:14 | 回复:0
  • CVE-2022-20619
    CVE漏洞
    CVE-2022-20619
    A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specif ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:16 | 回复:0
  • CVE-2022-20618
    CVE漏洞
    CVE-2022-20618
    A missing permission check in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenki ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:16 | 回复:0
  • CVE-2022-20617
    CVE漏洞
    CVE-2022-20617
    Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permissi ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:17 | 回复:0
  • CVE-2022-20616
    CVE漏洞
    CVE-2022-20616
    Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credentia ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:17 | 回复:0
  • CVE-2022-20615
    CVE漏洞
    CVE-2022-20615
    Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting (XSS) vulnerability explo ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:11 | 回复:0
  • CVE-2022-20614
    CVE漏洞
    CVE-2022-20614
    A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specif ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:12 | 回复:0
  • CVE-2022-20613
    CVE漏洞
    CVE-2022-20613
    A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specifie ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:12 | 回复:0
  • CVE-2022-20612
    CVE漏洞
    CVE-2022-20612
    A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:9 | 回复:0
  • CVE-2021-46225
    CVE漏洞
    CVE-2021-46225
    A buffer overflow in the GmfOpenMesh() function of libMeshb v7.61 allows attackers to cause a Denial of Service (DoS) via a crafted MESH file.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:15 | 回复:0
  • CVE-2021-45449
    CVE漏洞
    CVE-2021-45449
    Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user's machine during login. This only affects users if they are on Docker Des ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:14 | 回复:0
  • CVE-2021-42559
    CVE漏洞
    CVE-2021-42559
    An issue was discovered in CALDERA 2.8.1. It contains multiple startup requirements that execute commands when starting the server. Because these commands can be changed via the REST API, an authentic ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:12 | 回复:0
  • CVE-2021-42558
    CVE漏洞
    CVE-2021-42558
    An issue was discovered in CALDERA 2.8.1. It contains multiple reflected, stored, and self XSS vulnerabilities that may be exploited by authenticated and unauthenticated attackers.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:19 | 回复:0
  • CVE-2021-41597
    CVE漏洞
    CVE-2021-41597
    SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the UpgradeWizard functionality, if a PHP file is included in a ZIP archive.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:24 | 回复:0
  • CVE-2022-21676
    CVE漏洞
    CVE-2022-21676
    Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on th ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:28 | 回复:0
  • CVE-2022-21675
    CVE漏洞
    CVE-2022-21675
    Bytecode Viewer (BCV) is a Java/Android reverse engineering suite. Versions of the package prior to 2.11.0 are vulnerable to Arbitrary File Write via Archive Extraction (AKA Zip Slip). The vulnerabili ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:24 | 回复:0
  • CVE-2021-43960
    CVE漏洞
    CVE-2021-43960
    ** DISPUTED ** Lorensbergs Connect2 3.13.7647.20190 is affected by an XSS vulnerability. Exploitation requires administrator privileges and is performed through the Wizard editor of the application. T ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:25 | 回复:0
  • CVE-2021-42562
    CVE漏洞
    CVE-2021-42562
    An issue was discovered in CALDERA 2.8.1. It does not properly segregate user privileges, resulting in non-admin users having access to read and modify configuration or other components that should on ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:47 | 回复:0
  • CVE-2021-42561
    CVE漏洞
    CVE-2021-42561
    An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized name parameter to a python os.system function. This allows attackers to use shell metacharacters (e.g. ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:34 | 回复:0
  • CVE-2021-42560
    CVE漏洞
    CVE-2021-42560
    An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives base64 encoded SVG parameters when generating a PDF document. These SVG documents are parsed in an unsafe manner and can be levera ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:38 | 回复:0
  • CVE-2021-36417
    CVE漏洞
    CVE-2021-36417
    A heap-based buffer overflow vulnerability exists in GPAC v1.0.1 in the gf_isom_dovi_config_get function in MP4Box, which causes a denial of service or execute arbitrary code via a crafted file.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:62 | 回复:0
  • CVE-2021-35500
    CVE漏洞
    CVE-2021-35500
    The Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:159 | 回复:0
  • CVE-2022-0015
    CVE漏洞
    CVE-2022-0015
    A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables an authenticated local user to execute programs with elevated privileges. This issue impa ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:45 | 回复:0
  • CVE-2022-0014
    CVE漏洞
    CVE-2022-0014
    An untrusted search path vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker with file creation privilege in the Windows root directory (such as C:\) to store ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:77 | 回复:0
  • CVE-2022-0013
    CVE漏洞
    CVE-2022-0013
    A file information exposure vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker to read the contents of arbitrary files on the system with elevated privileges ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:44 | 回复:0
  • CVE-2022-0012
    CVE漏洞
    CVE-2022-0012
    An improper link resolution before file access vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables a local user to delete arbitrary system files and impac ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:30 | 回复:0
  • CVE-2021-45445
    CVE漏洞
    CVE-2021-45445
    Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0, and 62.0 has an Infinite Loop.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:30 | 回复:0
  • CVE-2021-28377
    CVE漏洞
    CVE-2021-28377
    ChronoForums 2.0.11 allows av Directory Traversal to read arbitrary files.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:24 | 回复:0
  • CVE-2021-28376
    CVE漏洞
    CVE-2021-28376
    ChronoForms 7.0.7 allows fname Directory Traversal to read arbitrary files.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:20 | 回复:0
  • CVE-2021-45411
    CVE漏洞
    CVE-2021-45411
    In Sourcecodetester Printable Staff ID Card Creator System 1.0 after compromising the database via SQLi, an attacker can log in and leverage an arbitrary file upload vulnerability to obtain remote cod ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:23 | 回复:0
  • CVE-2021-45388
    CVE漏洞
    CVE-2021-45388
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-45608. Reason: This candidate is a reservation duplicate of CVE-2021-45608. Notes: All CVE users should reference CVE-2021-45608 ins ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:22 | 回复:0
  • CVE-2021-43436
    CVE漏洞
    CVE-2021-43436
    MartDevelopers Inc iResturant v1.0 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:23 | 回复:0
  • CVE-2021-38892
    CVE漏洞
    CVE-2021-38892
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:28 | 回复:0
  • CVE-2021-44652
    CVE漏洞
    CVE-2021-44652
    Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:29 | 回复:0
  • CVE-2021-44651
    CVE漏洞
    CVE-2021-44651
    Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote code execution through the updatePersonalizeSettings component due to an improper security patch for CVE-2021-40175.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:36 | 回复:0
  • CVE-2021-4080
    CVE漏洞
    CVE-2021-4080
    crater is vulnerable to Unrestricted Upload of File with Dangerous Type……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:69 | 回复:0
  • CVE-2021-44650
    CVE漏洞
    CVE-2021-44650
    Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote command execution when updating proxy settings through the Admin ProxySettings and Tenant ProxySettings components.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:34 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap