• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号
登陆 注册
描述文字
OGeek|极客世界-中国程序员成长平台 门户 漏洞

漏洞

RSS

下级分类:

  • CVE-2021-31589
    CVE漏洞
    CVE-2021-31589
    A cross-site scripting (XSS) vulnerability has been reported and confirmed for BeyondTrust Secure Remote Access Base Software version 6.0.1 and older, which allows the injection of unauthenticated, sp ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 21:59 | 阅读:13 | 回复:0
  • CVE-2020-15933
    CVE漏洞
    CVE-2020-15933
    A exposure of sensitive information to an unauthorized actor in Fortinet FortiMail versions 6.0.9 and below, FortiMail versions 6.2.4 and below FortiMail versions 6.4.1 and 6.4.0 allows attacker to ob ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 21:59 | 阅读:13 | 回复:0
  • CVE-2021-22567
    CVE漏洞
    CVE-2021-22567
    Bidirectional Unicode text can be interpreted and compiled differently than how it appears in editors which can be exploited to get nefarious code passed a code review by appearing benign. An attacker ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 21:59 | 阅读:14 | 回复:0
  • CVE-2021-43946
    CVE漏洞
    CVE-2021-43946
    Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /se ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 21:59 | 阅读:14 | 回复:0
  • CVE-2021-45452
    CVE漏洞
    CVE-2021-45452
    Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it.……
    作者:菜鸟教程小白 | 时间:2022-6-22 21:59 | 阅读:15 | 回复:0
  • CVE-2021-45116
    CVE漏洞
    CVE-2021-45116
    An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filt ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 21:59 | 阅读:17 | 回复:0
  • CVE-2021-45115
    CVE漏洞
    CVE-2021-45115
    An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 21:59 | 阅读:18 | 回复:0
  • CVE-2021-41388
    CVE漏洞
    CVE-2021-41388
    Netskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability. The XPC implementation of nsAuxiliarySvc process does not perform validation on new connections before ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 21:59 | 阅读:19 | 回复:0
  • CVE-2021-22045
    CVE漏洞
    CVE-2021-22045
    VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device e ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 21:59 | 阅读:24 | 回复:0
  • CVE-2022-21650
    CVE漏洞
    CVE-2022-21650
    Convos is an open source multi-user chat that runs in a web browser. You can't use SVG extension in Convos' chat window, but you can upload a file with an .html extension. By uploading an SVG ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 21:59 | 阅读:25 | 回复:0
  • CVE-2022-21649
    CVE漏洞
    CVE-2022-21649
    Convos is an open source multi-user chat that runs in a web browser. Characters starting with https:// in the chat window create an a tag. Stored XSS vulnerability using onfocus and autofocus occurs b ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 21:59 | 阅读:22 | 回复:0
  • CVE-2022-21648
    CVE漏洞
    CVE-2022-21648
    Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a sandbox escape exists allowing for injecti ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 21:59 | 阅读:14 | 回复:0
  • CVE-2022-21647
    CVE漏洞
    CVE-2022-21647
    CodeIgniter is an open source PHP full-stack web framework. Deserialization of Untrusted Data was found in the `old()` function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary obj ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 21:59 | 阅读:15 | 回复:0
  • CVE-2022-21644
    CVE漏洞
    CVE-2022-21644
    USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via usersearch.php. In search terms provided by the user were not sanitized and were used dire ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 21:59 | 阅读:15 | 回复:0
  • CVE-2022-21643
    CVE漏洞
    CVE-2022-21643
    USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via register.php. In particular usernames, email addresses, and passwords provided by the user ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 21:59 | 阅读:13 | 回复:0
  • CVE-2021-43852
    CVE漏洞
    CVE-2021-43852
    OroPlatform is a PHP Business Application Platform. In affected versions by sending a specially crafted request, an attacker could inject properties into existing JavaScript language construct prototy ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 21:58 | 阅读:10 | 回复:0
  • CVE-2021-43850
    CVE漏洞
    CVE-2021-43850
    Discourse is an open source platform for community discussion. In affected versions admins users can trigger a Denial of Service attack via the `/message-bus/_diagnostics` path. The impact of this vul ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 21:58 | 阅读:11 | 回复:0
  • CVE-2021-43832
    CVE漏洞
    CVE-2021-43832
    Spinnaker is an open source, multi-cloud continuous delivery platform. Spinnaker has improper permissions allowing pipeline creation execution. This lets an arbitrary user with access to the gate end ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 21:58 | 阅读:9 | 回复:0
  • CVE-2021-43677
    CVE漏洞
    CVE-2021-43677
    Fluxbb v1.4.12 is affected by a Cross Site Scripting (XSS) vulnerability.……
    作者:菜鸟教程小白 | 时间:2022-6-22 21:58 | 阅读:6 | 回复:0
  • CVE-2021-41610
    CVE漏洞
    CVE-2021-41610
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-27339. Reason: This candidate is a reservation duplicate of CVE-2020-27339. Notes: All CVE users should reference CVE-2020-27339 ins ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 21:58 | 阅读:8 | 回复:0
  • CVE-2021-41236
    CVE漏洞
    CVE-2021-41236
    OroPlatform is a PHP Business Application Platform. In affected versions the email template preview is vulnerable to XSS payload added to email template content. An attacker must have permission to cr ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 21:58 | 阅读:10 | 回复:0
  • CVE-2021-41141
    CVE漏洞
    CVE-2021-41141
    PJSIP is a free and open source multimedia communication library written in the C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In various parts of PJSIP, ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 21:58 | 阅读:10 | 回复:0
  • CVE-2021-24042
    CVE漏洞
    CVE-2021-24042
    The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsA ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 21:58 | 阅读:10 | 回复:0
  • CVE-2022-0086
    CVE漏洞
    CVE-2022-0086
    uppy is vulnerable to Server-Side Request Forgery (SSRF)……
    作者:菜鸟教程小白 | 时间:2022-6-22 21:58 | 阅读:11 | 回复:0
  • CVE-2021-39143
    CVE漏洞
    CVE-2021-39143
    Spinnaker is an open source, multi-cloud continuous delivery platform. A path traversal vulnerability was discovered in uses of TAR files by AppEngine for deployments. This uses a utility to extract f ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 21:58 | 阅读:11 | 回复:0
  • CVE-2021-3845
    CVE漏洞
    CVE-2021-3845
    ws-scrcpy is vulnerable to External Control of File Name or Path……
    作者:菜鸟教程小白 | 时间:2022-6-22 21:58 | 阅读:12 | 回复:0
  • CVE-2022-20023
    CVE漏洞
    CVE-2022-20023
    In Bluetooth, there is a possible application crash due to bluetooth flooding a device with LMP_AU_rand packet. This could lead to remote denial of service of bluetooth with no additional execution pr ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 21:58 | 阅读:16 | 回复:0
  • CVE-2022-20022
    CVE漏洞
    CVE-2022-20022
    In Bluetooth, there is a possible link disconnection due to bluetooth does not properly handle a connection attempt from a host with the same BD address as the currently connected BT host. This could ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 21:58 | 阅读:27 | 回复:0
  • CVE-2022-20021
    CVE漏洞
    CVE-2022-20021
    In Bluetooth, there is a possible application crash due to bluetooth does not properly handle the reception of multiple LMP_host_connection_req. This could lead to remote denial of service of bluetoot ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 21:58 | 阅读:18 | 回复:0
  • CVE-2022-20020
    CVE漏洞
    CVE-2022-20020
    In libvcodecdrv, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interact ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 21:58 | 阅读:17 | 回复:0
  • CVE-2022-20019
    CVE漏洞
    CVE-2022-20019
    In libMtkOmxGsmDec, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User in ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 21:58 | 阅读:18 | 回复:0
  • CVE-2022-20018
    CVE漏洞
    CVE-2022-20018
    In seninf driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 21:58 | 阅读:16 | 回复:0
  • CVE-2022-20016
    CVE漏洞
    CVE-2022-20016
    In vow driver, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed f ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 21:58 | 阅读:17 | 回复:0
  • CVE-2022-20015
    CVE漏洞
    CVE-2022-20015
    In kd_camera_hw driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 21:58 | 阅读:16 | 回复:0
  • CVE-2022-20014
    CVE漏洞
    CVE-2022-20014
    In vow driver, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 21:58 | 阅读:19 | 回复:0
  • CVE-2022-20013
    CVE漏洞
    CVE-2022-20013
    In vow driver, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed f ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 21:58 | 阅读:18 | 回复:0
  • CVE-2022-20012
    CVE漏洞
    CVE-2022-20012
    In mdp driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is no ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 21:58 | 阅读:19 | 回复:0
  • CVE-2021-45912
    CVE漏洞
    CVE-2021-45912
    An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cuAgent.exe) before 8.5 potentially allows an attacker to run OS commands via the ProcessActionRequest WCF method.……
    作者:菜鸟教程小白 | 时间:2022-6-22 21:58 | 阅读:18 | 回复:0
  • CVE-2021-45389
    CVE漏洞
    CVE-2021-45389
    StarWind SAN NAS build 1578 and StarWind Command Center Build 6864 Update Manager allows authentication with JTW token which is signed with any key. An attacker could use self-signed JTW token to byp ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 21:58 | 阅读:20 | 回复:0
  • CVE-2021-41789
    CVE漏洞
    CVE-2021-41789
    In wifi driver, there is a possible system crash due to a missing validation check. This could lead to remote denial of service from a proximal attacker with no additional execution privileges needed. ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 21:58 | 阅读:18 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap