漏洞 - 第469页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-44874

Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Insecure design on report build via SQL query. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:43 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-43839

Cronos is a commercial implementation of a blockchain. In Cronos nodes running versions before v0.6.5, it is possible to take transaction fees from Cosmos SDK's FeeCollector for the current block ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:43 | 阅读：5 | 回复：0
CVE漏洞

CVE-2021-43587

Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, and 2.6, use hard-coded cryptographic key. A local high-privileged malicious user may potentially exploit this vulnerability to ga ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:43 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-36350

Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authentication bypass by primary weakness in one of the authentication factors. A remote unauthenticated attacker may potentially exploit this ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:43 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-36341

Dell Wyse Device Agent version 14.5.4.1 and below contain a sensitive data exposure vulnerability. A local authenticated user with low privileges could potentially exploit this vulnerability in order ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:43 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-36337

Dell Wyse Management Suite version 3.3.1 and prior support insecure Transport Security Protocols TLS 1.0 and TLS 1.1 which are susceptible to Man-In-The-Middle attacks thereby compromising Confidentia ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:43 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-36336

Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that could allow an unauthenticated attacker to execute code on the affected system.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:43 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-36318

Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. A high privileged user could potentially exploit this vulnerability, leading to a complete outage ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:43 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-36317

Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in AvInstaller. A local attacker could potentially exploit this vulnerability, leading to the disclosure of cer ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:43 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-36316

Dell EMC Avamar Server versions 18.2, 19.1, 19.2, 19.3, and 19.4 contain an improper privilege management vulnerability in AUI. A malicious user with high privileges could potentially exploit this vul ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:43 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-45091

Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access Control.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:43 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-45090

Stormshield Endpoint Security before 2.1.2 allows remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:43 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-45089

Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Control.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:43 | 阅读：12 | 回复：0
CVE漏洞

CVE-2012-20001

PrestaShop before 1.5.2 allows XSS via the object data='data:text/html substring in the message field.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:43 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-4139

pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')……

作者：菜鸟教程小白 | 时间：2022-2-5 12:43 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-45255

The email parameter from ajax.php of Video Sharing Website 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's load_file function with a UNC ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:43 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-45253

The id parameter in view_storage.php from Simple Cold Storage Management System 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's load_fil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:43 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-45252

Multiple SQL injection vulnerabilities are found on Simple Forum-Discussion System 1.0 For example on three applications which are manage_topic.php, manage_user.php, and ajax.php. The attacker can be ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:43 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-24981

The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP shell uploads in the wp-content/plugins directory.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:43 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-24956

The Blog2Social: Social Media Auto Post Scheduler WordPress plugin before 6.8.7 does not sanitise and escape the b2sShowByDate parameter before outputting it back in an admin page, leading to a Refle ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:43 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-24941

The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin before 2.0.5 does not sanitise and escape the message_id parameter of the get_message_action_row AJAX action before outputti ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:43 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-24907

The Contact Form, Drag and Drop Form Builder for WordPress plugin before 1.8.0 does not escape the status parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripti ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:43 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-24849

The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:43 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-24846

The get_query() function of the Ni WooCommerce Custom Order Status WordPress plugin before 1.9.7, used by the niwoocos_ajax AJAX action, available to all authenticated users, does not properly sanitis ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:43 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-24750

The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which cou ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:43 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-24739

The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature……

作者：菜鸟教程小白 | 时间：2022-2-5 12:43 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-24738

The Logo Carousel WordPress plugin before 3.4.2 does not validate and escape the Logo Margin carousel option, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:43 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-24578

The SportsPress WordPress plugin before 2.7.9 does not sanitise and escape its match_day parameter before outputting back in the Events backend page, leading to a Reflected Cross-Site Scripting issue……

作者：菜鸟教程小白 | 时间：2022-2-5 12:43 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-45451

In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:43 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-45450

In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:43 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-43842

Wiki.js is a wiki app built on Node.js. Wiki.js versions 2.5.257 and earlier are vulnerable to stored cross-site scripting through a SVG file upload. By creating a crafted SVG file, a malicious Wiki.j ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:43 | 阅读：18 | 回复：0
CVE漏洞

CVE-2020-3709

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:43 | 阅读：16 | 回复：0
CVE漏洞

CVE-2020-3708

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:43 | 阅读：22 | 回复：0
CVE漏洞

CVE-2020-3707

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:43 | 阅读：26 | 回复：0
CVE漏洞

CVE-2020-3706

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:43 | 阅读：8 | 回复：0
CVE漏洞

CVE-2020-3705

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:43 | 阅读：22 | 回复：0
CVE漏洞

CVE-2020-3697

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:43 | 阅读：19 | 回复：0
CVE漏洞

CVE-2020-3695

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:43 | 阅读：25 | 回复：0
CVE漏洞

CVE-2020-3682

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:43 | 阅读：15 | 回复：0
CVE漏洞

CVE-2020-3631

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:43 | 阅读：21 | 回复：0