• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号
登陆 注册
描述文字
OGeek|极客世界-中国程序员成长平台 门户 漏洞

漏洞

RSS

下级分类:

  • CVE-2021-44223
    CVE漏洞
    CVE-2021-44223
    WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:82 | 回复:0
  • CVE-2021-44219
    CVE漏洞
    CVE-2021-44219
    Gin-Vue-Admin before 2.4.6 mishandles a SQL database.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:23 | 回复:0
  • CVE-2021-43778
    CVE漏洞
    CVE-2021-43778
    Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. This ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:19 | 回复:0
  • CVE-2021-41270
    CVE漏洞
    CVE-2021-41270
    Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 befo ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:12 | 回复:0
  • CVE-2021-41268
    CVE漏洞
    CVE-2021-41268
    Symfony/SecurityBundle is the security system for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Since the rework of the Remember me cookie in version ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:15 | 回复:0
  • CVE-2021-41267
    CVE漏洞
    CVE-2021-41267
    Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the trusted_headers al ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:13 | 回复:0
  • CVE-2021-22957
    CVE漏洞
    CVE-2021-22957
    A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Protect application Version 1.19.2 and earlier allows a malicious actor who has convinced a privileged user to access a URL with mal ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:12 | 回复:0
  • CVE-2021-43268
    CVE漏洞
    CVE-2021-43268
    An issue was discovered in VxWorks 6.9 through 7. In the IKE component, a specifically crafted packet may lead to reading beyond the end of a buffer, or a double free.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:21 | 回复:0
  • CVE-2021-38873
    CVE漏洞
    CVE-2021-38873
    IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:33 | 回复:0
  • CVE-2021-36917
    CVE漏洞
    CVE-2021-36917
    WordPress Hide My WP plugin (versions = 6.2.3) can be deactivated by any unauthenticated user. It is possible to retrieve a reset token which can then be used to deactivate the plugin.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:15 | 回复:0
  • CVE-2021-36916
    CVE漏洞
    CVE-2021-36916
    The SQL injection vulnerability in the Hide My WP WordPress plugin (versions = 6.2.3) is possible because of how the IP address is retrieved and used inside a SQL query. The function hmwp_get_user_ip ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:19 | 回复:0
  • CVE-2021-34424
    CVE漏洞
    CVE-2021-34424
    A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:27 | 回复:0
  • CVE-2021-34423
    CVE漏洞
    CVE-2021-34423
    A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:19 | 回复:0
  • CVE-2021-22049
    CVE漏洞
    CVE-2021-22049
    The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. A malicious actor with network access to port 443 on vCenter ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:15 | 回复:0
  • CVE-2021-21980
    CVE漏洞
    CVE-2021-21980
    The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain acces ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:16 | 回复:0
  • CVE-2021-43780
    CVE漏洞
    CVE-2021-43780
    Redash is a package for data visualization and sharing. In versions 10.0 and priorm the implementation of URL-loading data sources like JSON, CSV, or Excel is vulnerable to advanced methods of Server ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:56 | 回复:0
  • CVE-2021-43777
    CVE漏洞
    CVE-2021-43777
    Redash is a package for data visualization and sharing. In Redash version 10.0 and prior, the implementation of Google Login (via OAuth) incorrectly uses the `state` parameter to pass the next URL to ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:16 | 回复:0
  • CVE-2021-41192
    CVE漏洞
    CVE-2021-41192
    Redash is a package for data visualization and sharing. If an admin sets up Redash versions 10.0.0 and prior without explicitly specifying the `REDASH_COOKIE_SECRET` or `REDASH_SECRET_KEY` environment ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:40 | 回复:0
  • CVE-2021-3554
    CVE漏洞
    CVE-2021-3554
    Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:39 | 回复:0
  • CVE-2021-3553
    CVE漏洞
    CVE-2021-3553
    A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:15 | 回复:0
  • CVE-2021-3552
    CVE漏洞
    CVE-2021-3552
    A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:14 | 回复:0
  • CVE-2021-32037
    CVE漏洞
    CVE-2021-32037
    An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. Usually, the requests are sent via mongos and spe ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:31 | 回复:0
  • CVE-2021-31822
    CVE漏洞
    CVE-2021-31822
    When Octopus Tentacle is installed on a Linux operating system, the systemd service file permissions are misconfigured. This could lead to a local unprivileged user modifying the contents of the syste ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:21 | 回复:0
  • CVE-2021-20850
    CVE漏洞
    CVE-2021-20850
    PowerCMS XMLRPC API of PowerCMS 5.19 and earlier, PowerCMS 4.49 and earlier, PowerCMS 3.295 and earlier, and PowerCMS 2 Series (End-of-Life, EOL) allows a remote attacker to execute an arbitrary OS co ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:25 | 回复:0
  • CVE-2021-20848
    CVE漏洞
    CVE-2021-20848
    Cross-site scripting vulnerability in rwtxt versions prior to v1.8.6 allows a remote attacker to inject an arbitrary script via unspecified vectors.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:39 | 回复:0
  • CVE-2021-20846
    CVE漏洞
    CVE-2021-20846
    Cross-site request forgery (CSRF) vulnerability in Push Notifications for WordPress (Lite) versions prior to 6.0.1 allows a remote attacker to hijack the authentication of an administrator and conduct ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:15 | 回复:0
  • CVE-2021-20845
    CVE漏洞
    CVE-2021-20845
    Cross-site request forgery (CSRF) vulnerability in Unlimited Sitemap Generator versions prior to v8.2 allows a remote attacker to hijack the authentication of an administrator and conduct arbitrary op ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:21 | 回复:0
  • CVE-2021-20844
    CVE漏洞
    CVE-2021-20844
    Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:20 | 回复:0
  • CVE-2021-36780
    CVE漏洞
    CVE-2021-36780
    A Improper Access Control vulnerability in longhorn of SUSE Longhorn allows attackers to connect to a longhorn-engine replica instance granting it the ability to read and write data to and from a repl ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:38 | 回复:0
  • CVE-2021-36779
    CVE漏洞
    CVE-2021-36779
    A Improper Access Control vulnerability inf SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Lon ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:36 | 回复:0
  • CVE-2021-45038
    CVE漏洞
    CVE-2021-45038
    An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. By using an action=rollback query, attackers can view private wiki contents.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:45 | 回复:0
  • CVE-2021-44857
    CVE漏洞
    CVE-2021-44857
    An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=mcrundo followed by action=mcrrestore to replace the content of any arb ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:63 | 回复:0
  • CVE-2021-41843
    CVE漏洞
    CVE-2021-41843
    An authenticated SQL injection issue in the calendar search function of OpenEMR 6.0.0 before patch 3 allows an attacker to read data from all tables of the database via the parameter provider_id, as d ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:33 | 回复:0
  • CVE-2021-3179
    CVE漏洞
    CVE-2021-3179
    GGLocker iOS application, contains an insecure data storage of the password hash value which results in an authentication bypass.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:39 | 回复:0
  • CVE-2021-26800
    CVE漏洞
    CVE-2021-26800
    Cross Site Request Forgery (CSRF) vulnerability in Change-password.php in phpgurukul user management system in php using stored procedure V1.0, allows attackers to change the password to an arbitrary ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:52 | 回复:0
  • CVE-2020-35216
    CVE漏洞
    CVE-2020-35216
    An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false member down event messages.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:52 | 回复:0
  • CVE-2020-35215
    CVE漏洞
    CVE-2020-35215
    An issue in Atomix v3.1.5 allows attackers to access sensitive information when a malicious Atomix node queries distributed variable primitives which contain the entire primitive lists that ONOS nodes ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:29 | 回复:0
  • CVE-2020-35214
    CVE漏洞
    CVE-2020-35214
    An issue in Atomix v3.1.5 allows a malicious Atomix node to remove states of ONOS storage via abuse of primitive operations.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:36 | 回复:0
  • CVE-2020-35213
    CVE漏洞
    CVE-2020-35213
    An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false link event messages sent to a master ONOS node.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:34 | 回复:0
  • CVE-2020-35211
    CVE漏洞
    CVE-2020-35211
    An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to become the lead node in a target cluster via manipulation of the variable terms in RaftContext.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:27 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap