漏洞 - 第489页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2020-35210

A vulnerability in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via a Raft session flooding attack using Raft OpenSessionRequest messages.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：42 | 回复：0
CVE漏洞

CVE-2020-35209

An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to join a target cluster via providing configuration information.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-44317

In Bus Pass Management System v1.0, parameters 'pagedes' and `About Us` are affected with a Stored Cross-site scripting vulnerability.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：41 | 回复：0
CVE漏洞

CVE-2021-44315

In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which allows an attacker to view the sensitive files of the application, for example: Any file which contain ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：37 | 回复：0
CVE漏洞

CVE-2021-43837

vault-cli is a configurable command-line interface tool (and python library) to interact with Hashicorp Vault. In versions before 3.0.0 vault-cli features the ability for rendering templated values. W ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-43812

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before 1.6.2 do not filter out certain returnTo parameter values from the login url, which exp ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：39 | 回复：0
CVE漏洞

CVE-2021-42550

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：54 | 回复：0
CVE漏洞

CVE-2021-41262

Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to SQL injection attacks by users with member privil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：61 | 回复：0
CVE漏洞

CVE-2021-41261

Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to stored cross site scripting attacks via the prefe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-41028

A combination of a use of hard-coded cryptographic key vulnerability in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability in FortiClientWindows, Fo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：55 | 回复：0
CVE漏洞

CVE-2021-38244

A regular expression denial of service (ReDoS) vulnerability exits in cbioportal 3.6.21 and older via a POST request to /ProteinArraySignificanceTest.json.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：59 | 回复：0
CVE漏洞

CVE-2021-37262

JFinal_cms 5.1.0 is vulnerable to regex injection that may lead to Denial of Service.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：49 | 回复：0
CVE漏洞

CVE-2021-41962

Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the Owner fullname parameter in a Send Service Request in vehicle_service.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：66 | 回复：0
CVE漏洞

CVE-2021-41260

Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 do not check for Cross Site Request Forgery attacks. All users a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：54 | 回复：0
CVE漏洞

CVE-2021-42912

FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send commands to the operating system as the root ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：56 | 回复：0
CVE漏洞

CVE-2021-3960

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：62 | 回复：0
CVE漏洞

CVE-2021-3959

A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：39 | 回复：0
CVE漏洞

CVE-2021-4124

janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-40835

An URL Address bar spoofing vulnerability was discovered in Safe Browser for iOS. When user clicks on a specially crafted a malicious URL, if user does not carefully pay attention to url, user may be ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：39 | 回复：0
CVE漏洞

CVE-2021-4123

livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-4121

yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-45102

An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x before 9.1.2. When authenticating to an HTCondor daemon using a SciToken, a user may be granted authorizations beyond what the token sh ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：41 | 回复：0
CVE漏洞

CVE-2021-45101

An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, and 9.1.x before 9.1.2. Using standard command-line tools, a user with only READ access to an HTCondor SchedD or Collector daemon ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：41 | 回复：0
CVE漏洞

CVE-2021-45100

The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This occurs because it sets the SMB2_GLOBAL_CAP ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-45099

** DISPUTED ** The addon.stdin service in addon-ssh (aka Home Assistant Community Add-on: SSH Web Terminal) before 10.0.0 has an attack surface that requires social engineering. NOTE: the vendor does ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-45098

An issue was discovered in Suricata before 6.0.4. It is possible to bypass/evade any HTTP-based signature by faking an RST TCP packet with random TCP options of the md5header from the client side. Aft ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-45097

KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the administrator's password in a file without appropriate file access controls, allowing all local us ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-45096

KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external XML entity injection) via a crafted workflow file (.knwf), aka AP-17730.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：41 | 回复：0
CVE漏洞

CVE-2021-45095

pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：39 | 回复：0
CVE漏洞

CVE-2021-45092

Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-45088

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-45087

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：54 | 回复：0
CVE漏洞

CVE-2021-45086

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：51 | 回复：0
CVE漏洞

CVE-2021-45085

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：54 | 回复：0
CVE漏洞

CVE-2021-44023

A link following denial-of-service (DoS) vulnerability in the Trend Micro Security (Consumer) 2021 familiy of products could allow an attacker to abuse the PC Health Checkup feature of the product to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：48 | 回复：0
CVE漏洞

CVE-2021-43834

eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows an attacker to authenticate as an existing user, if that user was cre ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：61 | 回复：0
CVE漏洞

CVE-2021-43833

eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows any authenticated user to gain access to arbitrary accounts by settin ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：49 | 回复：0
CVE漏洞

CVE-2021-45018

Cross Site Scripting (XSS) vulnerability exists in Catfish =6.3.0 via a Google search in url:/catfishcms/index.php/admin/Index/addmenu.htmland then the .html file on the website that uses this editor ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：52 | 回复：0
CVE漏洞

CVE-2021-45017

Cross Site Request Forgery (CSRF) vulnerability exits in Catfish =6.1.* when you upload an html file containing CSRF on the website that uses a google editor; you can specify the menu url address as y ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：37 | 回复：0
CVE漏洞

CVE-2021-44350

SQL Injection vulnerability exists in ThinkPHP5 5.0.x =5.1.22 via the parseOrder function in Builder.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：35 | 回复：0