漏洞 - 第513页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2018-25022

The Onion module in toxcore before 0.2.2 doesn't restrict which packets can be onion-routed, which allows a remote attacker to discover a target user's IP address (when knowing only their Tox ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：23 | 回复：0
CVE漏洞

CVE-2018-25021

The TCP Server module in toxcore before 0.2.8 doesn't free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the system's memory, causing a denial of s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-44833

The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the configuration file.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-44515

Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-41805

HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has Incorrect Access Control. An ACL token (with the default operator:write permissions) in one namespace can b ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-4097

phpservermon is vulnerable to Improper Neutralization of CRLF Sequences……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-4092

yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF)……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-41242

OpenOlat is a web-basedlearning management system. A path traversal vulnerability exists in OpenOlat prior to versions 15.5.12 and 16.0.5. By providing a filename that contains a relative path as a pa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-26340

A malicious hypervisor in conjunction with an unprivileged attacker process inside an SEV/SEV-ES guest VM may fail to flush the Translation Lookaside Buffer (TLB) resulting in unexpected behavior insi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：26 | 回复：0
CVE漏洞

CVE-2020-12890

Improper handling of pointers in the System Management Mode (SMM) handling code may allow for a privileged attacker with physical or administrative access to potentially manipulate the AMD Generic Enc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-43815

Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-4089

snipe-it is vulnerable to Improper Access Control……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-23700

All versions of package merge-deep2 are vulnerable to Prototype Pollution via the mergeDeep() function.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-23663

All versions of package sey are vulnerable to Prototype Pollution via the deepmerge() function.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-23639

The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execution (RCE) due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-23561

All versions of package comb are vulnerable to Prototype Pollution via the deepMerge() function.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-23463

The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data fro ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-31747

Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in update_applet.php, which could lead to man-in-the-middle attacks.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-27984

In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading files.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-27983

Remote Code Execution (RCE) vulnerability exists in MaxSite CMS v107.5 via the Documents page.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-43813

Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-38937

IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authenticated user to cause the system to crash using a specially crafted IBMi Hypervisor call. IBM X-Force ID: 210894.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：5 | 回复：0
CVE漏洞

CVE-2021-38917

IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an attacker that gains service access to the FSP can read and write arbitrary host system memory through a series of carefully crafted servic ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：5 | 回复：0
CVE漏洞

CVE-2021-31746

Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an attacker to upload specially crafted zip files, resulting in directory traversal and potentially arbitrary code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-31745

Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 allows an attacker to sustain unauthorized access to the platform. Because Pluck does not invalidate prior sessions after a passwo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-37935

An information disclosure vulnerability in the login page of Huntflow Enterprise before 3.10.4 could allow an unauthenticated, remote user to get information about the domain name of the configured LD ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-37934

Due to insufficient server-side login-attempt limit enforcement, a vulnerability in /account/login in Huntflow Enterprise before 3.10.14 could allow an unauthenticated, remote user to perform multiple ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-36911

Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Comment Engine Pro plugin (versions = 1.0), could be exploited by users with Editor or higher role.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-29214

A security vulnerability has been identified in HPE StoreServ Management Console (SSMC). An authenticated SSMC administrator could exploit the vulnerability to inject code and elevate their privilege ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-3829

openwhyd is vulnerable to URL Redirection to Untrusted Site……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-40834

A user interface overlay vulnerability was discovered in F-secure SAFE Browser for Android. When user click on a specially crafted seemingly legitimate URL SAFE browser goes into full screen and hides ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-37189

An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. They do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：5 | 回复：0
CVE漏洞

CVE-2021-37188

An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may load customized firmware (because the bootloader does not verify that it is authentic), changing the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-37187

An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may read a password file (with reversible passwords) from the device, which allows decoding of other use ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-35978

An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows arbitrary remote command execution with SUPER privileges. This allows an attacker (with knowledge of the pro ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：41 | 回复：0
CVE漏洞

CVE-2021-4084

pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-4082

pimcore is vulnerable to Cross-Site Request Forgery (CSRF)……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-4081

pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-44228

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker control ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-43803

Next.js is a React framework. In versions of Next.js prior to 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In order to be affected by this issue, the deployment must use N ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：32 | 回复：0