漏洞 - 第514页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-43802

Etherpad is a real-time collaborative editor. In versions prior to 1.8.16, an attacker can craft an `*.etherpad` file that, when imported, might allow the attacker to gain admin privileges for the Eth ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-43982

Delta Electronics CNCSoft Versions 1.01.30 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-37861

Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's password in audit logs when user creation fails.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-4033

kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-44514

OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-43608

Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of offset and length inputs to the generation of a LIMIT clause was not probably cast to an integer, allowing SQL injection to take pl ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：4 | 回复：0
CVE漏洞

CVE-2021-43797

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers clients. Netty prior to version 4.1.71.Final skips control ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：11 | 回复：0
CVE漏洞

CVE-2020-19683

A Cross Site Scripting (XSS) exists in ZZZCMS V1.7.1 via an editfile action in save.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：20 | 回复：0
CVE漏洞

CVE-2020-19682

A Cross Site Request Forgery (CSRF) vulnerability exits in ZZZCMS V1.7.1 via the save_user funciton in save.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-43703

An Incorrect Access Control vulnerability exists in zzcms less than or equal to 2019 via admin.php. After disabling JavaScript, you can directly access the administrator console.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-41265

Flask-AppBuilder is a development framework built on top of Flask. Verions prior to 3.3.4 contain an improper authentication vulnerability in the REST API. The issue allows for a malicious actor with ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-40282

An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 2021 in dl/dl_download.php. when registering ordinary users.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-40281

An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 in dl/dl_print.php when registering ordinary users.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-39002

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sens ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-38951

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：42 | 回复：0
CVE漏洞

CVE-2021-38931

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-38926

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to gain privileges due to allowing modification of columns of existing tasks. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-29678

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files. IBM X-Forc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-22568

When using the dart pub publish command to publish a package to a third-party package server, the request would be authenticated with an oauth2 access_token that is valid for publishing on pub.dev. Us ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-20373

IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictio ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：5 | 回复：0
CVE漏洞

CVE-2021-4038

Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) prior to 10.1 Minor 7 allows a remote authenticated administrator to embed a XSS in the administrator interface via sp ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-41697

A reflected Cross Site Scripting (XSS) vulnerability exists in Premiumdatingscript 4.2.7.7 via the aerror_description parameter in assets/sources/instagram.php script.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-41696

An authentication bypass (account takeover) vulnerability exists in Premiumdatingscript 4.2.7.7 due to a weak password reset mechanism in requests\user.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-41695

An SQL Injection vulnerability exists in Premiumdatingscript 4.2.7.7 via the ip parameter in connect.php. .……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-41694

An Incorrect Access Control vulnerability exists in Premiumdatingscript 4.2.7.7 via the password change procedure in requests\user.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-41246

Express OpenID Connect is express JS middleware implementing sign on for Express web apps using OpenID Connect. Versions before and including `2.5.1` do not regenerate the session id and session cooki ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-40280

An SQL Injection vulnerablitly exits in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/dl_sendmail.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-33098

Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may allow an authenticated user to potentially enable denial of service via local access.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-33097

Time-of-check time-of-use vulnerability in the Crypto API Toolkit for Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via network access.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-33073

Uncontrolled resource consumption in the Intel(R) Distribution of OpenVINOâ„¢ Toolkit before version 2021.4 may allow an unauthenticated user to potentially enable denial of service via local acces ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：39 | 回复：0
CVE漏洞

CVE-2021-33071

Incorrect default permissions in the installer for the Intel(R) oneAPI Rendering Toolkit before version 2021.2 may allow an authenticated user to potentially enable escalation of privilege via local a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-33063

Uncontrolled search path in the Intel(R) RealSense(TM) D400 Series UWP driver for Windows 10 before version 6.1.160.22 may allow an authenticated user to potentially enable escalation of privilege via ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-33062

Incorrect default permissions in the software installer for the Intel(R) VTune(TM) Profiler before version 2021.3.0 may allow an authenticated user to potentially enable escalation of privilege via lo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-33059

Improper input validation in the Intel(R) Administrative Tools for Intel(R) Network Adapters driver for Windows before version 1.4.0.15, may allow a privileged user to potentially enable escalation of ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：42 | 回复：0
CVE漏洞

CVE-2021-33058

Improper access control in the installer Intel(R)Administrative Tools for Intel(R) Network Adaptersfor Windowsbefore version 1.4.0.21 may allow an unauthenticated user to potentially enable escalation ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：51 | 回复：0
CVE漏洞

CVE-2021-0200

Out-of-bounds write in the firmware for Intel(R) Ethernet 700 Series Controllers before version 8.2 may allow a privileged user to potentially enable an escalation of privilege via local access.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-0199

Improper input validation in the firmware for the Intel(R) Ethernet Network Controller E810 before version 1.6.0.6 may allow a privileged user to potentially enable a denial of service via local acces ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-0198

Improper access control in the firmware for the Intel(R) Ethernet Network Controller E810 before version 1.5.5.6 may allow a privileged user to potentially enable a denial of service via local access.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-0197

Protection mechanism failure in the firmware for the Intel(R) Ethernet Network Controller E810 before version 1.5.5.6 may allow a privileged user to enable a denial of service via local access.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-0186

Improper input validation in the Intel(R) SGX SDK applications compiled for SGX2 enabled processors may allow a privileged user to potentially escalation of privilege via local access.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:35 | 阅读：19 | 回复：0