• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号
登陆 注册
描述文字
OGeek|极客世界-中国程序员成长平台 门户 漏洞

漏洞

RSS

下级分类:

  • CVE-2021-29243
    CVE漏洞
    CVE-2021-29243
    Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:31 | 阅读:20 | 回复:0
  • CVE-2021-41772
    CVE漏洞
    CVE-2021-41772
    Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:31 | 阅读:22 | 回复:0
  • CVE-2021-41771
    CVE漏洞
    CVE-2021-41771
    ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:31 | 阅读:23 | 回复:0
  • CVE-2021-42372
    CVE漏洞
    CVE-2021-42372
    A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the s ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:31 | 阅读:5 | 回复:0
  • CVE-2021-42371
    CVE漏洞
    CVE-2021-42371
    lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:31 | 阅读:12 | 回复:0
  • CVE-2021-42370
    CVE漏洞
    CVE-2021-42370
    A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. (Viewing the passw ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:31 | 阅读:16 | 回复:0
  • CVE-2021-42078
    CVE漏洞
    CVE-2021-42078
    PHP Event Calendar through 2021-11-04 allows persistent cross-site scripting (XSS), as demonstrated by the /server/ajax/events_manager.php title parameter. This can be exploited by an adversary in mul ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:31 | 阅读:23 | 回复:0
  • CVE-2021-42077
    CVE漏洞
    CVE-2021-42077
    PHP Event Calendar before 2021-09-03 allows SQL injection, as demonstrated by the /server/ajax/user_manager.php username parameter. This can be used to execute SQL statements directly on the database, ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:31 | 阅读:10 | 回复:0
  • CVE-2021-42076
    CVE漏洞
    CVE-2021-42076
    An issue was discovered in Barrier before 2.3.4. An attacker can cause memory exhaustion in the barriers component (aka the server-side implementation of Barrier) and barrierc by sending long TCP mess ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:31 | 阅读:10 | 回复:0
  • CVE-2021-42075
    CVE漏洞
    CVE-2021-42075
    An issue was discovered in Barrier before 2.3.4. The barriers component (aka the server-side implementation of Barrier) does not correctly close file descriptors for established TCP connections. An un ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:31 | 阅读:16 | 回复:0
  • CVE-2021-42074
    CVE漏洞
    CVE-2021-42074
    An issue was discovered in Barrier before 2.3.4. An unauthenticated attacker can cause a segmentation fault in the barriers component (aka the server-side implementation of Barrier) by quickly opening ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:31 | 阅读:35 | 回复:0
  • CVE-2021-42073
    CVE漏洞
    CVE-2021-42073
    An issue was discovered in Barrier before 2.4.0. An attacker can enter an active session state with the barriers component (aka the server-side implementation of Barrier) simply by supplying a client ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:31 | 阅读:4 | 回复:0
  • CVE-2021-42072
    CVE漏洞
    CVE-2021-42072
    An issue was discovered in Barrier before 2.4.0. The barriers component (aka the server-side implementation of Barrier) does not sufficiently verify the identify of connecting clients. Clients can thu ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:31 | 阅读:17 | 回复:0
  • CVE-2021-34685
    CVE漏洞
    CVE-2021-34685
    UploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:31 | 阅读:7 | 回复:0
  • CVE-2021-34684
    CVE漏洞
    CVE-2021-34684
    Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:31 | 阅读:6 | 回复:0
  • CVE-2021-31602
    CVE漏洞
    CVE-2021-31602
    An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. The Security Model has different layers of Access Control. One of these layers is t ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:31 | 阅读:4 | 回复:0
  • CVE-2021-31601
    CVE漏洞
    CVE-2021-31601
    An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:31 | 阅读:10 | 回复:0
  • CVE-2021-31600
    CVE漏洞
    CVE-2021-31600
    An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:31 | 阅读:19 | 回复:0
  • CVE-2021-31599
    CVE漏洞
    CVE-2021-31599
    An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. A reports (.prpt) file allows the inclusion of BeanShell scripts to ease the produc ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:31 | 阅读:23 | 回复:0
  • CVE-2021-43414
    CVE漏洞
    CVE-2021-43414
    An issue was discovered in GNU Hurd before 0.9 20210404-9. The use of an authentication protocol in the proc server is vulnerable to man-in-the-middle attacks, which can be exploited for local privile ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:31 | 阅读:25 | 回复:0
  • CVE-2021-43413
    CVE漏洞
    CVE-2021-43413
    An issue was discovered in GNU Hurd before 0.9 20210404-9. A single pager port is shared among everyone who mmaps a file, allowing anyone to modify any files that they can read. This can be trivially ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:31 | 阅读:15 | 回复:0
  • CVE-2021-43412
    CVE漏洞
    CVE-2021-43412
    An issue was discovered in GNU Hurd before 0.9 20210404-9. libports accepts fake notification messages from any client on any port, which can lead to port use-after-free. This can be exploited for loc ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:31 | 阅读:22 | 回复:0
  • CVE-2021-43411
    CVE漏洞
    CVE-2021-43411
    An issue was discovered in GNU Hurd before 0.9 20210404-9. When trying to exec a setuid executable, there's a window of time when the process already has the new privileges, but still refers to th ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:31 | 阅读:25 | 回复:0
  • CVE-2021-25978
    CVE漏洞
    CVE-2021-25978
    Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stored XSS where an editor uploads an SVG file that contains malicious JavaScript onto the Images module, which triggers XSS once view ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:31 | 阅读:17 | 回复:0
  • CVE-2021-37471
    CVE漏洞
    CVE-2021-37471
    Cradlepoint IBR900-600 devices running versions 7.21.10 are vulnerable to a restricted shell escape sequence that provides an attacker the capability to simultaneously deny availability to the device ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:31 | 阅读:16 | 回复:0
  • CVE-2020-23130
    CVE漏洞
    CVE-2020-23130
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:31 | 阅读:18 | 回复:0
  • CVE-2020-23129
    CVE漏洞
    CVE-2020-23129
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:31 | 阅读:13 | 回复:0
  • CVE-2021-41251
    CVE漏洞
    CVE-2021-41251
    @sap-cloud-sdk/core contains the core functionality of the SAP Cloud SDK as well as the SAP Business Technology Platform abstractions. This affects applications on SAP Business Technology Platform tha ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:31 | 阅读:17 | 回复:0
  • CVE-2021-41250
    CVE漏洞
    CVE-2021-41250
    Python discord bot is the community bot for the Python Discord community. In affected versions when a non-blacklisted URL and an otherwise triggering filter token is included in the same message the t ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:31 | 阅读:24 | 回复:0
  • CVE-2021-41230
    CVE漏洞
    CVE-2021-41230
    Pomerium is an open source identity-aware access proxy. In affected versions changes to the OIDC claims of a user after initial login are not reflected in policy evaluation when using `allowed_idp_cla ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:31 | 阅读:29 | 回复:0
  • CVE-2021-41228
    CVE漏洞
    CVE-2021-41228
    TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's `saved_model_cli` tool is vulnerable to a code injection as it calls `eval` on user supplied strings. ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:31 | 阅读:11 | 回复:0
  • CVE-2021-41227
    CVE漏洞
    CVE-2021-41227
    TensorFlow is an open source platform for machine learning. In affected versions the `ImmutableConst` operation in TensorFlow can be tricked into reading arbitrary memory contents. This is because the ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:31 | 阅读:8 | 回复:0
  • CVE-2021-41225
    CVE漏洞
    CVE-2021-41225
    TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's Grappler optimizer has a use of unitialized variable. If the `train_nodes` vector (obtained from the s ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:31 | 阅读:15 | 回复:0
  • CVE-2021-41222
    CVE漏洞
    CVE-2021-41222
    TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SplitV` can trigger a segfault is an attacker supplies negative arguments. This occurs whenever ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:31 | 阅读:18 | 回复:0
  • CVE-2021-41221
    CVE漏洞
    CVE-2021-41221
    TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the `Cudnn*` operations in TensorFlow can be tricked into accessing invalid memory, via a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:31 | 阅读:20 | 回复:0
  • CVE-2021-41220
    CVE漏洞
    CVE-2021-41220
    TensorFlow is an open source platform for machine learning. In affected versions the async implementation of `CollectiveReduceV2` suffers from a memory leak and a use after free. This occurs due to th ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:31 | 阅读:22 | 回复:0
  • CVE-2021-41216
    CVE漏洞
    CVE-2021-41216
    TensorFlow is an open source platform for machine learning. In affected versions the shape inference function for `Transpose` is vulnerable to a heap buffer overflow. This occurs whenever `perm` conta ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:31 | 阅读:34 | 回复:0
  • CVE-2021-41213
    CVE漏洞
    CVE-2021-41213
    TensorFlow is an open source platform for machine learning. In affected versions the code behind `tf.function` API can be made to deadlock when two `tf.function` decorated Python functions are mutuall ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:31 | 阅读:12 | 回复:0
  • CVE-2020-22226
    CVE漏洞
    CVE-2020-22226
    Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionSetAmount function.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:31 | 阅读:6 | 回复:0
  • CVE-2020-22225
    CVE漏洞
    CVE-2020-22225
    Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoadForm function.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:31 | 阅读:29 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap