• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号
登陆 注册
描述文字
OGeek|极客世界-中国程序员成长平台 门户 漏洞

漏洞

RSS

下级分类:

  • CVE-2021-39905
    CVE漏洞
    CVE-2021-39905
    An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:30 | 阅读:133 | 回复:0
  • CVE-2021-39904
    CVE漏洞
    CVE-2021-39904
    An Improper Access Control vulnerability in the GraphQL API in GitLab CE/EE since version 13.1 allows a Merge Request creator to resolve discussions and apply suggestions after a project owner has loc ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:30 | 阅读:116 | 回复:0
  • CVE-2021-39901
    CVE漏洞
    CVE-2021-39901
    In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:30 | 阅读:114 | 回复:0
  • CVE-2021-39898
    CVE漏洞
    CVE-2021-39898
    In all versions of GitLab CE/EE since version 10.6, a project export leaks the external webhook token value which may allow access to the project which it was exported from.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:30 | 阅读:117 | 回复:0
  • CVE-2021-39897
    CVE漏洞
    CVE-2021-39897
    Improper access control in GitLab CE/EE version 10.5 and above allowed subgroup members with inherited access to a project from a parent group to still have access even after the subgroup is transferr ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:30 | 阅读:133 | 回复:0
  • CVE-2021-39895
    CVE漏洞
    CVE-2021-39895
    In all versions of GitLab CE/EE since version 8.0, an attacker can set the pipeline schedules to be active in a project export so when an unsuspecting owner imports that project, pipelines are active ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:30 | 阅读:124 | 回复:0
  • CVE-2021-22260
    CVE漏洞
    CVE-2021-22260
    A stored Cross-Site Scripting vulnerability in the DataDog integration in GitLab CE/EE version 13.7 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:30 | 阅读:124 | 回复:0
  • CVE-2021-43400
    CVE漏洞
    CVE-2021-43400
    An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free can occur when a client disconnects during D-Bus processing of a WriteValue call.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:30 | 阅读:136 | 回复:0
  • CVE-2021-39914
    CVE漏洞
    CVE-2021-39914
    A regular expression denial of service issue in GitLab versions 8.13 to 14.2.5, 14.3.0 to 14.3.3 and 14.4.0 could cause excessive usage of resources when a specially crafted username was used when pro ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:30 | 阅读:122 | 回复:0
  • CVE-2021-39903
    CVE漏洞
    CVE-2021-39903
    In all versions of GitLab CE/EE since version 13.0, a privileged user, through an API call, can change the visibility level of a group or a project to a restricted option even after the instance admin ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:30 | 阅读:94 | 回复:0
  • CVE-2021-39902
    CVE漏洞
    CVE-2021-39902
    Incorrect Authorization in GitLab CE/EE 13.4 or above allows a user with guest membership in a project to modify the severity of an incident.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:30 | 阅读:101 | 回复:0
  • CVE-2021-43398
    CVE漏洞
    CVE-2021-43398
    ** DISPUTED ** Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a timing leakage in MakePublicKey(). There is a clear correlation between execution time and private key length, which may cause discl ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:30 | 阅读:134 | 回复:0
  • CVE-2021-42057
    CVE漏洞
    CVE-2021-42057
    Obsidian Dataview through 0.4.12-hotfix1 allows eval injection. The evalInContext function in executes user input, which allows an attacker to craft malicious Markdown files that will execute arbitrar ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:30 | 阅读:114 | 回复:0
  • CVE-2021-41248
    CVE漏洞
    CVE-2021-41248
    GraphiQL is the reference implementation of this monorepo, GraphQL IDE, an official project under the GraphQL Foundation. All versions of graphiql older than [email protected] are vulnerable to compromis ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:30 | 阅读:96 | 回复:0
  • CVE-2021-3896
    CVE漏洞
    CVE-2021-3896
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-43389. Reason: This candidate is a reservation duplicate of CVE-2021-43389. Notes: All CVE users should reference CVE-2021-43389 ins ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:30 | 阅读:94 | 回复:0
  • CVE-2021-43396
    CVE漏洞
    CVE-2021-43396
    ** DISPUTED ** In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:30 | 阅读:114 | 回复:0
  • CVE-2021-41249
    CVE漏洞
    CVE-2021-41249
    GraphQL Playground is a GraphQL IDE for development of graphQL focused applications. All versions of graphql-playground-react older than [email protected] are vulnerable to compromised H ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:30 | 阅读:132 | 回复:0
  • CVE-2020-21139
    CVE漏洞
    CVE-2020-21139
    EC Cloud E-Commerce System v1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add admin accounts via /admin.html?do=useract=add.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:30 | 阅读:111 | 回复:0
  • CVE-2021-43389
    CVE漏洞
    CVE-2021-43389
    An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:30 | 阅读:81 | 回复:0
  • CVE-2021-43293
    CVE漏洞
    CVE-2021-43293
    Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF).……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:30 | 阅读:85 | 回复:0
  • CVE-2021-43281
    CVE漏洞
    CVE-2021-43281
    MyBB before 1.8.29 allows Remote Code Injection by an admin with the Can manage settings? permission. The Admin CP's Settings management module does not validate setting types correctly on inserti ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:30 | 阅读:65 | 回复:0
  • CVE-2021-41247
    CVE漏洞
    CVE-2021-41247
    JupyterHub is an open source multi-user server for Jupyter notebooks. In affected versions users who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:30 | 阅读:68 | 回复:0
  • CVE-2021-21698
    CVE漏洞
    CVE-2021-21698
    Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:30 | 阅读:66 | 回复:0
  • CVE-2021-21697
    CVE漏洞
    CVE-2021-21697
    Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:30 | 阅读:68 | 回复:0
  • CVE-2021-21696
    CVE漏洞
    CVE-2021-21696
    Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:30 | 阅读:76 | 回复:0
  • CVE-2021-21695
    CVE漏洞
    CVE-2021-21695
    FilePath#listFiles lists files outside directories that agents are allowed to access when following symbolic links in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:30 | 阅读:71 | 回复:0
  • CVE-2021-21694
    CVE漏洞
    CVE-2021-21694
    FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:30 | 阅读:69 | 回复:0
  • CVE-2021-21693
    CVE漏洞
    CVE-2021-21693
    When creating temporary files, agent-to-controller access to create those files is only checked after they've been created in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:30 | 阅读:72 | 回复:0
  • CVE-2021-21692
    CVE漏洞
    CVE-2021-21692
    FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier only check 'read' agent-to-controller access permission on the source path, instead of &# ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:30 | 阅读:61 | 回复:0
  • CVE-2021-21691
    CVE漏洞
    CVE-2021-21691
    Creating symbolic links is possible without the 'symlink' agent-to-controller access control permission in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:30 | 阅读:63 | 回复:0
  • CVE-2021-21690
    CVE漏洞
    CVE-2021-21690
    Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:30 | 阅读:74 | 回复:0
  • CVE-2021-21689
    CVE漏洞
    CVE-2021-21689
    FilePath#unzip and FilePath#untar were not subject to any agent-to-controller access control in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:30 | 阅读:52 | 回复:0
  • CVE-2021-21688
    CVE漏洞
    CVE-2021-21688
    The agent-to-controller security check FilePath#reading(FileVisitor) in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not reject any operations, allowing users to have unrestricted read acce ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:30 | 阅读:64 | 回复:0
  • CVE-2021-21687
    CVE漏洞
    CVE-2021-21687
    Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create symbolic links when unarchiving a symbolic link in FilePath#untar.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:30 | 阅读:63 | 回复:0
  • CVE-2021-21686
    CVE漏洞
    CVE-2021-21686
    File path filters in the agent-to-controller security subsystem of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier do not canonicalize paths, allowing operations to follow symbolic links to outside ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:30 | 阅读:57 | 回复:0
  • CVE-2021-21685
    CVE漏洞
    CVE-2021-21685
    Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create parent directories in FilePath#mkdirs.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:30 | 阅读:59 | 回复:0
  • CVE-2021-40128
    CVE漏洞
    CVE-2021-40128
    A vulnerability in the account activation feature of Cisco Webex Meetings could allow an unauthenticated, remote attacker to send an account activation email with an activation link that points to an ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:30 | 阅读:60 | 回复:0
  • CVE-2021-40127
    CVE漏洞
    CVE-2021-40127
    A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series Stackable ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:30 | 阅读:52 | 回复:0
  • CVE-2021-40126
    CVE漏洞
    CVE-2021-40126
    A vulnerability in the web-based dashboard of Cisco Umbrella could allow an authenticated, remote attacker to perform an email enumeration attack against the Umbrella infrastructure. This vulnerabilit ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:30 | 阅读:60 | 回复:0
  • CVE-2021-40124
    CVE漏洞
    CVE-2021-40124
    A vulnerability in the Network Access Manager (NAM) module of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to escalate privileges on an affected dev ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:30 | 阅读:54 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap