漏洞 - 第547页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2020-28416

HP has identified a security vulnerability with the I.R.I.S. OCR (Optical Character Recognition) software available with HP PageWide and OfficeJet printer software installations that could potentially ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：53 | 回复：0
CVE漏洞

CVE-2021-43141

Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Simple Subscription Website 1.0 via the id parameter in plan_application.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：54 | 回复：0
CVE漏洞

CVE-2021-43140

SQL Injection vulnerability exists in Sourcecodester. Simple Subscription Website 1.0. via the login.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：57 | 回复：0
CVE漏洞

CVE-2021-41174

Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：67 | 回复：0
CVE漏洞

CVE-2021-41134

nbdime provides tools for diffing and merging of Jupyter Notebooks. In affected versions a stored cross-site scripting (XSS) issue exists within the Jupyter-owned nbdime project. It appears that when ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：67 | 回复：0
CVE漏洞

CVE-2021-23820

This affects all versions of package json-pointer. A type confusion vulnerability can lead to a bypass of CVE-2020-7709 when the pointer components are arrays.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：69 | 回复：0
CVE漏洞

CVE-2021-23807

This affects the package jsonpointer before 5.0.0. A type confusion vulnerability can lead to a bypass of a previous Prototype Pollution fix when the pointer components are arrays.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：59 | 回复：0
CVE漏洞

CVE-2021-23784

This affects the package tempura before 0.4.0. If the input to the esc function is of type object (i.e an array) it is returned without being escaped/sanitized, leading to a potential Cross-Site Scrip ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：57 | 回复：0
CVE漏洞

CVE-2021-23624

This affects the package dotty before 0.1.2. A type confusion vulnerability can lead to a bypass of CVE-2021-25912 when the user-provided keys used in the path parameter are arrays.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：58 | 回复：0
CVE漏洞

CVE-2021-23509

This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：52 | 回复：0
CVE漏洞

CVE-2021-23472

This affects versions before 1.19.1 of package bootstrap-table. A type confusion vulnerability can lead to a bypass of input sanitization when the input provided to the escapeHTML function is an array ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：61 | 回复：0
CVE漏洞

CVE-2020-18263

PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability in the component search.php via the search parameter. This vulnerability allows attackers to access sensitive database information.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：63 | 回复：0
CVE漏洞

CVE-2020-18262

ED01-CMS v1.0 was discovered to contain a SQL injection in the component cposts.php via the cid parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：65 | 回复：0
CVE漏洞

CVE-2020-18261

An arbitrary file upload vulnerability in the image upload function of ED01-CMS v1.0 allows attackers to execute arbitrary commands.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：72 | 回复：0
CVE漏洞

CVE-2020-18259

ED01-CMS v1.0 was discovered to contain a reflective cross-site scripting (XSS) vulnerability in the component sposts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：64 | 回复：0
CVE漏洞

CVE-2021-40985

Buffer overflow vulnerability in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：71 | 回复：0
CVE漏洞

CVE-2021-27836

An issue was discoverered in in function xls_getWorkSheet in xls.c in libxls 1.6.2, allows attackers to cause a denial of service, via a crafted XLS file.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：78 | 回复：0
CVE漏洞

CVE-2021-26786

An issue was discoverered in in customercentric-selling-poland PlayTube, allows authenticated attackers to execute arbitrary code via the purchace code to the config.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：92 | 回复：0
CVE漏洞

CVE-2020-24743

An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：106 | 回复：0
CVE漏洞

CVE-2020-24000

SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to execute arbitrary code and disclose sensitive information, via the tid parameter to index.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：121 | 回复：0
CVE漏洞

CVE-2020-23680

An issue was discovered in function StartPage in text2pdf.c in pdfcorner text2pdf 1.1, allows attackers to cause denial of service or possibly other undisclosed impacts.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：111 | 回复：0
CVE漏洞

CVE-2020-23679

Buffer overflow vulnerability in Renleilei1992 Linux_Network_Project 1.0, allows attackers to execute arbitrary code, via the password field.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：103 | 回复：0
CVE漏洞

CVE-2020-23126

Chamilo LMS version 1.11.10 contains an XSS vulnerability in the personal profile edition form, affecting the user him/herself and social network friends.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：120 | 回复：0
CVE漏洞

CVE-2020-23109

Buffer overflow vulnerability in function convert_colorspace in heif_colorconversion.cc in libheif v1.6.2, allows attackers to cause a denial of service and disclose sensitive information, via a craft ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：109 | 回复：0
CVE漏洞

CVE-2020-20982

Cross Site Scripting (XSS) vulnerability in shadoweb wdja v1.5.1, allows attackers to execute arbitrary code and gain escalated privileges, via the backurl parameter to /php/passport/index.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：115 | 回复：0
CVE漏洞

CVE-2021-43082

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the stats-over-http plugin of Apache Traffic Server allows an attacker to overwrite memory. This issue a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：110 | 回复：0
CVE漏洞

CVE-2021-41585

Improper Input Validation vulnerability in accepting socket connections in Apache Traffic Server allows an attacker to make the server stop accepting new connections. This issue affects Apache Traffic ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：126 | 回复：0
CVE漏洞

CVE-2021-38161

Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks. This issue affects Apache Traffic Server 8.0.0 to 8.0.8.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：106 | 回复：0
CVE漏洞

CVE-2021-37149

Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：108 | 回复：0
CVE漏洞

CVE-2021-37148

Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.0.1.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：110 | 回复：0
CVE漏洞

CVE-2021-37147

Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：89 | 回复：0
CVE漏洞

CVE-2021-43324

LibreNMS through 21.10.2 allows XSS via a widget title.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：90 | 回复：0
CVE漏洞

CVE-2021-43130

An SQL Injection vulnerability exists in Sourcecodester Customer Relationship Management System (CRM) 1.0 via the username parameter in customer/login.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：87 | 回复：0
CVE漏洞

CVE-2021-36698

Pandora FMS through 755 allows XSS via a new Event Filter with a crafted name.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：108 | 回复：0
CVE漏洞

CVE-2021-36697

With an admin account, the .htaccess file in Artica Pandora FMS =755 can be overwritten with the File Manager component. The new .htaccess file contains a Rewrite Rule with a type definition. A normal ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：92 | 回复：0
CVE漏洞

CVE-2021-40849

In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account associated with a web services token is vulnerable to being exploited and logged into, resulting in information disclosure (at a mi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：76 | 回复：0
CVE漏洞

CVE-2021-40848

In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command, leading to execution of a malicious string ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：70 | 回复：0
CVE漏洞

CVE-2021-36192

An exposure of sensitive information to an unauthorized actor vulnerability in FortiManager 7.0.1 and below, 6.4.6 and below, 6.2.x, 6.0.x, 5.6.0 may allow a FortiGate user to see scripts from other ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：59 | 回复：0
CVE漏洞

CVE-2021-33209

An issue was discovered in Fimer Aurora Vision before 2.97.10. The response to a failed login attempt discloses whether the username or password is wrong, helping an attacker to enumerate usernames. T ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：59 | 回复：0
CVE漏洞

CVE-2021-33210

An issue was discovered in Fimer Aurora Vision before 2.97.10. An attacker can (in the WebUI) obtain plant information without authentication by reading the response of APIs from a kiosk view of a pla ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：61 | 回复：0