漏洞 - 第550页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-41019

An improper validation of certificate with host mismatch vulnerability in FortiOS versions 6.4.6 and below may allow the connection to a malicious LDAP server via options in GUI, leading to disclosur ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：57 | 回复：0
CVE漏洞

CVE-2021-36181

A concurrent execution using shared resource with improper Synchronization vulnerability ('Race Condition') in the customer database interface of FortiPortal before 6.0.6 may allow an authenti ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：64 | 回复：0
CVE漏洞

CVE-2021-36172

An improper restriction of XML external entity reference vulnerability in the parser of XML responses of FortiPortal before 6.0.6 may allow an attacker who controls the producer of XML reports consume ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：71 | 回复：0
CVE漏洞

CVE-2021-32595

Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP reque ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：76 | 回复：0
CVE漏洞

CVE-2021-26107

An improper access control vulnerability in FortiManager versions 6.4.4 and 6.4.5 may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs usi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：73 | 回复：0
CVE漏洞

CVE-2020-23754

Cross Site Scripting (XSS) vulnerability in infusions/member_poll_panel/poll_admin.php in PHP-Fusion 9.03.50, allows attackers to execute arbitrary code, via the polls feature.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：69 | 回复：0
CVE漏洞

CVE-2020-23719

Cross site scripting (XSS) vulnerability in application/controllers/AdminController.php in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the bbsmeta parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：47 | 回复：0
CVE漏洞

CVE-2020-23718

Cross site scripting (XSS) vulnerability in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the route parameter to index.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：62 | 回复：0
CVE漏洞

CVE-2020-23686

Cross site request forgery (CSRF) vulnerability in AyaCMS 3.1.2 allows attackers to change an administrators password or other unspecified impacts.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：64 | 回复：0
CVE漏洞

CVE-2020-23685

SQL Injection vulnerability in 188Jianzhan v2.1.0, allows attackers to execute arbitrary code and gain escalated privileges, via the username parameter to login.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：50 | 回复：0
CVE漏洞

CVE-2020-21574

Buffer overflow vulnerability in YotsuyaNight c-http v0.1.0, allows attackers to cause a denial of service via a long url request which is passed to the delimitedread function.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：42 | 回复：0
CVE漏洞

CVE-2020-21573

An issue was discoverered in in abhijitnathwani image-processing v0.1.0, allows local attackers to cause a denial of service via a crafted image file.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：54 | 回复：0
CVE漏洞

CVE-2020-21572

Buffer overflow vulnerability in function src_parser_trans_stage_1_2_3 trgil gilcc before commit 803969389ca9c06237075a7f8eeb1a19e6651759, allows attackers to cause a denial of service.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：52 | 回复：0
CVE漏洞

CVE-2020-20658

Buffer overflow vulnerability in fcovatti libiec_iccp_mod v1.5, allows attackers to cause a denail of service when trying to calloc an unexpectiedly large space.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：47 | 回复：0
CVE漏洞

CVE-2020-20657

Buffer overflow vulnerability in fcovatti libiec_iccp_mod v1.5, allows attackers to cause a denial of service via an unexpected packet while trying to connect.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：53 | 回复：0
CVE漏洞

CVE-2020-18440

Buffer overflow vulnerability in framework/init.php in qinggan phpok 5.1, allows attackers to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：53 | 回复：0
CVE漏洞

CVE-2020-18439

An issue was discoverered in in function edit_save_f in framework/admin/tpl_control.php in qinggan phpok 5.1, allows attackers to write arbitrary files or get a shell.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：56 | 回复：0
CVE漏洞

CVE-2020-18438

Directory traversal vulnerability in qinggan phpok 5.1, allows attackers to disclose sensitive information, via the title parameter to admin.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：41 | 回复：0
CVE漏洞

CVE-2020-15940

An improper neutralization of input vulnerability in FortiClientEMS versions 6.4.1 and below and 6.2.9 and below may allow a remote authenticated attacker to inject malicious script/tags via the name ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：54 | 回复：0
CVE漏洞

CVE-2020-12814

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiAnalyzer version 6.0.6 and below, version 6.4.4 allows attacker to execute unauthorized ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：52 | 回复：0
CVE漏洞

CVE-2021-38948

IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：52 | 回复：0
CVE漏洞

CVE-2021-29888

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：53 | 回复：0
CVE漏洞

CVE-2021-29875

IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information due to a insecure third party domain access vulnerability. IBM X-Force ID: 206572.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：48 | 回复：0
CVE漏洞

CVE-2021-29771

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：56 | 回复：0
CVE漏洞

CVE-2021-29738

IBM InfoSphere Data Flow Designer (IBM InfoSphere Information Server 11.7 ) is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：48 | 回复：0
CVE漏洞

CVE-2021-29737

IBM InfoSphere Data Flow Designer Engine (IBM InfoSphere Information Server 11.7 ) component has improper validation of the REST API server certificate. IBM X-Force ID: 201301.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：47 | 回复：0
CVE漏洞

CVE-2021-36794

In Siren Investigate before 11.1.4, when enabling the cluster feature of the Siren Alert application, TLS verifications are disabled globally in the Siren Investigate main process.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：52 | 回复：0
CVE漏洞

CVE-2021-42568

Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：63 | 回复：0
CVE漏洞

CVE-2021-36925

RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve an arbitrary read or write operation from/to physical memory (leading ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：69 | 回复：0
CVE漏洞

CVE-2021-36924

RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve a pool overflow (leading to Escalation of Privileges, Denial of Servi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：57 | 回复：0
CVE漏洞

CVE-2021-36923

RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB device privileged IN and OUT instructions ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：52 | 回复：0
CVE漏洞

CVE-2021-36922

RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB devices (Escalation of Privileges, Denial ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：50 | 回复：0
CVE漏洞

CVE-2021-42763

Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive Information in Cleartext. The issue occurs when the cluster manager forwards a HTTP request from the pluggable UI (query workbench e ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：60 | 回复：0
CVE漏洞

CVE-2021-37842

metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：39 | 回复：0
CVE漏洞

CVE-2021-27723

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：67 | 回复：0
CVE漏洞

CVE-2021-27722

An issue was discovered in Nsasoft US LLC SpotAuditor 5.3.5. The program can be crashed by entering 300 bytes char data into the Key or Name field while registering.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：57 | 回复：0
CVE漏洞

CVE-2020-35249

Cross Site Scripting (XSS) vulnerability in ElkarBackup 1.3.3, allows attackers to execute arbitrary code via the name parameter to the add client feature.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：65 | 回复：0
CVE漏洞

CVE-2020-27406

Cross Site Scripting (XSS) vulnerability in DynPG 4.9.1, allows authenticated attackers to execute arbitrary code via the groupname.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：51 | 回复：0
CVE漏洞

CVE-2021-36560

Phone Shop Sales Managements System using PHP with Source Code 1.0 is vulnerable to authentication bypass which leads to account takeover of the admin.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：69 | 回复：0
CVE漏洞

CVE-2021-33611

Missing output sanitization in test sources in org.webjars.bowergithub.vaadin:vaadin-menu-bar versions 1.0.0 through 1.2.0 (Vaadin 14.0.0 through 14.4.4) allows remote attackers to execute malicious J ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：50 | 回复：0