漏洞 - 第553页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2020-26705

The parseXML function in Easy-XML 0.5.0 was discovered to have a XML External Entity (XXE) vulnerability which allows for an attacker to expose sensitive data or perform a denial of service (DOS) via ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：60 | 回复：0
CVE漏洞

CVE-2021-33259

Several web interfaces in D-Link DIR-868LW 1.12b have no authentication requirements for access, allowing for attackers to obtain users' DNS query history.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：41 | 回复：0
CVE漏洞

CVE-2020-25912

A XML External Entity (XXE) vulnerability was discovered in symphony\lib\toolkit\class.xmlelement.php in Symphony 2.7.10 which can lead to an information disclosure or denial of service (DOS).……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：40 | 回复：0
CVE漏洞

CVE-2020-25911

A XML External Entity (XXE) vulnerability was discovered in the modRestServiceRequest component in MODX CMS 2.7.3 which can lead to an information disclosure or denial of service (DOS).……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：41 | 回复：0
CVE漏洞

CVE-2021-36808

A local attacker could bypass the app password using a race condition in Sophos Secure Workspace for Android before version 9.7.3115.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：49 | 回复：0
CVE漏洞

CVE-2021-1123

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can deadlock, which may lead to denial of service.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：43 | 回复：0
CVE漏洞

CVE-2021-1122

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a NULL pointer, which may lead to denial of service.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-1121

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager kernel driver, where a vGPU can cause resource starvation among other vGPUs hosted on the same GPU, which may lead to denial of ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：51 | 回复：0
CVE漏洞

CVE-2021-1120

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a string provided by the guest OS may not be properly null terminated. The guest OS or attacker has no abi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-1119

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can double-free a pointer, which may lead to denial of service. This flaw may result in a write-what-wh ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-1118

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where there is the potential to execute privileged operations by the guest OS, which may lead to information dis ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：50 | 回复：0
CVE漏洞

CVE-2020-25881

A vulnerability was discovered in the filename parameter in pathindex.php?r=cms-backend/attachment/deletesub=filename=../../../../111.txtfiletype=image/jpeg of the master version of RKCMS. This vulner ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：57 | 回复：0
CVE漏洞

CVE-2020-25873

A directory traversal vulnerability in the component system/manager/class/web/database.php was discovered in Baijiacms V4 which allows attackers to arbitrarily delete folders on the server via the id ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：61 | 回复：0
CVE漏洞

CVE-2020-25872

A vulnerability exists within the FileManagerController.php function in FrogCMS 0.9.5 which allows an attacker to perform a directory traversal attack via a GET request urlencode parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：57 | 回复：0
CVE漏洞

CVE-2021-41874

An unauthorized access vulnerabiitly exists in all versions of Portainer, which could let a malicious user obtain sensitive information.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：60 | 回复：0
CVE漏洞

CVE-2021-41748

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-41874. Reason: This candidate is a duplicate of CVE-2021-41874. Notes: All CVE users should reference CVE-2021-41874 instead of this ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-41746

SQL Injection vulnerability exists in all versions of Yonyou TurboCRM.via the orgcode parameter in changepswd.php. Attackers can use the vulnerabilities to obtain sensitive database information.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：63 | 回复：0
CVE漏洞

CVE-2021-41646

Remote Code Execution (RCE) vulnerability exists in Sourcecodester Online Reviewer System 1.0 by uploading a maliciously crafted PHP file that bypasses the image upload filters..……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：47 | 回复：0
CVE漏洞

CVE-2021-41189

DSpace is an open source turnkey repository application. In version 7.0, any community or collection administrator can escalate their permission up to become system administrator. This vulnerability o ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：53 | 回复：0
CVE漏洞

CVE-2021-41645

Remote Code Execution (RCE) vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field. .……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：41 | 回复：0
CVE漏洞

CVE-2021-41644

Remote Code Exection (RCE) vulnerability exists in Sourcecodester Online Food Ordering System 2.0 via a maliciously crafted PHP file that bypasses the image upload filters.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-41643

Remote Code Execution (RCE) vulnerability exists in Sourcecodester Church Management System 1.0 via the image upload field.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-41676

An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy Point of Sale System 1.0 in the login function in actions.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-41675

A Remote Code Execution (RCE) vulnerabilty exists in Sourcecodester E-Negosyo System 1.0 in /admin/produts/controller.php via the doInsert function, which validates images with getImageSizei. .……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：53 | 回复：0
CVE漏洞

CVE-2021-41674

An SQL Injection vulnerability exists in Sourcecodester E-Negosyo System 1.0 via the user_email parameter in /admin/login.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：41 | 回复：0
CVE漏洞

CVE-2021-3756

libmysofa is vulnerable to Heap-based Buffer Overflow……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：37 | 回复：0
CVE漏洞

CVE-2021-41186

Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular express ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：57 | 回复：0
CVE漏洞

CVE-2021-39179

DHIS 2 is an information system for data capture, management, validation, analytics and visualization. A SQL Injection vulnerability in the Tracker component in DHIS2 Server allows authenticated remot ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：42 | 回复：0
CVE漏洞

CVE-2021-35237

A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left customers vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a wind ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-3662

Certain HP Enterprise LaserJet and PageWide MFPs may be vulnerable to stored cross site scripting (XSS).……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：46 | 回复：0
CVE漏洞

CVE-2021-3441

A potential security vulnerability has been identified for the HP OfficeJet 7110 Wide Format ePrinter that enables Cross-Site Scripting (XSS).……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：67 | 回复：0
CVE漏洞

CVE-2021-22038

On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then executed (the originally called uninstaller exits, so it does not block the installation directory). This ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：56 | 回复：0
CVE漏洞

CVE-2021-22037

Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe system command. The full path to the command is not enforced, which results in a search in the sear ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：52 | 回复：0
CVE漏洞

CVE-2021-31862

SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp parameter without any authentication.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：50 | 回复：0
CVE漏洞

CVE-2021-31627

Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the index parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：39 | 回复：0
CVE漏洞

CVE-2021-31624

Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the urls parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：39 | 回复：0
CVE漏洞

CVE-2020-22079

Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：51 | 回复：0
CVE漏洞

CVE-2021-25742

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：68 | 回复：0
CVE漏洞

CVE-2020-23549

IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted .cr2 file, related to a Data from Faulting Address controls Branch Selection starting a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：47 | 回复：0
CVE漏洞

CVE-2020-23546

IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted XBM file, related to a Data from Faulting Address is used as one or more arguments in a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：50 | 回复：0