• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

漏洞

RSS

下级分类:

  • CVE-2021-31834
    CVE-2021-31834
    Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where th ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:10 | 回复:0
  • CVE-2021-34362
    CVE-2021-34362
    A command injection vulnerability has been reported to affect QNAP device running Media Streaming add-on. If exploited, this vulnerability allow remote attackers to run arbitrary commands. We have alr ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:15 | 回复:0
  • CVE-2021-41169
    CVE-2021-41169
    Sulu is an open-source PHP content management system based on the Symfony framework. In versions before 1.6.43 are subject to stored cross site scripting attacks. HTML input into Tag names is not prop ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:25 | 回复:0
  • CVE-2021-41127
    CVE-2021-41127
    Rasa is an open source machine learning framework to automate text-and voice-based conversations. In affected versions a vulnerability exists in the functionality that loads a trained model `tar.gz` f ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:7 | 回复:0
  • CVE-2021-36869
    CVE-2021-36869
    Reflected Cross-Site Scripting (XSS) vulnerability in WordPress Ivory Search plugin (versions = 4.6.6). Vulnerable parameter: post.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:20 | 回复:0
  • CVE-2021-27746
    CVE-2021-27746
    HCL Connections Security Update for Reflected Cross-Site Scripting (XSS) Vulnerability……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:16 | 回复:0
  • CVE-2021-41168
    CVE-2021-41168
    Snudown is a reddit-specific fork of the Sundown Markdown parser used by GitHub, with Python integration added. In affected versions snudown was found to be vulnerable to denial of service attacks to ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:19 | 回复:0
  • CVE-2021-40719
    CVE-2021-40719
    Adobe Connect version 11.2.3 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary method invocation when AMF messages are deserialized on an Adobe Connec ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:24 | 回复:0
  • CVE-2021-39357
    CVE-2021-39357
    The Leaky Paywall WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via the ~/class.php file which allowed attackers with administrati ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:22 | 回复:0
  • CVE-2021-39356
    CVE-2021-39356
    The Content Staging WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via several parameters that are echo'd out via the ~/templates/s ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:19 | 回复:0
  • CVE-2021-39354
    CVE-2021-39354
    The Easy Digital Downloads WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $start_date and $end_date parameters found in the ~/includes/admin/payments/class-payments-table.php ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:23 | 回复:0
  • CVE-2021-39352
    CVE-2021-39352
    The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1. ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:14 | 回复:0
  • CVE-2021-39348
    CVE-2021-39348
    The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $custom_profile parameter found in the ~/inc/admin/views/backend-user-profile.php file ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:10 | 回复:0
  • CVE-2021-39328
    CVE-2021-39328
    The Simple Job Board WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $job_board_privacy_policy_label variable echo'd out via the ~/admin/settings/ ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:11 | 回复:0
  • CVE-2021-39321
    CVE-2021-39321
    Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerable to PHP Object Injection via the wp_ajax_heateor_sss_import_config AJAX action due to deserialization of unvalidated user supplie ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:9 | 回复:0
  • CVE-2021-22034
    CVE-2021-22034
    Releases prior to VMware vRealize Operations Tenant App 8.6 contain an Information Disclosure Vulnerability.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:12 | 回复:0
  • CVE-2021-42716
    CVE-2021-42716
    An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the re ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:5 | 回复:0
  • CVE-2021-42715
    CVE-2021-42715
    An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:14 | 回复:0
  • CVE-2021-41160
    CVE-2021-41160
    FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected clien ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:12 | 回复:0
  • CVE-2021-41159
    CVE-2021-41159
    FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections (`/gt:rpc`) fail to valid ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:12 | 回复:0
  • CVE-2021-41146
    CVE-2021-41146
    qutebrowser is an open source keyboard-focused browser with a minimal GUI. Starting with qutebrowser v1.7.0, the Windows installer for qutebrowser registers a `qutebrowserurl:` URL handler. With certa ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:19 | 回复:0
  • CVE-2021-35228
    CVE-2021-35228
    This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a reflective cross site scripting attack. ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:10 | 回复:0
  • CVE-2021-35227
    CVE-2021-35227
    The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and the ability to configure HTTPS was not available.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:14 | 阅读:14 | 回复:0
  • CVE-2021-35225
    CVE-2021-35225
    Each authenticated Orion Platform user in a MSP (Managed Service Provider) environment can view and browse all NetPath Services from all that MSP's customers. This can lead to any user having a li ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:14 | 阅读:35 | 回复:0
  • CVE-2021-42327
    CVE-2021-42327
    dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to the ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:14 | 阅读:10 | 回复:0
  • CVE-2021-29883
    CVE-2021-29883
    IBM Standards Processing Engine (IBM Transformation Extender Advanced 9.0 and 10.0) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cooki ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:14 | 阅读:21 | 回复:0
  • CVE-2021-29873
    CVE-2021-29873
    IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:14 | 阅读:6 | 回复:0
  • CVE-2021-28496
    CVE-2021-28496
    On systems running Arista EOS and CloudEOS with the affected release version, when using shared secret profiles the password configured for use by BiDirectional Forwarding Detection (BFD) will be leak ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:14 | 阅读:14 | 回复:0
  • CVE-2021-20120
    CVE-2021-20120
    The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. This means that an attacker could make configuration changes (such as ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:14 | 阅读:6 | 回复:0
  • CVE-2020-14263
    CVE-2020-14263
    HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:14 | 阅读:16 | 回复:0
  • CVE-2021-28975
    CVE-2021-28975
    WP Mailster 1.6.18.0 allows XSS when a victim opens a mail server's details in the mst_servers page, for a crafted server_host, server_name, or connection_parameter parameter.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:14 | 阅读:9 | 回复:0
  • CVE-2020-27304
    CVE-2020-27304
    The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request AP ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:14 | 阅读:21 | 回复:0
  • CVE-2021-42740
    CVE-2021-42740
    The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the outpu ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:14 | 阅读:15 | 回复:0
  • CVE-2021-35512
    CVE-2021-35512
    An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:14 | 阅读:21 | 回复:0
  • CVE-2021-41792
    CVE-2021-41792
    An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3. A crafted HTML file, once uploaded, could trigger an ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:14 | 阅读:14 | 回复:0
  • CVE-2021-41791
    CVE-2021-41791
    An issue was discovered in Hyland org.alfresco:share through 7.0.0.2 and org.alfresco:community-share through 7.0. An evasion of the XSS filter for HTML input validation in the Alfresco Share User Int ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:14 | 阅读:10 | 回复:0
  • CVE-2021-41790
    CVE-2021-41790
    An issue was discovered in Hyland org.alfresco:alfresco-content-services through 7.0.1.2. Script Action execution allows executing scripts uploaded outside of the Data Dictionary. This could allow a l ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:14 | 阅读:30 | 回复:0
  • CVE-2021-42108
    CVE-2021-42108
    Unnecessary privilege vulnerabilities in the Web Console of Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:14 | 阅读:21 | 回复:0
  • CVE-2021-42107
    CVE-2021-42107
    Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to es ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:14 | 阅读:27 | 回复:0
  • CVE-2021-42106
    CVE-2021-42106
    Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to es ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:14 | 阅读:21 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap