• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

漏洞

RSS

下级分类:

  • CVE-2021-22264
    CVE-2021-22264
    An issue has been discovered in GitLab affecting all versions starting from 13.8 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. Under spec ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:31 | 回复:0
  • CVE-2021-22262
    CVE-2021-22262
    Missing access control in GitLab version 13.10 and above with Jira Cloud integration enabled allows Jira users without administrative privileges to add and remove Jira Connect Namespaces via the GitLa ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:36 | 回复:0
  • CVE-2021-22261
    CVE-2021-22261
    A stored Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.7 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious Ji ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:37 | 回复:0
  • CVE-2021-22258
    CVE-2021-22258
    The project import/export feature in GitLab 8.9 and greater could be used to obtain otherwise private email addresses……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:47 | 回复:0
  • CVE-2021-22257
    CVE-2021-22257
    An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. The route ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:35 | 回复:0
  • CVE-2021-39894
    CVE-2021-39894
    In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vulnerability exists in Fogbugz importer which may be used by attackers to exploit Server Side Request Forgery attacks.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:28 | 回复:0
  • CVE-2021-39893
    CVE-2021-39893
    A potential DOS vulnerability was discovered in GitLab starting with version 9.1 that allowed parsing files without authorisation.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:21 | 回复:0
  • CVE-2021-39888
    CVE-2021-39888
    In all versions of GitLab EE since version 13.10, a specific API endpoint may reveal details about a private group and other sensitive info inside issue and merge request templates.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:21 | 回复:0
  • CVE-2021-39884
    CVE-2021-39884
    In all versions of GitLab EE since version 8.13, an endpoint discloses names of private groups that have access to a project to low privileged users that are part of that project.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:26 | 回复:0
  • CVE-2021-39882
    CVE-2021-39882
    In all versions of GitLab CE/EE, provided a user ID, anonymous users can use a few endpoints to retrieve information about any GitLab user.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:18 | 回复:0
  • CVE-2021-39878
    CVE-2021-39878
    A stored Reflected Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.0 up to 14.3.1 allowed an attacker to execute arbitrary javascript code.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:18 | 回复:0
  • CVE-2021-39875
    CVE-2021-39875
    In all versions of GitLab CE/EE since version 13.6, it is possible to see pending invitations of any public group or public project by visiting an API endpoint.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:29 | 回复:0
  • CVE-2021-39872
    CVE-2021-39872
    In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquire ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:24 | 回复:0
  • CVE-2021-39869
    CVE-2021-39869
    In all versions of GitLab CE/EE since version 8.9, project exports may expose trigger tokens configured on that project.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:26 | 回复:0
  • CVE-2021-39867
    CVE-2021-39867
    In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vulnerability in Gitea Importer may be exploited by an attacker to trigger Server Side Request Forgery (SSRF) attacks.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:33 | 回复:0
  • CVE-2021-39866
    CVE-2021-39866
    A business logic error in the project deletion process in GitLab 13.6 and later allows persistent access via project access tokens.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:33 | 回复:0
  • CVE-2021-35506
    CVE-2021-35506
    Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a preview or edit action.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:23 | 回复:0
  • CVE-2021-39887
    CVE-2021-39887
    A stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown in GitLab CE/EE version 8.4 and above allowed an attacker to execute arbitrary JavaScript code on the victim's behalf. ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:24 | 回复:0
  • CVE-2021-37223
    CVE-2021-37223
    Nagios Enterprises NagiosXI = 5.8.4 contains a Server-Side Request Forgery (SSRF) vulnerability in schedulereport.php. Any authenticated user can create scheduled reports containing PDF screenshots of ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:20 | 回复:0
  • CVE-2021-35505
    CVE-2021-35505
    Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the magick binary.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:16 | 回复:0
  • CVE-2021-35504
    CVE-2021-35504
    Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the ffmpeg binary.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:68 | 回复:0
  • CVE-2021-35503
    CVE-2021-35503
    Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:33 | 回复:0
  • CVE-2021-41773
    CVE-2021-41773
    A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-lik ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:30 | 回复:0
  • CVE-2021-41524
    CVE-2021-41524
    While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:27 | 回复:0
  • CVE-2021-42008
    CVE-2021-42008
    The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:44 | 回复:0
  • CVE-2021-42006
    CVE-2021-42006
    An out-of-bounds access in GffLine::GffLine in gff.cpp in GCLib 0.12.7 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted GFF file.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:33 | 回复:0
  • CVE-2021-41123
    CVE-2021-41123
    Survey Solutions is a survey management and data collection system. In affected versions the Headquarters application publishes /metrics endpoint available to any user. None of the survey answers are ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:32 | 回复:0
  • CVE-2021-41091
    CVE-2021-41091
    Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirect ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:34 | 回复:0
  • CVE-2021-41089
    CVE-2021-41089
    Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:42 | 回复:0
  • CVE-2021-32765
    CVE-2021-32765
    Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protoc ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:30 | 回复:0
  • CVE-2020-21496
    CVE-2020-21496
    A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitebrief parameter.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:21 | 回复:0
  • CVE-2020-21495
    CVE-2020-21495
    A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitename parameter.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:25 | 回复:0
  • CVE-2020-21494
    CVE-2020-21494
    A cross-site scripting (XSS) vulnerability in the component install\install.sql of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via changing the doctype value to 0.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:11 | 回复:0
  • CVE-2020-21493
    CVE-2020-21493
    An issue in the component route\user.php of Xiuno BBS v4.0.4 allows attackers to enumerate usernames.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:19 | 回复:0
  • CVE-2020-21434
    CVE-2020-21434
    Maccms 10 contains a cross-site scripting (XSS) vulnerability in the Editing function under the Member module. This vulnerability is exploited via a crafted payload in the nickname text field.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:51 | 回复:0
  • CVE-2020-21431
    CVE-2020-21431
    HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.php/template/edit.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:49 | 回复:0
  • CVE-2021-41092
    CVE-2021-41092
    Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configura ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:55 | 回复:0
  • CVE-2021-39433
    CVE-2021-39433
    A local file inclusion (LFI) vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:25 | 回复:0
  • CVE-2020-21387
    CVE-2020-21387
    A cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows attackers to obtain the administrator cookie and escalate privileges via a crafted payload.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:25 | 回复:0
  • CVE-2020-21386
    CVE-2020-21386
    A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administrator privileges.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:29 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap