• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

漏洞

RSS

下级分类:

  • CVE-2021-31819
    CVE-2021-31819
    In Halibut versions prior to 4.4.7 there is a deserialisation vulnerability that could allow remote code execution on systems that already trust each other based on certificate verification.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:6 | 回复:0
  • CVE-2021-41382
    CVE-2021-41382
    Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server management interface.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:17 | 回复:0
  • CVE-2020-23273
    CVE-2020-23273
    Heap-buffer overflow in the randomize_iparp function in edit_packet.c. of Tcpreplay v4.3.2 allows attackers to cause a denial of service (DOS) via a crafted pcap.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:16 | 回复:0
  • CVE-2020-23269
    CVE-2020-23269
    An issue was discovered in gpac 0.8.0. The stbl_GetSampleSize function in isomedia/stbl_read.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media file.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:12 | 回复:0
  • CVE-2020-23267
    CVE-2020-23267
    An issue was discovered in gpac 0.8.0. The gf_hinter_track_process function in isom_hinter_track_process.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted me ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:27 | 回复:0
  • CVE-2020-23266
    CVE-2020-23266
    An issue was discovered in gpac 0.8.0. The OD_ReadUTF8String function in odf_code.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media file.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:33 | 回复:0
  • CVE-2021-41087
    CVE-2021-41087
    in-toto-golang is a go implementation of the in-toto framework to protect software supply chain integrity. In affected versions authenticated attackers posing as functionaries (i.e., within a trusted ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:16 | 回复:0
  • CVE-2021-41086
    CVE-2021-41086
    jsuites is an open source collection of common required javascript web components. In affected versions users are subject to cross site scripting (XSS) attacks via clipboard content. jsuites is vulner ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:12 | 回复:0
  • CVE-2020-35541
    CVE-2020-35541
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:19 | 回复:0
  • CVE-2020-35540
    CVE-2020-35540
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:9 | 回复:0
  • CVE-2020-19554
    CVE-2020-19554
    Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager =12.5.174 when the API key contains an XML-based XSS payload.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:5 | 回复:0
  • CVE-2020-19553
    CVE-2020-19553
    Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:12 | 回复:0
  • CVE-2020-19551
    CVE-2020-19551
    Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 in common.func.php, which when uploaded can cause remote code executiong.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:7 | 回复:0
  • CVE-2021-41084
    CVE-2021-41084
    http4s is an open source scala interface for HTTP. In affected versions http4s is vulnerable to response-splitting or request-splitting attacks when untrusted user input is used to create any of the f ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:23 | 回复:0
  • CVE-2021-40847
    CVE-2021-40847
    The update process of the Circle Parental Control Service on various NETGEAR routers allows remote attackers to achieve remote code execution as root via a MitM attack. While the parental controls the ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:30 | 回复:0
  • CVE-2021-40868
    CVE-2021-40868
    In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:8 | 回复:0
  • CVE-2021-39230
    CVE-2021-39230
    Butter is a system usability utility. Due to a kernel error the JPNS kernel is being discontinued. Affected users are recommend to update to the Trinity kernel. There are no workarounds.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:5 | 回复:0
  • CVE-2021-23444
    CVE-2021-23444
    This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:10 | 回复:0
  • CVE-2021-23443
    CVE-2021-23443
    This affects the package edge.js before 5.3.2. A type confusion vulnerability can be used to bypass input sanitization when the input to be rendered is an array (instead of a string or a SafeValue), e ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:25 | 回复:0
  • CVE-2021-29831
    CVE-2021-29831
    IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit thi ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:23 | 回复:0
  • CVE-2021-29795
    CVE-2021-29795
    IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a partition that could crash the system. IBM X-Force ID: ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:32 | 回复:0
  • CVE-2021-41525
    CVE-2021-41525
    An issue related to modification of otherwise restricted files through a locally authenticated attacker exists in FlexNet inventory agent and inventory beacon versions 2020 R2.5 and prior.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:9 | 回复:0
  • CVE-2021-41531
    CVE-2021-41531
    NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length parameter in a ROA. This will lead to RTR clients such as routers to reject the ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:10 | 回复:0
  • CVE-2021-37741
    CVE-2021-37741
    ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:13 | 回复:0
  • CVE-2021-37424
    CVE-2021-37424
    ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:27 | 回复:0
  • CVE-2021-37420
    CVE-2021-37420
    ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:15 | 回复:0
  • CVE-2021-37419
    CVE-2021-37419
    ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:11 | 回复:0
  • CVE-2021-28960
    CVE-2021-28960
    Zoho ManageEngine Desktop Central before build 10.0.683 allows unauthenticated command injection due to improper handling of an input command in on-demand operations.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:18 | 回复:0
  • CVE-2021-0869
    CVE-2021-0869
    In GetTimeStampAndPkt of DumpstateDevice.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:26 | 回复:0
  • CVE-2021-31917
    CVE-2021-31917
    A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker could bypass authentication on all REST endpoints when DIGEST is used as th ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:9 | 回复:0
  • CVE-2021-26333
    CVE-2021-26333
    An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary access control list (DACL) may allow low privileged users to open a handle and ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:11 | 回复:0
  • CVE-2021-20829
    CVE-2021-20829
    Cross-site scripting vulnerability due to the inadequate tag sanitization in GROWI versions v4.2.19 and earlier allows remote attackers to execute an arbitrary script on the web browser of the user wh ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:15 | 回复:0
  • CVE-2021-20037
    CVE-2021-20037
    SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host op ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:25 | 回复:0
  • CVE-2021-41083
    CVE-2021-41083
    Dada Mail is a web-based e-mail list management system. In affected versions a bad actor could give someone a carefully crafted web page via email, SMS, etc, that - when visited, allows them control o ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:21 | 回复:0
  • CVE-2021-39229
    CVE-2021-39229
    Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. In affected versions users who use Apprise granting them ac ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:14 | 回复:0
  • CVE-2021-41082
    CVE-2021-41082
    Discourse is a platform for community discussion. In affected versions any private message that includes a group had its title and participating user exposed to users that do not have access to the pr ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:10 | 回复:0
  • CVE-2021-34650
    CVE-2021-34650
    The eID Easy WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error parameter found in the ~/admin.php file which allows attackers to inject arbitrary web scripts, in versions ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:11 | 回复:0
  • CVE-2021-39325
    CVE-2021-39325
    The OptinMonster WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input validation in the load_previews function found in the ~/OMAPI/Output.php file which allows a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:19 | 回复:0
  • CVE-2020-26301
    CVE-2020-26301
    ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:22 | 回复:0
  • CVE-2020-16630
    CVE-2020-16630
    TI’s BLE stack caches and reuses the LTK’s property for a bonded mobile. A LTK can be an unauthenticated-and-no-MITM-protection key created by Just Works or an authenticated-and-MITM-protection key ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:46 | 阅读:18 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap