• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

漏洞

RSS

下级分类:

  • CVE-2021-24404
    CVE-2021-24404
    The options.php file of the WP-Board WordPress plugin through 1.1 beta accepts a postid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injec ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:17 | 回复:0
  • CVE-2021-24403
    CVE-2021-24403
    The Orders functionality in the WordPress Page Contact plugin through 1.0 has an order_id parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL inj ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:22 | 回复:0
  • CVE-2021-24402
    CVE-2021-24402
    The Orders functionality in the WP iCommerce WordPress plugin through 1.1.1 has an `order_id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:25 | 回复:0
  • CVE-2021-24401
    CVE-2021-24401
    The Edit domain functionality in the WP Domain Redirect WordPress plugin through 1.0 has an `editid` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:18 | 回复:0
  • CVE-2021-24400
    CVE-2021-24400
    The Edit Role functionality in the Display Users WordPress plugin through 2.0.0 had an `id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL i ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:24 | 回复:0
  • CVE-2021-24399
    CVE-2021-24399
    The check_order function of The Sorter WordPress plugin through 1.0 uses an `area_id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injecti ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:29 | 回复:0
  • CVE-2021-24398
    CVE-2021-24398
    The Add new scene functionality in the Responsive 3D Slider WordPress plugin through 1.2 uses an id parameter which is not sanitised, escaped or validated before being inserted to a SQL statement, lea ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:29 | 回复:0
  • CVE-2021-24397
    CVE-2021-24397
    The edit functionality in the MicroCopy WordPress plugin through 1.1.0 makes a get request to fetch the related option. The id parameter used is not sanitised, escaped or validated before inserting to ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:38 | 回复:0
  • CVE-2021-24396
    CVE-2021-24396
    A pageid GET parameter of the GSEOR – WordPress SEO Plugin WordPress plugin through 1.3 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:24 | 回复:0
  • CVE-2021-38300
    CVE-2021-38300
    arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel con ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:40 | 回复:0
  • CVE-2021-40690
    CVE-2021-40690
    All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the secureValidation property is not passed correctly when creating a KeyInfo from a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:27 | 回复:0
  • CVE-2021-41073
    CVE-2021-41073
    loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:9 | 回复:0
  • CVE-2021-23441
    CVE-2021-23441
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:7 | 回复:0
  • CVE-2021-41395
    CVE-2021-41395
    Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted database name or username.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:6 | 回复:0
  • CVE-2021-41394
    CVE-2021-41394
    Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows alteration of build artifacts in some situations.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:7 | 回复:0
  • CVE-2021-41393
    CVE-2021-41393
    Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:10 | 回复:0
  • CVE-2021-3806
    CVE-2021-3806
    A path traversal vulnerability on Pardus Software Center's extractArchive function could allow anyone on the same network to do a man-in-the-middle and write files on the system.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:7 | 回复:0
  • CVE-2021-41392
    CVE-2021-41392
    static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:10 | 回复:0
  • CVE-2021-41391
    CVE-2021-41391
    In Ericsson ECM before 18.0, it was observed that Security Management Endpoint in User Profile Management Section is vulnerable to stored XSS via a name, leading to session hijacking and full account ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:18 | 回复:0
  • CVE-2021-41390
    CVE-2021-41390
    In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:6 | 回复:0
  • CVE-2021-41387
    CVE-2021-41387
    seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:10 | 回复:0
  • CVE-2021-39218
    CVE-2021-39218
    Wasmtime is an open source runtime for WebAssembly WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:17 | 回复:0
  • CVE-2020-21548
    CVE-2020-21548
    Libsixel 1.8.3 contains a heap-based buffer overflow in the sixel_encode_highcolor function in tosixel.c.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:11 | 回复:0
  • CVE-2020-21547
    CVE-2020-21547
    Libsixel 1.8.2 contains a heap-based buffer overflow in the dither_func_fs function in tosixel.c.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:15 | 回复:0
  • CVE-2021-41383
    CVE-2021-41383
    setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute arbitrary shell commands via shell metacharacters in the ntp_server field.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:5 | 回复:0
  • CVE-2021-41380
    CVE-2021-41380
    ** DISPUTED ** RealVNC Viewer 6.21.406 allows remote VNC servers to cause a denial of service (application crash) via crafted RFB protocol data. NOTE: It is asserted that this issue requires social en ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:5 | 回复:0
  • CVE-2021-39219
    CVE-2021-39219
    Wasmtime is an open source runtime for WebAssembly WASI. Wasmtime before version 0.30.0 is affected by a type confusion vulnerability. As a Rust library the `wasmtime` crate clearly marks which funct ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:11 | 回复:0
  • CVE-2021-39216
    CVE-2021-39216
    Wasmtime is an open source runtime for WebAssembly WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing `externref`s from the host to guest Wasm ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:15 | 回复:0
  • CVE-2021-38412
    CVE-2021-38412
    Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. This vulnerabi ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:15 | 回复:0
  • CVE-2021-38406
    CVE-2021-38406
    Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in multiple out-of-bounds write instances. A ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:33 | 回复:0
  • CVE-2021-38404
    CVE-2021-38404
    Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in a heap-based buffer overflow. An attacker ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:25 | 回复:0
  • CVE-2021-38402
    CVE-2021-38402
    Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could lead to a stack-based buffer overflow while trying ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:22 | 回复:0
  • CVE-2018-20686
    CVE-2018-20686
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:8 | 回复:0
  • CVE-2021-41326
    CVE-2021-41326
    In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:8 | 回复:0
  • CVE-2020-12083
    CVE-2020-12083
    An elevated privileges issue related to Spring MVC calls impacts Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64).……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:5 | 回复:0
  • CVE-2020-12082
    CVE-2020-12082
    A stored cross-site scripting issue impacts certain areas of the Web UI for Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64).……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:17 | 回复:0
  • CVE-2020-12080
    CVE-2020-12080
    A Denial of Service vulnerability has been identified in FlexNet Publisher's lmadmin.exe version 11.16.6. A certain message protocol can be exploited to cause lmadmin to crash.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:21 | 回复:0
  • CVE-2021-40825
    CVE-2021-40825
    nLight ECLYPSE (nECY) system Controllers running software prior to 1.17.21245.754 contain a default key vulnerability. The nECY does not force a change to the key upon the initial configuration of an ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:37 | 回复:0
  • CVE-2021-41317
    CVE-2021-41317
    XSS Hunter Express before 2021-09-17 does not properly enforce authentication requirements for paths.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:19 | 回复:0
  • CVE-2021-38304
    CVE-2021-38304
    Improper input validation in the National Instruments NI-PAL driver in versions 20.0.0 and prior may allow a privileged user to potentially enable escalation of privilege via local access.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:14 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap