漏洞 - 第711页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-38137

Corero SecureWatch Managed Services 9.7.2.0020 does not correctly check swa-monitor and cns-monitor user’s privileges, allowing a user to perform actions not belonging to his role.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-38136

Corero SecureWatch Managed Services 9.7.2.0020 is affected by a Path Traversal vulnerability via the snap_file parameter in the /it-IT/splunkd/__raw/services/get_snapshot HTTP API endpoint. A ‘low pr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：42 | 回复：0
CVE漏洞

CVE-2021-26999

NetApp Cloud Manager versions prior to 3.9.9 log sensitive information when an Active Directory connection fails. The logged information is available only to authenticated users. Customers with auto-u ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：42 | 回复：0
CVE漏洞

CVE-2021-26998

NetApp Cloud Manager versions prior to 3.9.9 log sensitive information that is available only to authenticated users. Customers with auto-upgrade enabled should already be on a fixed version while cus ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-26606

A vulnerability in PKI Security Solution of Dream Security could allow arbitrary command execution. This vulnerability is due to insufficient validation of the authorization certificate. An attacker c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：39 | 回复：0
CVE漏洞

CVE-2021-37554

In JetBrains YouTrack before 2021.3.21051, a user could see boards without having corresponding permissions.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：65 | 回复：0
CVE漏洞

CVE-2021-37553

In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：63 | 回复：0
CVE漏洞

CVE-2021-37552

In JetBrains YouTrack before 2021.2.17925, stored XSS was possible.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：50 | 回复：0
CVE漏洞

CVE-2021-37551

In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：49 | 回复：0
CVE漏洞

CVE-2021-37550

In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：47 | 回复：0
CVE漏洞

CVE-2021-37549

In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：39 | 回复：0
CVE漏洞

CVE-2021-37548

In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-37547

In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：45 | 回复：0
CVE漏洞

CVE-2021-37546

In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-37545

In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：54 | 回复：0
CVE漏洞

CVE-2021-37544

In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-37543

In JetBrains RubyMine before 2021.1.1, code execution without user confirmation was possible for untrusted projects.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-37542

In JetBrains TeamCity before 2020.2.3, XSS was possible.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：52 | 回复：0
CVE漏洞

CVE-2021-37541

In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：48 | 回复：0
CVE漏洞

CVE-2021-37540

In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：45 | 回复：0
CVE漏洞

CVE-2021-36708

In ProLink PRC2402M V1.0.18 and older, the set_sys_init function in the login.cgi binary allows an attacker to reset the password to the administrative interface of the router.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：47 | 回复：0
CVE漏洞

CVE-2021-36707

In ProLink PRC2402M V1.0.18 and older, the set_ledonoff function in the adm.cgi binary, accessible with a page parameter value of ledonoff contains a trivial command injection where the value of the l ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：42 | 回复：0
CVE漏洞

CVE-2021-36706

In ProLink PRC2402M V1.0.18 and older, the set_sys_cmd function in the adm.cgi binary, accessible with a page parameter value of sysCMD contains a trivial command injection where the value of the comm ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-36705

In ProLink PRC2402M V1.0.18 and older, the set_TR069 function in the adm.cgi binary, accessible with a page parameter value of TR069 contains a trivial command injection where the value of the TR069_l ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-36351

SQL Injection Vulnerability in Care2x Open Source Hospital Information Management 2.7 Alpha via the (1) pday, (2) pmonth, and (3) pyear parameters in GET requests sent to /modules/nursing/nursing-stat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-36209

In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：43 | 回复：0
CVE漏洞

CVE-2020-22330

Cross-Site Scripting (XSS) vulnerability in Subrion 4.2.1 via the title when adding a page.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-37381

Southsoft GMIS 5.0 is vulnerable to CSRF attacks. Attackers can access other users' private information such as photos through CSRF. For example: any student's photo information can be accesse ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：41 | 回复：0
CVE漏洞

CVE-2021-22295

A component of the HarmonyOS has a permission bypass vulnerability. Local attackers may exploit this vulnerability to cause the device to hang due to the page error OsVmPageFaultHandler.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：46 | 回复：0
CVE漏洞

CVE-2021-38152

index.php/appointment/insert_patient_add_appointment in Chikitsa Patient Management System 2.0.0 allows XSS.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：45 | 回复：0
CVE漏洞

CVE-2021-38151

index.php/appointment/todos in Chikitsa Patient Management System 2.0.0 allows XSS.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：55 | 回复：0
CVE漏洞

CVE-2021-38149

index.php/admin/add_user in Chikitsa Patient Management System 2.0.0 allows XSS.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-37388

A buffer overflow in D-Link DIR-615 C2 3.03WW. The ping_ipaddr parameter in ping_response.cgi POST request allows an attacker to crash the webserver and might even gain remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-32597

Multiple improper neutralization of input during web page generation (CWE-79) in FortiManager and FortiAnalyzer versions 7.0.0, 6.4.5 and below, 6.2.7 and below user interface, may allow a remote auth ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：37 | 回复：0
CVE漏洞

CVE-2021-32587

An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticate ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：39 | 回复：0
CVE漏洞

CVE-2020-22392

Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.2 when adding a blog and then editing an image file.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：42 | 回复：0
CVE漏洞

CVE-2021-3655

A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：41 | 回复：0
CVE漏洞

CVE-2021-3642

A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-3591

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：52 | 回复：0
CVE漏洞

CVE-2021-3580

A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：37 | 回复：0