漏洞 - 第714页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2020-22732

CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions Fie Picker..……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-38138

OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vendor's position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-37605

In version 6.5 Microchip MiWi software and all previous versions including legacy products, the stack is validating only two out of four Message Integrity Check (MIC) bytes.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-37604

In version 6.5 of Microchip MiWi software and all previous versions including legacy products, there is a possibility of frame counters being validated/updated prior to the message authentication. Wit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：44 | 回复：0
CVE漏洞

CVE-2021-38095

The REST API in Planview Spigit 4.5.3 allows remote unauthenticated attackers to query sensitive user accounts data, as demonstrated by an api/v1/users/1 request.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-32603

A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and au ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-32598

An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-3539

EspoCRM 6.1.6 and prior suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-36805

Akaunting version 2.1.12 and earlier suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in the sales invoice processing component of the application. This issue was fixed in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-36804

Akaunting version 2.1.12 and earlier suffers from a password reset spoofing vulnerability, wherein an attacker can proxy password reset requests through a running Akaunting instance, if that attacker ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-36803

Akaunting version 2.1.12 and earlier suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. This issue was fixed in version 2.1.13 of t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-36802

Akaunting version 2.1.12 and earlier suffers from a denial-of-service issue that is triggered by setting a malformed 'locale' variable and sending it in an otherwise normal HTTP POST request. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-36801

Akaunting version 2.1.12 and earlier suffers from an authentication bypass issue in the user-controllable field, companies. This issue was fixed in version 2.1.13 of the product.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-36800

Akaunting version 2.1.12 and earlier suffers from a code injection issue in the Money.php component of the application. A POST sent to /{company_id}/sales/invoices/{invoice_id} with an items that incl ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-31869

Pimcore AdminBundle version 6.8.0 and earlier suffers from a SQL injection issue in the specificID variable used by the application. This issue was fixed in version 6.9.4 of the product.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-31867

Pimcore Customer Data Framework version 3.0.0 and earlier suffers from a Boolean-based blind SQL injection issue in the $id parameter of the SegmentAssignmentController.php component of the applicatio ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-38115

read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-38114

libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：23 | 回复：0
CVE漏洞

CVE-2020-24829

An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_section_complete in media_tools/mpegts.c that can cause a denial of service (DOS) ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-33753

Microsoft Bing Search Spoofing Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：41 | 回复：0
CVE漏洞

CVE-2021-33752

Windows DNS Snap-in Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33749, CVE-2021-33750, CVE-2021-33756.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-33751

Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-34460, CVE-2021-34510, CVE-2021-34512, CVE-2021-34513.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-33750

Windows DNS Snap-in Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33749, CVE-2021-33752, CVE-2021-33756.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-33749

Windows DNS Snap-in Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33750, CVE-2021-33752, CVE-2021-33756.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-33746

Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33754, CVE-2021-33780, CVE-2021-34494, CVE-2021-34525.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-33745

Windows DNS Server Denial of Service Vulnerability This CVE ID is unique from CVE-2021-34442, CVE-2021-34444, CVE-2021-34499.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-33744

Windows Secure Kernel Mode Security Feature Bypass Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-33743

Windows Projected File System Elevation of Privilege Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-33740

Windows Media Remote Code Execution Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-31984

Power BI Remote Code Execution Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-31979

Windows Kernel Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33771, CVE-2021-34514.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-31961

Windows InstallService Elevation of Privilege Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：48 | 回复：0
CVE漏洞

CVE-2021-31947

HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33775, CVE-2021-33776, CVE-2021-33777, CVE-2021-33778.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-31206

Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31196, CVE-2021-34473.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：46 | 回复：0
CVE漏洞

CVE-2021-31196

Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31206, CVE-2021-34473.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-31183

Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is unique from CVE-2021-33772, CVE-2021-34490.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：31 | 回复：0
CVE漏洞

CVE-2020-18145

Cross Site Scripting (XSS) vulnerability in umeditor v1.2.3 via /public/common/umeditor/php/getcontent.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-36740

Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, an ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-31859

Incorrect privileges in the MU55 FlexiSpooler service in YSoft SafeQ 6 6.0.55 allows local user privilege escalation by overwriting the executable file via an alternative data stream.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-23407

This affects the package elFinder.Net.Core from 0 and before 1.2.4. The user-controlled file name is not properly sanitized before it is used to create a file system path.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：21 | 回复：0