漏洞 - 第728页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2020-23079

SSRF vulnerability in Halo =1.3.2 exists in the SMTP configuration, which can detect the server intranet.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：14 | 回复：0
CVE漏洞

CVE-2020-19038

File Deletion vulnerability in Halo 0.4.3 via delBackup.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：17 | 回复：0
CVE漏洞

CVE-2020-19037

Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a malicious user to bypass encrption to view encrpted articles via cookies.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：42 | 回复：0
CVE漏洞

CVE-2020-18982

Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAuthorUrl.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-36381

In Edifecs Transaction Management through 2021-07-12, an unauthenticated user can inject arbitrary text into a user's browser via logon.jsp?logon_error= on the login screen of the Web application. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-32705

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public DAV endpoint. This may have allowed ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-32703

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the shareinfo endpoint. This may have allowed a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-29822

IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality po ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-29805

IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-29804

IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-29803

IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-29794

IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH server configuration which enables weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sen ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-29792

IBM Event Streams 10.0, 10.1, 10.2, and 10.3 could allow a user the CA private key to create their own certificates and deploy them in the cluster and gain privileges of another user. IBM X-Force ID: ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-23390

The package total4 before 0.0.43 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-23389

The package total.js before 3.4.9 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-21591

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-21590

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-21589

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 do not exit on failed Initialization. A local authenticated Service user could potentially exploit this vulnerability to escalate ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-21588

Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the Presentation Server/WebUI. An unauthenticated attacker could potentially exploit this vulnerability by tricking ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-20414

IBM Guardium Data Encryption (GDE) 3.0.0.2 could allow a user to bruce force sensitive information due to not properly limiting the number of interactions. IBM X-Force ID: 196216.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：26 | 回复：0
CVE漏洞

CVE-2020-4938

IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IB ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：21 | 回复：0
CVE漏洞

CVE-2020-19204

An authenticated Stored Cross-Site Scriptiong (XSS) vulnerability exists in Lightning Wire Labs IPFire 2.21 (x86_64) - Core Update 130 in the routing.cgi Routing Table Entries via the Remark text box ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：18 | 回复：0
CVE漏洞

CVE-2020-19203

An authenticated Cross-Site Scripting (XSS) vulnerability was found in widgets/widgets/wake_on_lan_widget.php, a component of the pfSense software WebGUI, on version 2.4.4-p2 and earlier. The widget d ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：6 | 回复：0
CVE漏洞

CVE-2020-19201

A Stored Cross-Site Scripting (XSS) vulnerability was found in status_filter_reload.php, a page in the pfSense software WebGUI, on Netgate pfSense version 2.4.4-p2 and earlier. The page did not encode ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-33807

Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/doDownloadData and gespage/webapp/doDownloadData.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-33037

Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-30640

A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：49 | 回复：0
CVE漏洞

CVE-2021-30639

A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the er ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：21 | 回复：0
CVE漏洞

CVE-2020-18980

Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr and themeName parameters.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：21 | 回复：0
CVE漏洞

CVE-2020-18979

Cross Siste Scripting (XSS) vulnerablity in Halo 0.4.3 via the X-forwarded-for Header parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-36383

Xen Orchestra (with xo-web through 5.80.0 and xo-server through 5.84.0) mishandles authorization, as demonstrated by modified WebSocket resourceSet.getAll data is which the attacker changes the permis ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-36382

Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts clearte ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：4 | 回复：0
CVE漏洞

CVE-2021-32688

Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server supports application specific tokens for authentication purposes. These tokens are supposed to be granted to a speci ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-32680

Nextcloud Server is a Nextcloud package that handles data storage. In versions priot to 19.0.13, 20.0.11, and 21.0.3, Nextcloud Server audit logging functionality wasn't properly logging events fo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-26088

An improper authentication vulnerability in FSSO Collector version 5.0.295 and below may allow an unauthenticated user to bypass a FSSO firewall policy and access the protected network via sending spe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-24015

An improper neutralization of special elements used in an OS Command vulnerability in the administrative interface of FortiMail before 6.4.4 may allow an authenticated attacker to execute unauthorized ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-24013

Multiple Path traversal vulnerabilities in the Webmail of FortiMail before 6.4.4 may allow a regular user to obtain unauthorized access to files and data via specifically crafted web requests.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：5 | 回复：0
CVE漏洞

CVE-2020-7872

DaviewIndy v8.98.7.0 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed format file that is mishandled by DaviewIndy. Attackers could exploit this an ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-36377

Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-32679

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, filenames where not escaped by default in controllers using `DownloadResponse`. Wh ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：7 | 回复：0