漏洞 - 第737页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-24384

The joomsport_md_load AJAX action of the JoomSport WordPress plugin before 5.1.8, registered for both unauthenticated and unauthenticated users, unserialised user input from the shattr POST parameter, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-24375

Lack of authentication or validation in motor_load_more, motor_gallery_load_more, motor_quick_view and motor_project_quick_view AJAX handlers of the Motor WordPress theme before 3.1.0 allows an unauth ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-24005

Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-32233

SmarterTools SmarterMail before Build 7776 allows XSS.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-36158

In the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-35331

** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：18 | 回复：0
CVE漏洞

CVE-2020-26763

The Rocket.Chat desktop application 2.17.11 opens external links without user interaction.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-23401

This affects all versions of package Flask-User. When using the make_safe_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slash ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-33192

A vulnerability in the HTML pages of Apache Jena Fuseki allows an attacker to execute arbitrary javascript on certain page views. This issue affects Apache Jena Fuseki from version 2.0.0 to version 4. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-36148

An issue was discovered in ACRN before 2.5. dmar_free_irte in hypervisor/arch/x86/vtd.c allows an irte_alloc_bitmap buffer overflow.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-36147

An issue was discovered in ACRN before 2.5. It allows a devicemodel/hw/pci/virtio/virtio_net.c virtio_net_ping_rxq NULL pointer dereference for vq-used.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-36146

ACRN before 2.5 has a devicemodel/hw/pci/xhci.c NULL Pointer Dereference for a trb pointer.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-36145

The Device Model in ACRN through 2.5 has a devicemodel/core/mem.c use-after-free for a freed rb_entry.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-36144

The polling timer handler in ACRN before 2.5 has a use-after-free for a freed virtio device, related to devicemodel/hw/pci/virtio/*.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-36143

ACRN before 2.5 has a hw/pci/virtio/virtio.c vq_endchains NULL Pointer Dereference.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-34527

Windows Print Spooler Remote Code Execution Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-35209

An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before 9.0.0 Patch 16. The value of the X-Host header overwrites the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-35208

An issue was discovered in ZmMailMsgView.js in the Calendar Invite component in Zimbra Collaboration Suite 8.8.x before 8.8.15 Patch 23. An attacker could place HTML containing executable JavaScript i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-35207

An issue was discovered in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.0 before 9.0.0 Patch 16. An XSS vulnerability exists in the login component of Zimbra Web Client, in which an att ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-34807

An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-33889

OpenThread wpantund through 2021-07-02 has a stack-based Buffer Overflow because of an inconsistency in the integer data type for metric_len.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-32738

js-stellar-sdk is a Javascript library for communicating with a Stellar Horizon server. The `Utils.readChallengeTx` function used in SEP-10 Stellar Web Authentication states in its function documentat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-30557

Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-30556

Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-30555

Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML pa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-30554

Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-32737

Sulu is an open-source PHP content management system based on the Symfony framework. In versions of Sulu prior to 1.6.41, it is possible for a logged in admin user to add a script injection (cross-sit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-31874

Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, allows attackers to obtain sensitive information about the password-sync database application.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：8 | 回复：0
CVE漏洞

CVE-2020-36416

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Create a new Desig ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：10 | 回复：0
CVE漏洞

CVE-2020-36415

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Create a new Style ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：17 | 回复：0
CVE漏洞

CVE-2020-36414

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the URL (slug) or Extr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：15 | 回复：0
CVE漏洞

CVE-2020-36413

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Exclude these IP a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：14 | 回复：0
CVE漏洞

CVE-2020-36412

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Search Text field ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：17 | 回复：0
CVE漏洞

CVE-2020-36411

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Path for the {page ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：15 | 回复：0
CVE漏洞

CVE-2020-36410

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Email address to r ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：17 | 回复：0
CVE漏洞

CVE-2020-36409

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Add Category param ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：17 | 回复：0
CVE漏洞

CVE-2020-36408

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Add Shortcut param ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：12 | 回复：0
CVE漏洞

CVE-2020-36399

A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the rule1 parameter under the Bounce Rul ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：14 | 回复：0
CVE漏洞

CVE-2020-36398

A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Campaign field under the Send a camp ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：12 | 回复：0
CVE漏洞

CVE-2020-36397

A stored cross site scripting (XSS) vulnerability in the /admin/contact/contact component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payloa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：9 | 回复：0