漏洞 - 第742页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-29481

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. T ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-29480

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the client side session module uses the application startup time as the signing key by default. This means that if an at ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-22439

There is a deserialization vulnerability in Huawei AnyOffice V200R006C10. An attacker can construct a specific request to exploit this vulnerability. Successfully exploiting this vulnerability, the at ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：44 | 回复：0
CVE漏洞

CVE-2021-22340

There is a multiple threads race condition vulnerability in Huawei product. A race condition exists for concurrent I/O read by multiple threads. An attacker with the root permission can exploit this v ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-22338

There is an XXE injection vulnerability in eCNS280 V100R005C00 and V100R005C10. A module does not perform the strict operation to the input XML message. Attacker can send specific message to exploit t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-20079

Nessus versions 8.13.2 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gainin ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-28830

The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R components of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, T ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-23275

The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Serve ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：41 | 回复：0
CVE漏洞

CVE-2020-18066

Cross Site Scripting vulnerability in ZrLog 2.1.0 via the (1) userName and (2) email parameters in post/addComment.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-22119

Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Autho ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：33 | 回复：0
CVE漏洞

CVE-2020-21394

SQL Injection vulnerability in Zhong Bang Technology Co., Ltd CRMEB mall system V2.60 and V3.1 via the tablename parameter in SystemDatabackup.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：44 | 回复：0
CVE漏洞

CVE-2021-21871

A memory corruption vulnerability exists in the DMG File Format Handler functionality of PowerISO 7.9. A specially crafted DMG file can lead to an out-of-bounds write. An attacker can provide a malici ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-20580

IBM Planning Analytics 2.0 could be vulnerable to cross-site request forgery (CSRF) which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-20490

IBM Spectrum Protect Plus 10.1.0 through 10.1.8 could allow a local user to cause a denial of service due to insecure file permission settings. IBM X-Force ID: 197791.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：37 | 回复：0
CVE漏洞

CVE-2021-20477

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：46 | 回复：0
CVE漏洞

CVE-2021-20105

Machform prior to version 16 is vulnerable to an open redirect in Safari_init.php due to an improperly sanitized 'ref' parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：37 | 回复：0
CVE漏洞

CVE-2021-20104

Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：42 | 回复：0
CVE漏洞

CVE-2021-20103

Machform prior to version 16 is vulnerable to stored cross-site scripting due to insufficient sanitization of file attachments uploaded with forms through upload.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：45 | 回复：0
CVE漏洞

CVE-2021-20102

Machform prior to version 16 is vulnerable to cross-site request forgery due to a lack of CSRF tokens in place.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-20101

Machform prior to version 16 is vulnerable to HTTP host header injection due to improperly validated host headers. This could cause a victim to receive malformed content.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-32992

FATEK Automation WinProladder Versions 3.30 and prior do not properly restrict operations within the bounds of a memory buffer, which may allow an attacker to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-32990

FATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-32988

FATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-31516

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vector 35 Binary Ninja 2.3.2660 (Build ID 88f343c3). User interaction is required to exploit this vuln ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-31515

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vector 35 Binary Ninja 2.3.2660 (Build ID 88f343c3). User interaction is required to exploit this vuln ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：47 | 回复：0
CVE漏洞

CVE-2021-31514

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-31513

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：42 | 回复：0
CVE漏洞

CVE-2021-31512

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-31511

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-31510

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-31509

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-31508

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-31507

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-31506

This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerab ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-31505

This vulnerability allows attackers with physical access to escalate privileges on affected installations of Arlo Q Plus 1.9.0.3_278. Authentication is not required to exploit this vulnerability. The ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：46 | 回复：0
CVE漏洞

CVE-2021-29479

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a user supplied `X-Forwarded-Host` header can be used to perform cache poisoning of a cache fronting a Ratpack server if ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-34824

Istio (1.8.x, 1.9.0-1.9.5 and 1.10.0-1.10.1) contains a remotely exploitable vulnerability where credentials specified in the Gateway and DestinationRule credentialName field can be accessed from diff ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：51 | 回复：0
CVE漏洞

CVE-2021-31531

Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF).……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-31530

Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to Information Disclosure.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-31160

Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：42 | 回复：0