漏洞 - 第743页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2020-7870

A memory corruption vulnerability exists when ezPDF improperly handles the parameter. This vulnerability exists due to insufficient validation of the parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：25 | 回复：0
CVE漏洞

CVE-2020-7869

An improper input validation vulnerability of ZOOK software (remote administration tool) could allow a remote attacker to create arbitrary file. The ZOOK viewer has the Tight file CMD function to crea ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：22 | 回复：0
CVE漏洞

CVE-2020-7868

A remote code execution vulnerability exists in helpUS(remote administration tool) due to improper validation of parameter of ShellExecutionExA function used for login.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：26 | 回复：0
CVE漏洞

CVE-2020-7871

A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient validation of the parameter. This issue affects: Cnesty H ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-34550

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory access, and a client crash, via a crafted onion service descripto ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-34549

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circ ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-32565

Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-28691

Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with qu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-28690

x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for detail ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-27577

Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-23400

The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：39 | 回复：0
CVE漏洞

CVE-2021-22545

An attacker can craft a specific IdaPro *.i64 file that will cause the BinDiff plugin to load an invalid memory offset. This can allow the attacker to control the instruction pointer and execute arbit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-34548

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAY_END or RELAY_RESOLVED to bypass the intended access control for ending a stream.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-33503

An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：55 | 回复：0
CVE漏洞

CVE-2021-31838

A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4.0 allows an authenticated MVEDR administrator to trigger the EDR client to execute arbitrary commands through PowerShell using the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-1134

A vulnerability in the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA Center Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitiv ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-35303

Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via the User Avatar attribute.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-35302

Incorrect Access Control for linked Tickets in Zammad 1.0.x up to 4.0.0 allows remote attackers to obtain sensitive information.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-35301

Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows remote attackers to obtain sensitive information via the Ticket Article detail view.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-35300

Text injection/Content Spoofing in 404 page in Zammad 1.0.x up to 4.0.0 could allow remote attackers to manipulate users into visiting the attackers' page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-35299

Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows attackers to obtain sensitive information via email connection configuration probing.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-35298

Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via multiple models that contain a 'note' field to store additional infor ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-32723

Prism is a syntax highlighting library. Some languages before 1.24.0 are vulnerable to Regular Expression Denial of Service (ReDoS). When Prism is used to highlight untrusted (user-given) text, an att ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-32722

GlobalNewFiles is a mediawiki extension. Versions prior to 48be7adb70568e20e961ea1cb70904454a671b1d are affected by an uncontrolled resource consumption vulnerability. A large amount of page moves wit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：24 | 回复：0
CVE漏洞

CVE-2020-21142

Cross Site Scripting (XSS) vulnerabilty in IPFire 2.23 via the IPfire web UI in the mail.cgi.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-32720

Sylius is an Open Source eCommerce platform on top of Symfony. In versions of Sylius prior to 1.9.5 and 1.10.0-RC.1, part of the details (order ID, order number, items total, and token value) of all p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：34 | 回复：0
CVE漏洞

CVE-2020-22609

Cross Site Scripting (XSS) vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter in include/class.queue.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：27 | 回复：0
CVE漏洞

CVE-2020-22608

Cross Site Scripting vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter to include/ajax.search.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：20 | 回复：0
CVE漏洞

CVE-2020-22607

Cross Site Scripting vulnerabilty in LimeSurvey 4.1.11+200316 via the (1) name and (2) description parameters in application/controllers/admin/PermissiontemplatesController.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-35525

PostSRSd before 1.11 allows a denial of service (subprocess hang) if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：21 | 回复：0
CVE漏洞

CVE-2020-20640

Cross Site Scripting (XSS) vulnerability in ECShop 4.0 due to security filtering issues, in the user.php file, we can use the html entity encoding to bypass the security policy of the safety.php file, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-35523

Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe configuration handling that enables local privilege escalation to NT AUTHORITY\SYSTEM. A non-privileged local user can modify the Open ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：30 | 回复：0
CVE漏洞

CVE-2020-23715

Directory Traversal vulnerability in Webport CMS 1.19.10.17121 via the file parameter to file/download.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：26 | 回复：0
CVE漏洞

CVE-2020-23711

SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET input category in navigate.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-34254

Umbraco CMS before 7.15.7 is vulnerable to Open Redirection due to insufficient url sanitization on booting.aspx.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-34187

main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Injection via the searchField, filters, or filters2 parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-32719

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：71 | 回复：0
CVE漏洞

CVE-2021-29775

IBM Business Automation Workflow 19.0.03 and 20.0 and IBM Cloud Pak for Automation 20.0.3-IF002 and 21.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary Ja ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-29751

IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 could allow an authenticated user to obtain sensitive information about another user under nondefault ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-29693

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user that is in the with elevated group privileges to cause a denial of service due to a vulnerability in the lpd daemon. IBM X-Force ID: 200255.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：51 | 回复：0