漏洞 - 第775页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2018-10867

It has been discovered that redhat-certification does not restrict file access in the /update/results page. A remote attacker could use this vulnerability to remove any file accessible by the user whi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：40 | 回复：0
CVE漏洞

CVE-2018-10866

It has been discovered that redhat-certification does not perform an authorization check and it allows an unauthenticated user to remove a system file, that is an xml file with host related informatio ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：25 | 回复：0
CVE漏洞

CVE-2018-10865

It has been discovered that redhat-certification does not perform an authorization check and allows an unauthenticated user to call a restart RPC method on any host accessible by the system. An attack ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：24 | 回复：0
CVE漏洞

CVE-2018-10863

It has been discovered that redhat-certification is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer directory through the /rhcert-transfer URL. An ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-33470

COVID19 Testing Management System 1.0 is vulnerable to SQL Injection via the admin panel.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-33469

COVID19 Testing Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Admin name parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-20492

IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vul ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-20487

IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-20486

IBM Cloud Pak for Data 3.0 could allow an authenticated user to obtain sensitive information when installed with additional plugins. IBM X-Force ID: 197668.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：36 | 回复：0
CVE漏洞

CVE-2020-22015

Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicious user obtain sensitive information, cause a Denia ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：39 | 回复：0
CVE漏洞

CVE-2019-4588

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：50 | 回复：0
CVE漏洞

CVE-2021-33506

jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensure that restrict_room_creation is set by default. This can allow an attacker to circumvent conference moderation.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-33194

golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-25945

Prototype pollution vulnerability in 'js-extend' versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-21986

The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availabi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-21985

The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malic ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：28 | 回复：0
CVE漏洞

CVE-2020-24020

Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backend_native_layer_pad.c due to a call to memcpy without length checks, which could let a remote malicio ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：31 | 回复：0
CVE漏洞

CVE-2020-18221

Cross Site Scripting (XSS) in Typora v0.9.65 and earlier allows remote attackers to execute arbitrary code by injecting commands during block rendering of a mathematical formula.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-33038

An issue was discovered in management/commands/hyperkitty_import.py in HyperKitty through 1.3.4. When importing a private mailing list's archives, these archives are publicly visible for the durat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-32457

Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl to es ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-22160

If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens (JWT), the signature of the token is not validated if the algorithm of the presented token is set to none. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：42 | 回复：0
CVE漏洞

CVE-2020-27815

A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：30 | 回复：0
CVE漏洞

CVE-2020-25697

A privilege escalation flaw was found in the Xorg-x11-server due to a lack of authentication for X11 clients. This flaw allows an attacker to take control of an X application by impersonating the serv ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-20178

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：15 | 回复：0
CVE漏洞

CVE-2020-26680

In vFairs 3.3, any user logged in to a vFairs virtual conference or event can modify any other users profile information to include a cross-site scripting payload. The user data stored by the database ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：12 | 回复：0
CVE漏洞

CVE-2020-26679

vFairs 3.3 is affected by Insecure Permissions. Any user logged in to a vFairs virtual conference or event can modify any other users profile information or profile picture. After receiving any user&# ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：20 | 回复：0
CVE漏洞

CVE-2020-26678

vFairs 3.3 is affected by Remote Code Execution. Any user logged in to a vFairs virtual conference or event can abuse the functionality to upload a profile picture in order to place a malicious PHP fi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：22 | 回复：0
CVE漏洞

CVE-2020-26677

Any user logged in to a vFairs 3.3 virtual conference or event can perform SQL injection with a malicious query to the API.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：20 | 回复：0
CVE漏洞

CVE-2020-25669

A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkbd ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：17 | 回复：0
CVE漏洞

CVE-2020-25668

A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：25 | 回复：0
CVE漏洞

CVE-2019-14836

A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access unauthorized information or conduct further ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-27676

Centreon version 20.10.2 is affected by a cross-site scripting (XSS) vulnerability. The dep_description (Dependency Description) and dep_name (Dependency Name) parameters are vulnerable to stored XSS. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：47 | 回复：0
CVE漏洞

CVE-2021-26034

An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in data download endpoints in com_banners and com_sysinfo.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-26033

An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in the AJAX reordering endpoint.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-26032

An issue was discovered in Joomla! 3.0.0 through 3.9.26. HTML was missing in the executable block list of MediaHelper::canUpload, leading to XSS attack vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-22543

An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：21 | 回复：0
CVE漏洞

CVE-2020-25673

A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：27 | 回复：0
CVE漏洞

CVE-2020-25671

A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：29 | 回复：0
CVE漏洞

CVE-2020-25670

A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-29253

The Tableau integration in RSA Archer 6.4 P1 (6.4.0.1) through 6.9 P2 (6.9.0.2) is affected by an insecure credential storage vulnerability. An malicious attacker with access to the Tableau workbook f ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：27 | 回复：0