漏洞 - 第781页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-27347

Use after free in lzma_decompress_buf function in stream.c in Irzip 0.631 allows attackers to cause Denial of Service (DoS) via a crafted compressed file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-27345

A null pointer dereference was discovered in ucompthread in stream.c in Irzip 0.631 which allows attackers to cause a denial of service (DOS) via a crafted compressed file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-23022

On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and folder permissions. Note: Software versio ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：11 | 回复：0
CVE漏洞

CVE-2020-25467

A null pointer dereference was discovered lzo_decompress_buf in stream.c in Irzip 0.621 which allows an attacker to cause a denial of service (DOS) via a crafted compressed file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：13 | 回复：0
CVE漏洞

CVE-2020-24671

Trace Financial CRESTBridge 6.3.0.02 contains an authenticated SQL injection vulnerability, which was fixed in 6.3.0.03.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：19 | 回复：0
CVE漏洞

CVE-2020-24668

Trace Financial Crest Bridge 6.3.0.02 contains a stored XSS vulnerability, which was fixed in 6.3.0.03.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：9 | 回复：0
CVE漏洞

CVE-2020-24667

Trace Financial CRESTBridge 6.3.0.02 contains an authenticated SQL injection vulnerability, which was fixed in 6.3.0.03.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：11 | 回复：0
CVE漏洞

CVE-2020-24663

Trace Financial CRESTBridge 6.3.0.02 contains a stored XSS vulnerability, which was fixed in 6.3.0.03.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-34555

OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a multi-value From header field.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-34547

PRTG Network Monitor 20.1.55.1775 allows /editsettings CSRF for user account creation.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：45 | 回复：0
CVE漏洞

CVE-2021-31928

Annex Cloud Loyalty Experience Platform 2021.1.0.1 allows any authenticated attacker to escalate privileges to superadministrator. It was fixed in v2021.1.0.2.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-31927

An Insecure Direct Object Reference (IDOR) vulnerability in Annex Cloud Loyalty Experience Platform 2021.1.0.1 allows any authenticated attacker to modify any existing user, including users assigned t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-31659

TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is vulnerable to Cross Site Request Forgery (CSRF). All configuration information is placed in the URL, without any additional token a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-31658

TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is affected by an Array index error. The interface that provides the device description function only judges the length of the receive ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-31538

LANCOM RS Unified Firewall (UF) devices running LCOS FX 10.5 allow Relative Path Traversal.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-23024

On version 8.0.x before 8.0.0.1, and all 6.x and 7.x versions, the BIG-IQ Configuration utility has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software version ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-23023

On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, a DLL hijacking issue exists in cachecleaner.dll included in the BIG-IP Edge Client Windows Installer. Note: Software versions whic ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-21666

Jenkins Kiuwan Plugin 1.6.0 and earlier does not escape query parameters in an error message for a form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-21665

A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-21664

An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-21663

A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified creden ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-21662

A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-21661

Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentia ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：11 | 回复：0
CVE漏洞

CVE-2020-24662

SmartStream Transaction Lifecycle Management (TLM) Reconciliation Premium (RP) 3.1.0 allows XSS. This was fixed in TLM RP 3.1.0.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-31929

Annex Cloud Loyalty Experience Platform 2021.1.0.1 allows any authenticated attacker to modify loyalty campaigns and settings, such as fraud prevention, coupon groups, email templates, or referrals.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-3041

A local privilege escalation vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-3040

An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlie ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-3039

An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-31998

A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-31997

a UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2, Factory allows local attackers to escalate from users postorius or postorius-admin to root. This issue ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-25949

Prototype pollution vulnerability in 'set-getter' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-25948

Prototype pollution vulnerability in 'expand-hash' versions 0.1.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-25322

A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-21736

A smart camera product of ZTE is impacted by a permission and access control vulnerability. Due to the defect of user permission management by the cloud-end app, users whose sharing permissions have b ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-21735

A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user info ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-20293

A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam witho ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-20081

Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：11 | 回复：0
CVE漏洞

CVE-2019-25046

The Web Client in Cerberus FTP Server Enterprise before 10.0.19 and 11.x before 11.0.4 allows XSS via an SVG document.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-34539

An issue was discovered in CubeCoders AMP before 2.1.1.8. A lack of validation of the Java Version setting means that an unintended executable path can be set. The result is that high-privileged users ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-34363

The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the undo archive operation feature.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：42 | 回复：0