漏洞 - 第784页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-1254

Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the inter ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-33514

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker via the vulnerable /sqfs/lib/libsal.so.0.0 library used by a CGI application, as demonstrated by setup.cgi?toke ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-33513

Plone through 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-33512

Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-33511

Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-33510

Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-33509

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-33508

Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-33507

Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-33500

PuTTY before 0.75 on Windows allows remote servers to cause a denial of service (Windows GUI hang) by telling the PuTTY window to change its title repeatedly at high speed, which results in many SetWi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-21552

Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier contain an improper authorization vulnerability. A local authenticated malicious user with low privileges may potentially exploit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-21549

Dell EMC XtremIO Versions prior to 6.3.3-8, contain a Cross-Site Request Forgery Vulnerability in XMS. A non-privileged attacker could potentially exploit this vulnerability, leading to a privileged v ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：29 | 回复：0
CVE漏洞

CVE-2008-3280

It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator (CVE-2008-0166). In combination with the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-32634

Emissary is a distributed, peer-to-peer, data-driven workflow framework. Emissary 6.4.0 is vulnerable to Unsafe Deserialization of post-authenticated requests to the (https://github.com/NationalSecuri ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-29681

IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information by injecting parameters into an HTML query. This information could be used in further attacks against the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-27811

A code injection vulnerability has been discovered in the Upgrade function of QibosoftX1 v1.0. An attacker is able execute arbitrary PHP code via exploitation of client_upgrade_edition.php and Upgrade ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：11 | 回复：0
CVE漏洞

CVE-2020-23768

An information disclosure vulnerability was discovered in alipay_function.php in the log file of Alibaba payment interface on PHPPYUN prior to version 5.0.1. If exploited, this vulnerability will allo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：18 | 回复：0
CVE漏洞

CVE-2020-23766

An arbitrary file deletion vulnerability was discovered on htmly v2.7.5 which allows remote attackers to use any absolute path to delete any file in the server should they gain Administrator privilege ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：6 | 回复：0
CVE漏洞

CVE-2020-23765

A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0. If an attacker is able to gain Administrator rights they will be able to use unsafe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：10 | 回复：0
CVE漏洞

CVE-2020-36332

A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：13 | 回复：0
CVE漏洞

CVE-2020-36331

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the serv ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：27 | 回复：0
CVE漏洞

CVE-2020-36330

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：14 | 回复：0
CVE漏洞

CVE-2020-36329

A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integ ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：19 | 回复：0
CVE漏洞

CVE-2020-36328

A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulne ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：9 | 回复：0
CVE漏洞

CVE-2018-25014

A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as wel ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：10 | 回复：0
CVE漏洞

CVE-2018-25013

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ShiftBytes. The highest threat from this vulnerability is to data confidentiality and to the service a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：12 | 回复：0
CVE漏洞

CVE-2018-25012

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：8 | 回复：0
CVE漏洞

CVE-2018-25011

A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：7 | 回复：0
CVE漏洞

CVE-2018-25010

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ApplyFilter. The highest threat from this vulnerability is to data confidentiality and to the service ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：22 | 回复：0
CVE漏洞

CVE-2018-25009

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-31475

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Job Scheduler 2020.2.1 HF 2. Authentication is required to exploit this vulnerability ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-31474

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1. Authentication is not required to exploit this vulner ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-31473

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.3.37598. User interaction is required to exploit this vulnerability in that the targ ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-31440

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.11.15. An attacker must first obtain the ability to execute low-privileged code on the targ ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-31439

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerablity. T ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-32633

Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted modules indirectly through Python modules that are available for direct use. By default ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：14 | 回复：0
CVE漏洞

CVE-2020-27211

Nordic Semiconductor nRF52840 devices through 2020-10-19 have improper protection against physical side channels. The flash read-out protection (APPROTECT) can be bypassed by injecting a fault during ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-29415

The elliptic curve cryptography (ECC) hardware accelerator, part of the ARM® TrustZone® CryptoCell 310, contained in the NordicSemiconductor nRF52840 through 2021-03-29 has a non-constant time ECDSA ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-29414

STMicroelectronics STM32L4 devices through 2021-03-29 have incorrect physical access control.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：13 | 回复：0
CVE漏洞

CVE-2020-27212

STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect access control. The flash read-out protection (RDP) can be degraded from RDP level 2 (no access via debug interface) to level 1 (li ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:45 | 阅读：21 | 回复：0