• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号
登陆 注册
描述文字
OGeek|极客世界-中国程序员成长平台 门户 漏洞

漏洞

RSS

下级分类:

  • CVE-2021-20718
    CVE漏洞
    CVE-2021-20718
    mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vectors.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:44 | 阅读:7 | 回复:0
  • CVE-2021-29625
    CVE漏洞
    CVE-2021-29625
    Adminer is open-source database management software. A cross-site scripting vulnerability in Adminer versions 4.6.1 to 4.8.0 affects users of MySQL, MariaDB, PgSQL and SQLite. XSS is in most cases pre ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:44 | 阅读:10 | 回复:0
  • CVE-2021-29624
    CVE漏洞
    CVE-2021-29624
    fastify-csrf is an open-source plugin helps developers protect their Fastify server against CSRF attacks. Versions of fastify-csrf prior to 3.1.0 have a double submit mechanism using cookies with an a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:44 | 阅读:6 | 回复:0
  • CVE-2021-29622
    CVE漏洞
    CVE-2021-29622
    Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new red ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:44 | 阅读:7 | 回复:0
  • CVE-2021-29503
    CVE漏洞
    CVE-2021-29503
    HedgeDoc is a platform to write and share markdown. HedgeDoc before version 1.8.2 is vulnerable to a cross-site scripting attack using the YAML-metadata of a note. An attacker with write access to a n ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:44 | 阅读:15 | 回复:0
  • CVE-2021-27924
    CVE漏洞
    CVE-2021-27924
    An issue was discovered in Couchbase Server 6.x through 6.6.1. The Couchbase Server UI is insecurely logging session cookies in the logs. This allows for the impersonation of a user if the log files a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:44 | 阅读:19 | 回复:0
  • CVE-2021-20529
    CVE漏洞
    CVE-2021-20529
    IBM Control Center 6.2.0.0 could allow a user to obtain sensitive version information that could be used in further attacks against the system. IBM X-Force ID: 198763.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:44 | 阅读:16 | 回复:0
  • CVE-2021-20528
    CVE漏洞
    CVE-2021-20528
    IBM Control Center 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:44 | 阅读:24 | 回复:0
  • CVE-2021-20374
    CVE漏洞
    CVE-2021-20374
    IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended fu ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:44 | 阅读:11 | 回复:0
  • CVE-2020-4765
    CVE漏洞
    CVE-2020-4765
    IBM Cloud Pak for Multicloud Management prior to 2.3 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 188902.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:44 | 阅读:6 | 回复:0
  • CVE-2020-4646
    CVE漏洞
    CVE-2020-4646
    IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5, 6.0.0.0 through 6.0.3.3, and 6.1.0.0 through 6.1.0.2 could allow an authenticated user to view pages they shoiuld not have access ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:44 | 阅读:13 | 回复:0
  • CVE-2021-31158
    CVE漏洞
    CVE-2021-31158
    In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, Common Table Expression queries were not correctly checking the user's permissions, allowing read-access to resources beyond ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:44 | 阅读:11 | 回复:0
  • CVE-2021-27925
    CVE漏洞
    CVE-2021-27925
    An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6.6.1. When using the View Engine and Auditing is enabled, a crash condition can (depending on a race condition) cause an internal u ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:44 | 阅读:14 | 回复:0
  • CVE-2021-25644
    CVE漏洞
    CVE-2021-25644
    An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect commands to the REST API can result in leaked authentication information being stored in cleartext in th ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:44 | 阅读:6 | 回复:0
  • CVE-2020-36365
    CVE漏洞
    CVE-2020-36365
    Smartstore (aka SmartStoreNET) before 4.1.0 allows CommonController.ClearCache, ClearDatabaseCache, RestartApplication, and ScheduleTaskController.Edit open redirect.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:44 | 阅读:6 | 回复:0
  • CVE-2020-36364
    CVE漏洞
    CVE-2020-36364
    An issue was discovered in Smartstore (aka SmartStoreNET) before 4.1.0. Administration/Controllers/ImportController.cs allows path traversal (for copy and delete actions) in the ImportController.Creat ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:44 | 阅读:9 | 回复:0
  • CVE-2021-33204
    CVE漏洞
    CVE-2021-33204
    In the pg_partman (aka PG Partition Manager) extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit search_path is not set.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:44 | 阅读:28 | 回复:0
  • CVE-2021-31930
    CVE漏洞
    CVE-2021-31930
    Persistent cross-site scripting (XSS) in the web interface of Concerto through 2.3.6 allows an unauthenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into the Fi ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:44 | 阅读:13 | 回复:0
  • CVE-2021-3517
    CVE漏洞
    CVE-2021-3517
    There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affect ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:44 | 阅读:12 | 回复:0
  • CVE-2021-3445
    CVE漏洞
    CVE-2021-3445
    A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an R ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:44 | 阅读:13 | 回复:0
  • CVE-2021-3421
    CVE漏洞
    CVE-2021-3421
    A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to caus ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:44 | 阅读:16 | 回复:0
  • CVE-2017-17678
    CVE漏洞
    CVE-2017-17678
    BMC Remedy Mid Tier 9.1SP3 is affected by cross-site scripting (XSS). A DOM-based cross-site scripting vulnerability was discovered in a legacy utility.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:44 | 阅读:30 | 回复:0
  • CVE-2017-17677
    CVE漏洞
    CVE-2017-17677
    BMC Remedy 9.1SP3 is affected by authenticated code execution. Authenticated users that have the right to create reports can use BIRT templates to run code.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:44 | 阅读:23 | 回复:0
  • CVE-2017-17675
    CVE漏洞
    CVE-2017-17675
    BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Remote logging can be accessed by unauthenticated users, allowing for an attacker to hijack the system logs. This data can include user names a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:44 | 阅读:35 | 回复:0
  • CVE-2017-17674
    CVE漏洞
    CVE-2017-17674
    BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of restrictions on what can be targeted, the system can be vulnerable to attacks such as system fingerprintin ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:44 | 阅读:26 | 回复:0
  • CVE-2021-21733
    CVE漏洞
    CVE-2021-21733
    The management system of ZXCDN is impacted by the information leak vulnerability. Attackers can make further analysis according to the information returned by the program, and then obtain some sensiti ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:44 | 阅读:24 | 回复:0
  • CVE-2020-20266
    CVE漏洞
    CVE-2020-20266
    Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/dot1x process. An authenticated remote attacker can cause a Denial of Service (NULL pointer ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:44 | 阅读:26 | 回复:0
  • CVE-2020-20264
    CVE漏洞
    CVE-2020-20264
    Mikrotik RouterOs before 6.47 (stable tree) in the /ram/pckg/advanced-tools/nova/bin/netwatch process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:44 | 阅读:18 | 回复:0
  • CVE-2021-21732
    CVE漏洞
    CVE-2021-21732
    A mobile phone of ZTE is impacted by improper access control vulnerability. Due to improper permission settings, third-party applications can read some files in the proc file system without authorizat ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:44 | 阅读:19 | 回复:0
  • CVE-2021-20589
    CVE漏洞
    CVE-2021-20589
    Buffer access with incorrect length value vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.38.000, GT25 model communication driver versions 01.19.000 throu ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:44 | 阅读:19 | 回复:0
  • CVE-2021-31324
    CVE漏洞
    CVE-2021-31324
    The unprivileged user portal part of CentOS Web Panel is affected by a Command Injection vulnerability leading to root Remote Code Execution.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:44 | 阅读:6 | 回复:0
  • CVE-2021-31323
    CVE漏洞
    CVE-2021-31323
    Telegram Android 7.1.0 (2090), Telegram iOS 7.1, and Telegram macOS 7.1 are affected by a Heap Buffer Overflow in the LottieParserImpl::parseDashProperty function of their custom fork of the rlottie l ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:44 | 阅读:15 | 回复:0
  • CVE-2021-31322
    CVE漏洞
    CVE-2021-31322
    Telegram Android 7.1.0 (2090), Telegram iOS 7.1, and Telegram macOS 7.1 are affected by a Heap Buffer Overflow in the LOTGradient::populate function of their custom fork of the rlottie library. A remo ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:44 | 阅读:12 | 回复:0
  • CVE-2021-31321
    CVE漏洞
    CVE-2021-31321
    Telegram Android 7.1.0 (2090), Telegram iOS 7.1, and Telegram macOS 7.1 are affected by a Stack Based Overflow in the gray_split_cubic function of their custom fork of the rlottie library. A remote at ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:44 | 阅读:5 | 回复:0
  • CVE-2021-31320
    CVE漏洞
    CVE-2021-31320
    Telegram Android 7.1.0 (2090), Telegram iOS 7.1, and Telegram macOS 7.1 are affected by a Heap Buffer Overflow in the VGradientCache::generateGradientColorTable function of their custom fork of the rl ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:44 | 阅读:14 | 回复:0
  • CVE-2021-31319
    CVE漏洞
    CVE-2021-31319
    Telegram Android 7.1.0 (2090), Telegram iOS 7.1, and Telegram macOS 7.1 are affected by an Integer Overflow in the LOTGradient::populate function of their custom fork of the rlottie library. A remote ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:44 | 阅读:5 | 回复:0
  • CVE-2021-31318
    CVE漏洞
    CVE-2021-31318
    Telegram Android 7.1.0 (2090), Telegram iOS 7.1, and Telegram macOS 7.1 are affected by a Type Confusion in the LOTCompLayerItem::LOTCompLayerItem function of their custom fork of the rlottie library. ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:44 | 阅读:5 | 回复:0
  • CVE-2021-31317
    CVE漏洞
    CVE-2021-31317
    Telegram Android 7.1.0 (2090), Telegram iOS 7.1, and Telegram macOS 7.1 are affected by a Type Confusion in the VDasher constructor of their custom fork of the rlottie library. A remote attacker might ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:44 | 阅读:10 | 回复:0
  • CVE-2021-31316
    CVE漏洞
    CVE-2021-31316
    The unprivileged user portal part of CentOS Web Panel is affected by a SQL Injection via the 'idsession' HTTP POST parameter.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:44 | 阅读:17 | 回复:0
  • CVE-2021-31315
    CVE漏洞
    CVE-2021-31315
    Telegram Android 7.1.0 (2090), Telegram iOS 7.1, and Telegram macOS 7.1 are affected by a Stack Based Overflow in the blit function of their custom fork of the rlottie library. A remote attacker might ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:44 | 阅读:22 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap