漏洞 - 第803页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-24336

The FlightLog WordPress plugin through 3.0.2 does not sanitise, validate or escape various POST parameters before using them a SQL statement, leading to SQL injections exploitable by editor and admini ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：15 | 回复：0
CVE漏洞

CVE-2020-36384

PageLayer before 1.3.5 allows reflected XSS via color settings.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：19 | 回复：0
CVE漏洞

CVE-2020-36383

PageLayer before 1.3.5 allows reflected XSS via the font-size parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-28382

Zoho ManageEngine Key Manager Plus before 6001 allows Stored XSS on the user-management page while importing malicious user details from AD.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：7 | 回复：0
CVE漏洞

CVE-2020-26885

An issue was discovered in 2sic 2sxc before 11.22. A XSS vulnerability in the sxcver parameter of dnn/ui.html allows an attacker to craft a malicious URL that executes a JavaScript payload in a victim ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：4 | 回复：0
CVE漏洞

CVE-2021-33898

In Invoice Ninja before 4.4.0, there is an unsafe call to unserialize() in app/Ninja/Repositories/AccountRepository.php that may allow an attacker to deserialize arbitrary PHP classes. In certain cont ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：8 | 回复：0
CVE漏洞

CVE-2017-20005

NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date fa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-33879

Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A malicious attacker in an MITM position could spoof the contents of an XML document describing an update package ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-33881

On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a write operation (aka conduct a tear off attack) over RFID to bypass a Monotonic Counter protection mechanism. The impact depends on ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-33880

The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-32198

EmTec ZOC through 8.02.4 allows remote servers to cause a denial of service (Windows GUI hang) by telling the ZOC window to change its title repeatedly at high speed, which results in many SetWindowTe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-31701

Mintty before 3.4.7 mishandles Bracketed Paste Mode.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-32641

auth0-lock is Auth0's signin solution. Versions of nauth0-lock before and including `11.30.0` are vulnerable to reflected XSS. An attacker can execute arbitrary code when the library's `flashM ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-31252

An open redirect vulnerability exists in BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, and SEMAC devices from CHIYU Technology that can be exploited by sending a link that has a speciall ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-31251

An authentication bypass in telnet server in BF-430 and BF431 232/422 TCP/IP Converter, BF-450M and SEMAC from CHIYU Technology Inc allows obtaining a privileged connection with the target device by s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-31250

Multiple storage XSS vulnerabilities were discovered on BF-430, BF-431 and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of sanitization of the input on the components man.c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-31249

A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter redirect= available on multiple ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-26928

** DISPUTED ** BIRD through 2.0.7 does not provide functionality for password authentication of BGP peers. Because of this, products that use BIRD (which may, for example, include Tigera products in s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-29500

bubble fireworks is an open source java package relating to Spring Framework. In bubble fireworks before version 2021.BUILD-SNAPSHOT there is a vulnerability in which the package did not properly veri ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：12 | 回复：0
CVE漏洞

CVE-2020-29324

The DLink Router DIR-895L MFC v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmwa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：7 | 回复：0
CVE漏洞

CVE-2020-29323

The D-link router DIR-885L-MFC 1.15b02, v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：15 | 回复：0
CVE漏洞

CVE-2020-29322

The D-Link router DIR-880L 1.07 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：14 | 回复：0
CVE漏洞

CVE-2020-29321

The D-Link router DIR-868L 3.01 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-32615

Piwigo 11.4.0 allows admin/user_list_backend.php order SQL Injection.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-31876

Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125, which makes it easier for attackers to trigger a loss of funds, or a denial of service attack ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：9 | 回复：0
CVE漏洞

CVE-2019-10062

The HTMLSanitizer class in html-sanitizer.ts in all released versions of the Aurelia framework 1.x repository is vulnerable to XSS. The sanitizer only attempts to filter SCRIPT elements, which makes i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：11 | 回复：0
CVE漏洞

CVE-2020-23996

A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 and 6.0 allows remote authenticated attackers to execute arbitrary code via the import of personal data.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：28 | 回复：0
CVE漏洞

CVE-2020-23995

An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get the upload data path via a workspace upload.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-29510

Pydantic is a data validation and settings management using Python type hinting. In affected versions passing either `'infinity'`, `'inf'` or `float('inf')` (or their negatives ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-29506

GraphHopper is an open-source Java routing engine. In GrassHopper from version 2.0 and before version 2.4, there is a regular expression injection vulnerability that may lead to Denial of Service. Thi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-27413

Omron CX-One Versions 4.60 and prior, including CX-Server Versions 5.0.29.0 and prior, are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-23910

An issue was discovered in HERMES 2.1 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. There is an out-of-bounds array access in RemoteDiagnosisApp.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-23909

An issue was discovered in HERMES 2.1 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The SH2 MCU allows remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-23908

An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A type confusion issue affects MultiSvSetAttributes in the HiQnet Protocol, leading ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-23907

An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The count in MultiSvGet, GetAttributes, and MultiSvSet is not checked in the HiQnet ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-23906

An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A Message Length is not checked in the HiQnet Protocol, leading to remote code exec ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-32925

admin/user_import.php in Chamilo 1.11.x reads XML data without disabling the ability to load external entities.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-22140

Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue (XXE) in the App Search web crawler beta feature. Using this vector, an attacker whose website ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-22139

Kibana versions before 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of timeout or a limit on the request size. An attacker with permissions to create ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-22138

In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. When specifying a trusted server CA certificate Logstash would not ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：17 | 回复：0