漏洞 - 第808页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2020-36005

AppCMS 2.0.101 in /admin/app.php has an arbitrary file deletion vulnerability which allows attackers to delete arbitrary files on the site.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：30 | 回复：0
CVE漏洞

CVE-2020-36004

AppCMS 2.0.101 in /admin/download_frame.php has a SQL injection vulnerability which allows attackers to obtain sensitive database information.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-32666

wire-ios is the iOS version of Wire, an open-source secure messaging app. In wire-ios versions 3.8.0 and prior, a vulnerability exists that can cause a denial of service between users. If a user has a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：41 | 回复：0
CVE漏洞

CVE-2021-32662

Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In `@backstage/techdocs-common` versions prior to 0.6.3, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-32665

wire-ios is the iOS version of Wire, an open-source secure messaging app. wire-ios versions 3.8.0 and earlier have a bug in which a conversation could be incorrectly set to unverified. This occurs whe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：36 | 回复：0
CVE漏洞

CVE-2020-35973

An issue was discovered in zzcms2020. There is a XSS vulnerability that can insert and execute JS code arbitrarily via /user/manage.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：33 | 回复：0
CVE漏洞

CVE-2020-35972

An issue was discovered in YzmCMS V5.8. There is a CSRF vulnerability that can add member user accounts via member/member/add.html.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：44 | 回复：0
CVE漏洞

CVE-2020-35971

A storage XSS vulnerability is found in YzmCMS v5.8, which can be used by attackers to inject JS code and attack malicious XSS on the /admin/system_manage/user_config_edit.html page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：31 | 回复：0
CVE漏洞

CVE-2020-35970

An issue was discovered in YzmCMS 5.8. There is a SSRF vulnerability in the background collection management that allows arbitrary file read.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-3469

Foreman versions before 2.3.4 and before 2.4.0 is affected by an improper authorization handling flaw. An authenticated attacker can impersonate the foreman-proxy if product enable the Puppet Certific ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-25947

Prototype pollution vulnerability in 'nestie' versions 0.0.0 through 1.0.0 allows an attacker to cause a denial of service and may lead to remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-22337

There is an Information Disclosure vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause leaking of user click data.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-22335

There is a Memory Buffer Improper Operation Limit vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause exceptions in image processing.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-22334

There is an Improper Access Control vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause app redirections.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-22333

There is an Improper Validation of Array Index vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause code to execute, thus obtaining system permissions.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：28 | 回复：0
CVE漏洞

CVE-2019-14584

Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-32661

Backstage is an open platform for building developer portals. In versions of Backstage's Techdocs Plugin (`@backstage/plugin-techdocs`) prior to 0.9.5, a malicious internal actor can potentially u ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-33815

dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_count is not strictly checked.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-32660

Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In versions of `@backstage/tehdocs-common` prior to 0.6. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：37 | 回复：0
CVE漏洞

CVE-2021-22336

There is an Improper Control of Generation of Code vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause denial of security services on a rooted device.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-22325

There is an Information Disclosure vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may result in video streams being intercepted during transmission.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-22324

There is a Credentials Management Errors vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may impair data confidentiality.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：37 | 回复：0
CVE漏洞

CVE-2021-22322

There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may impair data confidentiality.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-22317

There is an Information Disclosure vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may impair data confidentiality.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-22316

There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone. Attackers with physical access to the device can thereby exploit this vulnerability. A successful exploitati ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-22313

There is a Security Function vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may impair data confidentiality.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-22308

There is a Business Logic Errors vulnerability in Huawei Smartphone. The malicious apps installed on the device can keep taking screenshots in the background. This issue does not cause system errors, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：23 | 回复：0
CVE漏洞

CVE-2020-28469

This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-32460

The Trend Micro Maximum Security 2021 (v17) consumer product is vulnerable to an improper access control vulnerability in the installer which could allow a local attacker to escalate privileges on a t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-24023

An improper input validation in FortiAI v1.4.0 and earlier may allow an authenticated user to gain system shell access via a malicious payload in the diagnose command.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-20380

IBM QRadar Advisor With Watson App 1.1 through 2.5 as used on IBM QRadar SIEM 7.4 could allow a remote user to obtain sensitive information from HTTP requests that could aid in further attacks against ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：31 | 回复：0
CVE漏洞

CVE-2020-21005

WellCMS 2.0 beta3 is vulnerable to File Upload. A user can log in to the CMS background and upload a picture. Because the upload file type is controllable, the user can modify the upload file type to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：16 | 回复：0
CVE漏洞

CVE-2020-21003

Pbootcms v2.0.3 is vulnerable to Cross Site Scripting (XSS) via admin.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-32926

When an authenticated password change request takes place, this vulnerability could allow the attacker to intercept the message that includes the legitimate, new password hash and replace it with an i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-3569

A stack corruption bug was found in libtpms in versions before 0.7.2 and before 0.8.0 while decrypting data using RSA. This flaw could result in a SIGBUS (bad memory access) and termination of swtpm. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-33806

The BDew BdLib library before 1.16.1.7 for Minecraft allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of its use of Java serialization.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-28848

Mintty before 3.4.5 allows remote servers to cause a denial of service (Windows GUI hang) by telling the Mintty window to change its title repeatedly at high speed, which results in many SetWindowText ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-32923

HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-31830

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to embed JavaScrip ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-28847

MobaXterm before 21.0 allows remote servers to cause a denial of service (Windows GUI hang) via tab title change requests that are sent repeatedly at high speed, which results in many SetWindowTextA o ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：26 | 回复：0