漏洞 - 第813页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-30174

RiyaLab CloudISO event item is added, special characters in specific field of time management page are not properly filtered, which allow remote authenticated attackers can inject malicious JavaScript ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-32563

An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program (based on the file type) witho ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：22 | 回复：0
CVE漏洞

CVE-2020-23575

A directory traversal vulnerability exists in Kyocera Printer d-COPIA253MF plus. Successful exploitation of this vulnerability could allow an attacker to retrieve or view arbitrary files from the affe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：19 | 回复：0
CVE漏洞

CVE-2020-23376

NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by adding a navigation column which can be injected with arbitrary web script or HTML via the name paramet ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：18 | 回复：0
CVE漏洞

CVE-2020-23374

Cross-site scripting (XSS) vulnerability in admin/article/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：24 | 回复：0
CVE漏洞

CVE-2020-23373

Cross-site scripting (XSS) vulnerability in admin/nav/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：26 | 回复：0
CVE漏洞

CVE-2020-23371

Cross-site scripting (XSS) vulnerability in static/admin/js/kindeditor/plugins/multiimage/images/swfupload.swf in noneCms v1.3.0 allows remote attackers to inject arbitrary web script or HTML via the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：21 | 回复：0
CVE漏洞

CVE-2020-23370

In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter, which allows remote attackers to upload a swf file. The swf file can be injected with ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：20 | 回复：0
CVE漏洞

CVE-2020-23369

In YzmCMS 5.6, XSS was discovered in member/member_content/init.html via the SRC attribute of an IFRAME element because of using UEditor 1.4.3.3.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-32489

An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message receive ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-32399

net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-32053

JPA Server in HAPI FHIR before 5.4.0 allows a user to deny service (e.g., disable access to the database after the attack stops) via history requests. This occurs because of a SELECT COUNT statement t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-21430

OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Using `File.createTempFile` in JDK will ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：44 | 回复：0
CVE漏洞

CVE-2020-28600

An out-of-bounds write vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：14 | 回复：0
CVE漏洞

CVE-2020-27232

An exploitable SQL injection vulnerability exists in ‘manageServiceStocks.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an auth ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：16 | 回复：0
CVE漏洞

CVE-2020-18102

Cross Site Scripting (XSS) in Hotels_Server v1.0 allows remote attackers to execute arbitrary code by injecting crafted commands the data fields in the component /controller/publishHotel.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-29022

In InvoicePlane 1.5.11, the upload feature discloses the full path of the file upload directory.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-21428

Openapi generator is a java tool which allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. openapi-generator- ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：12 | 回复：0
CVE漏洞

CVE-2020-28588

An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 (commit 631b7 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：11 | 回复：0
CVE漏洞

CVE-2020-27231

A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findDistrict parameter in ‘‘patientslist.do’ page is vulnerable to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：9 | 回复：0
CVE漏洞

CVE-2020-27230

A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findSector parameter in ‘‘patientslist.do’ page is vulnerable to a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：15 | 回复：0
CVE漏洞

CVE-2020-27229

A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findPersonID parameter in ‘‘patientslist.do’ page is vulnerable to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：11 | 回复：0
CVE漏洞

CVE-2020-27226

An exploitable SQL injection vulnerability exists in ‘quickFile.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-29502

WarnSystem is a cog (plugin) for the Red discord bot. A vulnerability has been found in the code that allows any user to access sensible informations by setting up a specific template which is not pro ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：6 | 回复：0
CVE漏洞

CVE-2020-19199

A Cross Site Request Forgery (CSRF) vulnerability exists in PHPOK 5.2.060 via admin.php?c=adminf=save, which could let a remote malicious user execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-29501

Ticketer is a command based ticket system cog (plugin) for the red discord bot. A vulnerability allowing discord users to expose sensitive information has been found in the Ticketer cog. Please upgrad ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-20577

IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-20559

IBM Control Desk 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality po ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-20538

IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a user to obtain sensitive information or perform actions they should not have access to due to incorrect authorization mechanisms. IB ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-31877

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA due to lack of a reference providing provenance. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-21822

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.3.37598. A specially crafted PDF document can trigger the reuse of previously free memory, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：22 | 回复：0
CVE漏洞

CVE-2020-13529

An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing atta ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-28664

The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption) because an unprivileged user can achieve read/write access to read-only pages. This affects Bifros ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-28663

The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. This affects Bifrost r0p0 through r28p0 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-23016

On BIG-IP APM versions 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, and all versions of 16.0.x, 12.1.x, and 11.6.x, an attacker may be able to bypass APM's internal restrict ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-23015

On BIG-IP 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.0.8 through 13.1.3.6, and all versions of 16.0.x, when running in Appliance Mode, an authenticated user assigned the 'Administrator&#39 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-23014

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, and 14.1.x before 14.1.4, BIG-IP Advanced WAF and ASM are missing authorization checks for file uploads to a specific directory within the RES ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-23012

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, and 13.1.x before 13.1.4, lack of input validation for items used in the system support functionality may allow u ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-28678

An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-28677

An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally qu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：13 | 回复：0