漏洞 - 第816页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-3515

A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-3495

An incorrect access control flaw was found in the kiali-operator in versions before 1.33.0 and before 1.24.7. This flaw allows an attacker with a basic level of access to the cluster (to deploy a kial ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-3412

It was found that all versions of 3Scale developer portal lacked brute force protections. An attacker could use this gap to bypass login controls, and access privileged information, or possibly conduc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-33184

Server-Side request forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.15-3563 allows remote authenticated users to read arbitrary files via unspecified ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-33183

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability container volume management component in Synology Docker before 18.09.0-0515 allows local users to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-33182

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in PDF Viewer component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote auth ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-33181

Server-Side Request Forgery (SSRF) vulnerability in webapi component in Synology Video Station before 2.4.10-1632 allows remote authenticated users to send arbitrary request to intranet resources via ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-33180

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execut ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-32647

Emissary is a P2P based data-driven workflow engine. Affected versions of Emissary are vulnerable to post-authentication Remote Code Execution (RCE). The (https://github.com/NationalSecurityAgency/emi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-32027

A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated dat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-30181

Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in orde ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-30180

Apache Dubbo prior to 2.7.9 support Tag routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order to find the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-30179

Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. These invocations are handled by the GenericFilter which will find the serv ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-29740

IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 system core component is affected by a format string security vulnerability. An attacker could execute arbitrary code in the context ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-29665

IBM Security Verify Access 20.07 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with elev ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-29092

Unrestricted upload of file with dangerous type vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary code via ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-29088

Improper limitation of a pathname to a restricted directory ('Path Traversal') in cgi component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-25641

Each Apache Dubbo server will set a serialization id to tell the clients which serialization protocol it is working on. But for Dubbo versions before 2.7.8 or 2.6.9, an attacker can choose which seria ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-25640

In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-24335

The Car Repair Services Auto Mechanic WordPress theme before 4.0 did not properly sanitise its serviceestimatekey search parameter before outputting it back in the page, leading to a reflected Cross- ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-24334

The Instant Images â€“ One Click Unsplash Uploads WordPress plugin before 4.4.0.1 did not properly validate and sanitise its unsplash_download_w and unsplash_download_h parameter settings (/wp-admi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-24333

The Content Copy Protection Prevent Image Save WordPress plugin through 1.3 does not check for CSRF when saving its settings, not perform any validation and sanitisation on them, allowing attackers t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-24331

The Smooth Scroll Page Up/Down Buttons WordPress plugin before 1.4 did not properly sanitise and validate its settings, such as psb_distance, psb_buttonsize, psb_speed, only validating them client sid ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-24330

The Funnel Builder by CartFlows â€“ Create High Converting Sales Funnels For WordPress plugin before 1.6.13 did not sanitise its facebook_pixel_id and google_analytics_id settings, allowing high pr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-24329

The WP Super Cache WordPress plugin before 1.7.3 did not properly sanitise its wp_cache_location parameter in its settings, which could lead to a Stored Cross-Site Scripting issue.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-24328

The WP Login Security and History WordPress plugin through 1.0 did not have CSRF check when saving its settings, not any sanitisation or validation on them. This could allow attackers to make logged i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-24322

The Database Backup for WordPress plugin before 2.4 did not escape the backup_recipient POST parameter in before output it back in the attribute of an HTML tag, leading to a Stored Cross-Site Scriptin ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-24321

The Bello - Directory Listing WordPress theme before 1.6.0 did not sanitise the bt_bb_listing_field_price_range_to, bt_bb_listing_field_now_open, bt_bb_listing_field_my_lng, listing_list_view and bt_ ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-24320

The Bello - Directory Listing WordPress theme before 1.6.0 did not properly sanitise and escape its listing_list_view, bt_bb_listing_field_my_lat, bt_bb_listing_field_my_lng, bt_bb_listing_field_dist ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-24319

The Bello - Directory Listing WordPress theme before 1.6.0 did not properly sanitise its post_excerpt parameter before outputting it back in the shop/my-account/bello-listing-endpoint/ page, leading ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：4 | 回复：0
CVE漏洞

CVE-2021-24318

The Listeo WordPress theme before 1.6.11 did not ensure that the Post/Page and Booking to delete belong to the user making the request, allowing any authenticated users to delete arbitrary page/post a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-24317

The Listeo WordPress theme before 1.6.11 did not properly sanitise some parameters in its Search, Booking Confirmation and Personal Message pages, leading to Cross-Site Scripting issues……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-24316

The search feature of the Mediumish WordPress theme through 1.0.47 does not properly sanitise it's 's' GET parameter before output it back the page, leading to the Cross-SIte Scripting iss ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-24313

The WP Prayer WordPress plugin before 1.6.2 provides the functionality to store requested prayers/praises and list them on a WordPress website. These stored prayer/praise requests can be listed by usi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-24312

The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages used in the settings of WP Super Cache WordPress plugin before 1.7.3 result ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-24311

The wp_ajax_upload-remote-file AJAX action of the External Media WordPress plugin before 1.0.34 was vulnerable to arbitrary file uploads via any authenticated users.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-24310

The Photo Gallery by 10Web - Mobile-Friendly Image Gallery WordPress plugin before 1.5.67 did not properly sanitise the gallery title, allowing high privilege users to create one with XSS payload in i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-24309

The Schedule Name input in the Weekly Schedule WordPress plugin before 3.4.3 general options did not properly sanitize input, allowing a user to inject javascript code using the script HTML tags and c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-23388

The package forms before 1.2.1, from 1.3.0 and before 1.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via email validation.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-20585

IBM Security Verify Access 20.07 could disclose sensitive information in HTTP server headers that could be used in further attacks against the system. IBM X-Force ID: 199398.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：7 | 回复：0