漏洞 - 第824页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2020-36327

Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chose ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-31875

In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously formed JSON string can trigger an off-by-one heap-based buffer overflow in mjs_json_parse, which can potentially lead to redirection of cont ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-31776

Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search path that enables local privilege escalation to the SYSTEM user, if the machine is misconfigured to allow unprivileged users to wri ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-25216

In BIND 9.5.0 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.11.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 - 9.17.1 of the BIN ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-25215

In BIND 9.0.0 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 - 9.17.11 of the BIN ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-25214

In BIND 9.8.5 - 9.8.8, 9.9.3 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 - 9 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-21414

Prisma is an open source ORM for Node.js TypeScript. As of today, we are not aware of any Prisma users or external consumers of the `@prisma/sdk` package who are affected by this security vulnerabili ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-21391

CKEditor 5 provides a WYSIWYG editing solution. This CVE affects the following npm packages: ckeditor5-engine, ckeditor5-font, ckeditor5-image, ckeditor5-list, ckeditor5-markdown-gfm, ckeditor5-media- ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-2321

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high pr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-29483

ManageWiki is an extension to the MediaWiki project. The 'wikiconfig' API leaked the value of private configuration variables set through the ManageWiki variable to all users. This has been pa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：31 | 回复：0
CVE漏洞

CVE-2020-7038

A vulnerability was discovered in Management component of Avaya Equinox Conferencing that could potentially allow an unauthenticated, remote attacker to gain access to screen sharing and whiteboard se ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：27 | 回复：0
CVE漏洞

CVE-2020-7037

An XML External Entities (XXE) vulnerability in Media Server component of Avaya Equinox Conferencing could allow an authenticated, remote attacker to gain read access to information that is stored on ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：24 | 回复：0
CVE漏洞

CVE-2020-22790

Authenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to execute codeby injecting arbitrary web script or HTML via modifying the name of the users. The XSS is ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：28 | 回复：0
CVE漏洞

CVE-2020-22789

Unauthenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via the login page. The XSS is exec ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：29 | 回复：0
CVE漏洞

CVE-2020-22785

Etherpad 1.8.3 is affected by a missing lock check which could cause a denial of service. Aggressively targeting random pad import endpoints with empty data would flatten all pads due to lack of rate ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：18 | 回复：0
CVE漏洞

CVE-2020-22784

In Etherpad UeberDB 0.4.4, due to MySQL omitting trailing spaces on char / varchar columns during comparisons, retrieving database records using UeberDB's MySQL connector could allow bypassing ac ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：35 | 回复：0
CVE漏洞

CVE-2020-22783

Etherpad 1.8.3 stored passwords used by users insecurely in the database and in log files. This affects every database backend supported by Etherpad.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：35 | 回复：0
CVE漏洞

CVE-2020-22782

Etherpad 1.8.3 is affected by a denial of service in the import functionality. Upload of binary file to the import endpoint would crash the instance.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：27 | 回复：0
CVE漏洞

CVE-2020-22781

In Etherpad 1.8.3, a specially crafted URI would raise an unhandled exception in the cache mechanism and cause a denial of service (crash the instance).……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-25165

A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address thi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-25164

A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address thi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-25152

A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that addres ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-29482

xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicou ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：37 | 回复：0
CVE漏洞

CVE-2021-25154

A remote escalation of privilege vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：39 | 回复：0
CVE漏洞

CVE-2021-25153

A remote SQL injection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this secu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：41 | 回复：0
CVE漏洞

CVE-2021-25151

A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that addres ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：49 | 回复：0
CVE漏洞

CVE-2021-23364

The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：40 | 回复：0
CVE漏洞

CVE-2020-18022

Cross Site Scripting (XSS) in Qibosoft QiboCMS v7 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information by injecting arbitrary commands in a HTTP request to the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：42 | 回复：0
CVE漏洞

CVE-2020-17999

Cross Site Scripting (XSS) in MiniCMS v1.10 allows remote attackers to execute arbitrary code by injecting commands via a crafted HTTP request to the component /mc-admin/post-edit.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-25147

A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：33 | 回复：0
CVE漏洞

CVE-2020-7123

A local escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manag ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：25 | 回复：0
CVE漏洞

CVE-2020-21996

AVE DOMINAplus =1.10.x suffers from an unauthenticated reboot command execution. Attackers can exploit this issue to cause a denial of service scenario.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：31 | 回复：0
CVE漏洞

CVE-2020-21994

AVE DOMINAplus =1.10.x suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/ ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：30 | 回复：0
CVE漏洞

CVE-2020-21993

In WEMS Limited Enterprise Manager 2.58, input passed to the GET parameter 'email' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-3508

A flaw was found in PDFResurrect in version 0.22b. There is an infinite loop in get_xref_linear_skipped() in pdf.c via a crafted PDF file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-29388

A stored cross-site scripting (XSS) vulnerability in SourceCodester Budget Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php via vulnerable field 'Budge ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-29387

Multiple stored cross-site scripting (XSS) vulnerabilities in Sourcecodester Equipment Inventory System 1.0 allow remote attackers to inject arbitrary javascript via any Add sections, such as Add Item ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-29159

A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. An attacker with a local account can create entities with crafted properties that, when vi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：29 | 回复：0
CVE漏洞

CVE-2020-21991

AVE DOMINAplus =1.10.x suffers from an authentication bypass vulnerability due to missing control check when directly calling the autologin GET parameter in changeparams.php script. Setting the autolo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：28 | 回复：0
CVE漏洞

CVE-2020-18020

SQL Injection in PHPSHE Mall System v1.7 allows remote attackers to execute arbitrary code by injecting SQL commands into the user_phone parameter of a crafted HTTP request to the admin.php component.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：29 | 回复：0