漏洞 - 第832页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-29469

Node-redis is a Node.js Redis client. Before version 3.1.1, when a client is in monitoring mode, the regex begin used to detected monitor messages could cause exponential backtracking on some strings. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-22682

Cscape (All versions prior to 9.90 SP4) is configured by default to be installed for all users, which allows full permissions, including read/write access. This may allow unprivileged users to modify ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-22678

Cscape (All versions prior to 9.90 SP4) lacks proper validation of user-supplied data when parsing project files. This could lead to memory corruption. An attacker could leverage this vulnerability to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-22207

Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-22205

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote comm ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-22204

Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-20088

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in mootools-more 1.6.0 allows a malicious user to inject properties into Object.prototype.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-20087

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-deparam 0.5.1 allows a malicious user to inject properties into Object.prototype.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-20084

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-sparkle 1.5.2-beta allows a malicious user to inject properties into Object.prototype. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-31540

Wowza Streaming Engine through 4.8.5 (in a default installation) has incorrect file permissions of configuration files in the conf/ directory. A regular local user is able to read and write to all the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-31539

Wowza Streaming Engine before 4.8.8.01 (in a default installation) has cleartext passwords stored in the conf/admin.password file. A regular local user is able to read usernames and passwords.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-31410

Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-31408

Authentication.logout() helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 (Vaadin 18), and 6.0.0 through 6.0.4 (Vaadin 19.0.0 through 19.0.3) uses incorrect HTTP method, which, in combina ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-22893

Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect S ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-31407

Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 (Vaadin 12.0.0 through 14.4.9), and 6.0.0 through 6.0.1 (Vaadin 19.0.0) allows attacker to access application c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-31406

Non-constant-time comparison of CSRF tokens in endpoint request handler in com.vaadin:flow-server versions 3.0.0 through 5.0.3 (Vaadin 15.0.0 through 18.0.6), and com.vaadin:fusion-endpoint version 6. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-31405

Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-text-field-flow versions 2.0.4 through 2.3.2 (Vaadin 14.0.6 through 14.4.3), and 3.0.0 through 4.0.2 (Vaadin 15.0.0 through 17.0.10 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-31404

Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.13 (Vaadin 10.0.0 through 10.0.16), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-31403

Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:vaadin-server versions 7.0.0 through 7.7.23 (Vaadin 7.0.0 through 7.7.23), and 8.0.0 through 8.12.2 (Vaadin 8.0.0 thro ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：4 | 回复：0
CVE漏洞

CVE-2021-26909

Automox Agent prior to version 31 uses an insufficiently protected S3 bucket endpoint for storing sensitive files, which could be brute-forced by an attacker to subvert an organization's security ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-26908

Automox Agent prior to version 31 logs potentially sensitive information in local log files, which could be used by a locally-authenticated attacker to subvert an organization's security program. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：10 | 回复：0
CVE漏洞

CVE-2020-7385

By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploited by that module, due to the reliance o ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：14 | 回复：0
CVE漏洞

CVE-2020-36321

Improper URL validation in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.4.1 (Vaadin 14.0.0 through 14.4.2), and 3.0 prior to 5.0 (Vaadin 15 prior to 18) allows attacker ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：8 | 回复：0
CVE漏洞

CVE-2020-36320

Unsafe validation RegEx in EmailValidator class in com.vaadin:vaadin-server versions 7.0.0 through 7.7.21 (Vaadin 7.0.0 through 7.7.21) allows attackers to cause uncontrolled resource consumption by s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：39 | 回复：0
CVE漏洞

CVE-2020-36319

Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 (Vaadin 15.0.0 through 15.0.4) may expose sensitive data if the application also uses e.g. @RestCo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：24 | 回复：0
CVE漏洞

CVE-2019-25028

Missing variable sanitization in Grid component in com.vaadin:vaadin-server versions 7.4.0 through 7.7.19 (Vaadin 7.4.0 through 7.7.19), and 8.0.0 through 8.8.4 (Vaadin 8.0.0 through 8.8.4) allows att ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：13 | 回复：0
CVE漏洞

CVE-2019-25027

Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 (Vaadin 10.0.0 through 10.0.13), and 1.1.0 through 1.4.2 (Vaadin 11.0.0 through 1 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：9 | 回复：0
CVE漏洞

CVE-2018-25007

Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 (Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2) allows attacker to update element property values ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：5 | 回复：0
CVE漏洞

CVE-2017-20003

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-26291

Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-25382

An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release 1 allows unauthorized access to contents in Secure Folder via debugging command.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-31607

In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is creat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-31597

The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-2320

Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway (component: Management Console). The supported version that is affected is Prior to 1.4. Easily explo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-2319

Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway (component: Management Console). The supported version that is affected is Prior to 1.4. Easily explo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-2318

Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway (component: Management Console). The supported version that is affected is Prior to 1.4. Easily explo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-2317

Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway (component: Management Console). The supported version that is affected is Prior to 1.4. Easily explo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-2316

Vulnerability in the Oracle HRMS (France) product of Oracle E-Business Suite (component: French HR). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：4 | 回复：0
CVE漏洞

CVE-2021-2315

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitabl ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：4 | 回复：0
CVE漏洞

CVE-2021-2314

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Profiles). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：14 | 回复：0