漏洞 - 第880页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-25124

The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL58 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：53 | 回复：0
CVE漏洞

CVE-2020-24670

The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：42 | 回复：0
CVE漏洞

CVE-2020-24669

The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：40 | 回复：0
CVE漏洞

CVE-2020-24666

The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：33 | 回复：0
CVE漏洞

CVE-2020-24665

The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains an XML Entity Expansion injection vulnerability, which allows an authenticated remote users to trigger a denial of service (D ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：39 | 回复：0
CVE漏洞

CVE-2020-24664

The dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-3347

An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce14 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：51 | 回复：0
CVE漏洞

CVE-2021-3346

Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：47 | 回复：0
CVE漏洞

CVE-2021-23328

This affects all versions of package iniparserjs. This vulnerability relates when ini_parser.js is concentrating arrays. Depending on if user input is provided, an attacker can overwrite and pollute t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：43 | 回复：0
CVE漏洞

CVE-2021-3345

_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：73 | 回复：0
CVE漏洞

CVE-2021-20586

Resource management errors vulnerability in a robot controller of MELFA FR Series(controller CR800-*V*D of RV-*FR***-D-* all versions, controller CR800-*HD of RH-*FRH***-D-* all versions, controller C ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：41 | 回复：0
CVE漏洞

CVE-2021-25910

Improper Authentication vulnerability in the cookie parameter of ZIV AUTOMATION 4CCT-EA6-334126BF allows a local attacker to perform modifications in several parameters of the affected device as an au ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-25909

ZIV Automation 4CCT-EA6-334126BF firmware version 3.23.80.27.36371, allows an unauthenticated, remote attacker to cause a denial of service condition on the device. An attacker could exploit this vuln ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：48 | 回复：0
CVE漏洞

CVE-2021-25123

The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL58 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：39 | 回复：0
CVE漏洞

CVE-2020-35652

An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：45 | 回复：0
CVE漏洞

CVE-2021-3176

The chat window of the Mitel BusinessCTI Enterprise (MBC-E) Client for Windows before 6.4.15 and 7.x before 7.1.2 could allow an attacker to gain access to user information by sending certain code, du ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：41 | 回复：0
CVE漏洞

CVE-2020-35547

A library index page in NuPoint Messenger in Mitel MiCollab before 9.2 FP1 could allow an unauthenticated attacker to gain access (view and modify) to user data.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：37 | 回复：0
CVE漏洞

CVE-2020-35145

Acronis True Image for Windows prior to 2021 Update 3 allowed local privilege escalation due to a DLL hijacking vulnerability in multiple components, aka an Untrusted Search Path issue.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：37 | 回复：0
CVE漏洞

CVE-2020-29605

An issue was discovered in MantisBT before 2.24.4. Due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can get access to the Summary fields of private Issues v ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：39 | 回复：0
CVE漏洞

CVE-2020-29604

An issue was discovered in MantisBT before 2.24.4. A missing access check in bug_actiongroup.php allows an attacker (with rights to create new issues) to use the COPY group action to create a clone, i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：68 | 回复：0
CVE漏洞

CVE-2020-29603

In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names via the manage_proj_edit_page.php project_id parameter, without having ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：37 | 回复：0
CVE漏洞

CVE-2020-29538

Archer before 6.9 P1 (6.9.0.1) contains an improper access control vulnerability in an API. A remote authenticated malicious administrative user can potentially exploit this vulnerability to gather in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：47 | 回复：0
CVE漏洞

CVE-2020-29537

Archer before 6.8 P2 (6.8.0.2) is affected by an open redirect vulnerability. A remote privileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：45 | 回复：0
CVE漏洞

CVE-2020-29536

Archer before 6.8 P2 (6.8.0.2) is affected by a path exposure vulnerability. A remote authenticated malicious attacker with access to service files may obtain sensitive information to use it in furthe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：39 | 回复：0
CVE漏洞

CVE-2020-29535

Archer before 6.8 P4 (6.8.0.4) contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：36 | 回复：0
CVE漏洞

CVE-2020-29005

The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：31 | 回复：0
CVE漏洞

CVE-2020-29004

The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：35 | 回复：0
CVE漏洞

CVE-2020-28406

An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access details about jobs he should not have access to via the Audit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：57 | 回复：0
CVE漏洞

CVE-2020-28405

An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to change the privileges of any user of the application. This can be us ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：46 | 回复：0
CVE漏洞

CVE-2020-28404

An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access the Billing page without the appropriate privileges.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：54 | 回复：0
CVE漏洞

CVE-2020-28403

A Cross-Site Request Forgery (CSRF) vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an attacker to change the privileges of any user of the application. This can be u ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：44 | 回复：0
CVE漏洞

CVE-2020-28402

An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access Launcher Configuration Panel.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：52 | 回复：0
CVE漏洞

CVE-2020-28401

An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access WIP details about jobs he should not have access to.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-3298

Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：46 | 回复：0
CVE漏洞

CVE-2019-25014

A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0. If a particular HTTP GET request is made to the pilot API endpoint, it is po ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：45 | 回复：0
CVE漏洞

CVE-2021-3336

DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding ce ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-26308

An issue was discovered in the marc crate before 2.0.0 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated memory, violating soundness.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：37 | 回复：0
CVE漏洞

CVE-2021-26307

An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It allows __cpuid_count() calls even if the processor does not support the CPUID instruction, which is unsound and causes a determ ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：45 | 回复：0
CVE漏洞

CVE-2021-26306

An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It has unsound transmute calls within as_string() methods.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：73 | 回复：0
CVE漏洞

CVE-2021-26305

An issue was discovered in Deserializer::read_vec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, violat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：54 | 回复：0