漏洞 - 第886页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2020-23355

** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Codiad 2.8.4 /componetns/user/class.user.php:Authenticate() is vulnerable in magic hash authentication bypass. If encrypted or hash value for the passwords fo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：22 | 回复：0
CVE漏洞

CVE-2020-23352

Z-BlogPHP 1.6.0 Valyria is affected by incorrect access control. PHP loose comparison and a magic hash can be used to bypass authentication. zb_user/plugin/passwordvisit/include.php:passwordvisit_inpu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：25 | 回复：0
CVE漏洞

CVE-2020-16115

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：28 | 回复：0
CVE漏洞

CVE-2020-16114

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：29 | 回复：0
CVE漏洞

CVE-2020-16113

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：38 | 回复：0
CVE漏洞

CVE-2020-16112

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：27 | 回复：0
CVE漏洞

CVE-2020-16111

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：33 | 回复：0
CVE漏洞

CVE-2020-16110

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：34 | 回复：0
CVE漏洞

CVE-2020-16109

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：37 | 回复：0
CVE漏洞

CVE-2020-16108

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：32 | 回复：0
CVE漏洞

CVE-2020-16107

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：28 | 回复：0
CVE漏洞

CVE-2020-16106

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：30 | 回复：0
CVE漏洞

CVE-2020-16105

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：23 | 回复：0
CVE漏洞

CVE-2020-4967

IBM Cloud Pak for Security (CP4S) 1.3.0.1 could disclose sensitive information through HTTP headers which could be used in further attacks against the system. IBM X-Force ID: 192425.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：29 | 回复：0
CVE漏洞

CVE-2020-4820

IBM Cloud Pak for Security (CP4S) 1.4.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionali ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：32 | 回复：0
CVE漏洞

CVE-2020-4816

IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could expl ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：26 | 回复：0
CVE漏洞

CVE-2020-4815

IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote user to obtain sensitive information from HTTP response headers that could be used in further attacks against the system.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：22 | 回复：0
CVE漏洞

CVE-2020-4628

IBM Cloud Pak for Security (CP4S) 1.3.0.1 and 1.4.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：31 | 回复：0
CVE漏洞

CVE-2020-36012

Stored XSS vulnerability in BDTASK Multi-Store Inventory Management System 1.0 allows a local admin to inject arbitrary code via the Customer Name Field.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：48 | 回复：0
CVE漏洞

CVE-2021-3272

jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-3317

KLog Server through 2.4.1 allows authenticated command injection. async.php calls shell_exec() on the original value of the source parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-3165

SmartAgent 3.1.0 allows a ViewOnly attacker to create a SuperUser account via the /#/CampaignManager/users URI.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：22 | 回复：0
CVE漏洞

CVE-2013-2512

The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP protocol traffic.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：39 | 回复：0
CVE漏洞

CVE-2021-1071

NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, all L4T versions prior to r32.5, contains a vulnerability in the INA3221 driver in which improper access ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-1070

NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, L4T versions prior to 32.5, contains a vulnerability in the apply_binaries.sh script used to install NVIDIA components i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：62 | 回复：0
CVE漏洞

CVE-2020-23776

A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a request to a specific URL. An attacker ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：36 | 回复：0
CVE漏洞

CVE-2020-23774

A reflected XSS vulnerability exists in tohtml/convert.php of Winmail 6.5, which can cause JavaScript code to be executed.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：46 | 回复：0
CVE漏洞

CVE-2021-3309

packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process connections even though they are not authorized by the Certification Authority trust store,……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-3156

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via sudoedit -s and a command-line argument that ends with a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-26272

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-26271

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-21283

Flarum is an open source discussion platform for websites. The Flarum Sticky extension versions 0.1.0-beta.14 and 0.1.0-beta.15 has a cross-site scripting vulnerability. A change in release beta 14 of ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-21278

RSSHub is an open source, easy to use, and extensible RSS feed generator. In RSSHub before version 7f1c430 (non-semantic versioning) there is a risk of code injection. Some routes use `eval` or `Funct ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-21271

Tendermint Core is an open source Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine - written in any programming language - and securely replicates it on many machines. T ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-3308

An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting it ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-22159

Insider Threat Management Windows Agent Local Privilege Escalation Vulnerability The Proofpoint Insider Threat Management (formerly ObserveIT) Agent for Windows before 7.4.3, 7.5.4, 7.6.5, 7.7.5, 7.8. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：20 | 回复：0
CVE漏洞

CVE-2020-27295

The affected product has uncontrolled resource consumption issues, which may allow an attacker to cause a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-23272

The Application Development Clients component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains a vulnerability that theoreticall ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：24 | 回复：0
CVE漏洞

CVE-2020-27299

The affected product is vulnerable to an out-of-bounds read, which may allow an attacker to obtain and disclose sensitive data information or cause the device to crash on the OPC UA Tunneller (version ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：20 | 回复：0
CVE漏洞

CVE-2020-27297

The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to manipulate memory with controlled values and remotely execute code on the OPC UA Tunneller (versions ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：26 | 回复：0