漏洞 - 第889页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2019-19350

An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11. An attacker with access to the container co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：18 | 回复：0
CVE漏洞

CVE-2019-19349

An insecure modification vulnerability in the /etc/passwd file was found in the container operator-framework/operator-metering as shipped in Red Hat Openshift 4. An attacker with access to the contain ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-29002

A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the form.widgets.site_title parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：24 | 回复：0
CVE漏洞

CVE-2020-5015

IBM Elastic Storage System 6.0.0 through 6.0.1.2 and IBM Elastic Storage Server 5.3.0 through 5.3.6.2 could allow a remote attacker to cause a denial of service by sending malformed UDP requests. IBM ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-28362

An issue was discovered in Contiki through 3.0. When sending an ICMPv6 error message because of invalid extension header options in an incoming IPv6 packet, there is an attempt to remove the RPL exten ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-27320

Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-27319

Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via email parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-27316

Blind SQL injection in contactus.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via lastname parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-27315

Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via the comment parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-29033

A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/edit_group.php URI.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-29032

A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/preferences.php URI.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-29031

A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/users_import.php URI.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-29030

A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/index.php URI.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-29029

A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/edit_personal_page.php URI.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-29028

A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/user_activity.php URI.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-29027

A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/index.php URI.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：46 | 回复：0
CVE漏洞

CVE-2021-29026

A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/permissions.php URI.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-29025

A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/my_images.php URI.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-29133

Lack of verification in haserl, a component of Alpine Linux Configuration Framework, before 0.9.36 allows local users to read the contents of any file on the filesystem.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-28967

The unofficial MATLAB extension before 2.0.1 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace because of lint configuration settings.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-21380

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform (and only those with the Ratings API installed), the Rat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：30 | 回复：0
CVE漏洞

CVE-2020-13612

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：32 | 回复：0
CVE漏洞

CVE-2020-13611

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：24 | 回复：0
CVE漏洞

CVE-2020-13610

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：28 | 回复：0
CVE漏洞

CVE-2020-13609

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：40 | 回复：0
CVE漏洞

CVE-2020-13608

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：36 | 回复：0
CVE漏洞

CVE-2020-13607

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：43 | 回复：0
CVE漏洞

CVE-2020-13606

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:53 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-3291

Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-3286

SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. NOTE: this issue exists because of an incomplete ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-3285

jxbrowser in TI Code Composer Studio IDE 8.x through 10.x before 10.1.1 does not verify X.509 certificates for HTTPS.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-3278

Local Service Search Engine Management System 1.0 has a vulnerability through authentication bypass using SQL injection . Using this vulnerability, an attacker can bypass the login page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-3223

Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-3199

Directory traversal with remote code execution can occur in /upload in ONLYOFFICE Document Server before 5.6.3, when JWT is used, via a /.. sequence in an image upload parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：47 | 回复：0
CVE漏洞

CVE-2021-3195

** DISPUTED ** bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a dumpwallet RPC call. NOTE: this reportedly does no ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-3193

Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：41 | 回复：0
CVE漏洞

CVE-2021-3190

The async-git package before 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-3188

phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-3186

A Stored Cross-site scripting (XSS) vulnerability in /main.html Wifi Settings in Tenda AC5 AC1200 version V15.03.06.47_multi allows remote attackers to inject arbitrary web script or HTML via the Wifi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-3185

A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption and possibly cod ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：32 | 回复：0