• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号
登陆 注册
描述文字
OGeek|极客世界-中国程序员成长平台 门户 漏洞

漏洞

RSS

下级分类:

  • CVE-2021-21347
    CVE漏洞
    CVE-2021-21347
    XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code fr ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:52 | 阅读:27 | 回复:0
  • CVE-2021-21346
    CVE漏洞
    CVE-2021-21346
    XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code fr ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:52 | 阅读:23 | 回复:0
  • CVE-2021-21345
    CVE漏洞
    CVE-2021-21345
    XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:52 | 阅读:14 | 回复:0
  • CVE-2021-21344
    CVE漏洞
    CVE-2021-21344
    XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code fr ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:52 | 阅读:31 | 回复:0
  • CVE-2021-21343
    CVE漏洞
    CVE-2021-21343
    XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type informat ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:52 | 阅读:26 | 回复:0
  • CVE-2021-21342
    CVE漏洞
    CVE-2021-21342
    XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type informat ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:52 | 阅读:28 | 回复:0
  • CVE-2021-21341
    CVE漏洞
    CVE-2021-21341
    XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:52 | 阅读:40 | 回复:0
  • CVE-2021-25922
    CVE漏洞
    CVE-2021-25922
    In OpenEMR, versions 4.2.0 to 6.0.0 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly. An attacker could trick a user to click on a malicious url an ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:52 | 阅读:31 | 回复:0
  • CVE-2021-25921
    CVE漏洞
    CVE-2021-25921
    In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly in the `Allergies` section. An attacker could lure an admin t ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:52 | 阅读:41 | 回复:0
  • CVE-2021-25920
    CVE漏洞
    CVE-2021-25920
    In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creating a new user, which leads to a malicious user able to read and send sensitive messages on behalf of the v ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:52 | 阅读:23 | 回复:0
  • CVE-2021-25919
    CVE漏洞
    CVE-2021-25919
    In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly. A highly privileged attacker could inject arbitrary code into in ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:52 | 阅读:39 | 回复:0
  • CVE-2021-25918
    CVE漏洞
    CVE-2021-25918
    In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the TOTP Authentication method page. A highly pri ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:52 | 阅读:29 | 回复:0
  • CVE-2021-25917
    CVE漏洞
    CVE-2021-25917
    In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the U2F USB Device authentication method page. A ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:52 | 阅读:40 | 回复:0
  • CVE-2021-22321
    CVE漏洞
    CVE-2021-22321
    There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operat ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:52 | 阅读:38 | 回复:0
  • CVE-2021-22314
    CVE漏洞
    CVE-2021-22314
    There is a local privilege escalation vulnerability in some versions of ManageOne. A local authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitati ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:52 | 阅读:21 | 回复:0
  • CVE-2021-22320
    CVE漏洞
    CVE-2021-22320
    There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages correctly. Attackers can exploit this vulnerability by sending malicious messages to an affec ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:52 | 阅读:24 | 回复:0
  • CVE-2021-22311
    CVE漏洞
    CVE-2021-22311
    There is an improper permission assignment vulnerability in Huawei ManageOne product. Due to improper security hardening, the process can run with a higher privilege. Successful exploit could allow ce ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:52 | 阅读:22 | 回复:0
  • CVE-2021-22310
    CVE漏洞
    CVE-2021-22310
    There is an information leakage vulnerability in some huawei products. Due to the properly storage of specific information in the log file, the attacker can obtain the information when a user logs in ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:52 | 阅读:27 | 回复:0
  • CVE-2021-26578
    CVE漏洞
    CVE-2021-26578
    A potential security vulnerability has been identified in HPE Network Orchestrator (NetO) version(s): Prior to 2.5. The vulnerability could be remotely exploited with SQL injection.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:52 | 阅读:38 | 回复:0
  • CVE-2021-25265
    CVE漏洞
    CVE-2021-25265
    A malicious website could execute code remotely in Sophos Connect Client before version 2.1.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:52 | 阅读:43 | 回复:0
  • CVE-2021-22309
    CVE漏洞
    CVE-2021-22309
    There is insecure algorithm vulnerability in Huawei products. A module uses less random input in a secure mechanism. Attackers can exploit this vulnerability by brute forcing to obtain sensitive messa ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:52 | 阅读:31 | 回复:0
  • CVE-2020-9213
    CVE漏洞
    CVE-2020-9213
    There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the improper handling of the packets, an attacker may craft many specific packets. Successful exploit ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:52 | 阅读:27 | 回复:0
  • CVE-2020-9212
    CVE漏洞
    CVE-2020-9212
    There is a vulnerability in some version of USG9500 that the device improperly handles the information when a user logs in to device. The attacker can exploit the vulnerability to perform some operati ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:52 | 阅读:37 | 回复:0
  • CVE-2021-27225
    CVE漏洞
    CVE-2021-27225
    In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users (who have coding permissions) to read and overwrite notebooks in projects that they are not a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:51 | 阅读:102 | 回复:0
  • CVE-2021-27132
    CVE漏洞
    CVE-2021-27132
    SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:51 | 阅读:74 | 回复:0
  • CVE-2021-3197
    CVE漏洞
    CVE-2021-3197
    An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an AP ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:51 | 阅读:47 | 回复:0
  • CVE-2021-3151
    CVE漏洞
    CVE-2021-3151
    i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:51 | 阅读:44 | 回复:0
  • CVE-2021-3148
    CVE漏洞
    CVE-2021-3148
    An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:51 | 阅读:39 | 回复:0
  • CVE-2021-3144
    CVE漏洞
    CVE-2021-3144
    In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:51 | 阅读:40 | 回复:0
  • CVE-2021-25284
    CVE漏洞
    CVE-2021-25284
    An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:51 | 阅读:38 | 回复:0
  • CVE-2021-25283
    CVE漏洞
    CVE-2021-25283
    An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:51 | 阅读:40 | 回复:0
  • CVE-2021-25282
    CVE漏洞
    CVE-2021-25282
    An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:51 | 阅读:48 | 回复:0
  • CVE-2021-25281
    CVE漏洞
    CVE-2021-25281
    An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the maste ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:51 | 阅读:41 | 回复:0
  • CVE-2020-35662
    CVE漏洞
    CVE-2020-35662
    In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:51 | 阅读:31 | 回复:0
  • CVE-2020-28972
    CVE漏洞
    CVE-2020-28972
    In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:51 | 阅读:27 | 回复:0
  • CVE-2020-28243
    CVE漏洞
    CVE-2020-28243
    An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by an ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:51 | 阅读:29 | 回复:0
  • CVE-2019-25023
    CVE漏洞
    CVE-2019-25023
    An issue was discovered in Scytl sVote 2.1. Because the IP address from an X-Forwarded-For header (which can be manipulated client-side) is used for the internal application logs, an attacker can inje ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:51 | 阅读:38 | 回复:0
  • CVE-2019-25022
    CVE漏洞
    CVE-2019-25022
    An issue was discovered in Scytl sVote 2.1. An attacker can inject code that gets executed by creating an election-event and injecting a payload over an event alias, because the application calls Runt ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:51 | 阅读:29 | 回复:0
  • CVE-2019-25021
    CVE漏洞
    CVE-2019-25021
    An issue was discovered in Scytl sVote 2.1. Due to the implementation of the database manager, an attacker can access the OrientDB by providing admin as the admin password. A different password cannot ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:51 | 阅读:29 | 回复:0
  • CVE-2019-25020
    CVE漏洞
    CVE-2019-25020
    An issue was discovered in Scytl sVote 2.1. Because the sdm-ws-rest API does not require authentication, an attacker can retrieve the administrative configuration by sending a POST request to the /sdm ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:51 | 阅读:20 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap