漏洞 - 第918页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-3127

NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：43 | 回复：0
CVE漏洞

CVE-2021-28381

The vhs (aka VHS: Fluid ViewHelpers) extension before 5.1.1 for TYPO3 allows SQL injection via isLanguageViewHelper.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-28380

The aimeos (aka Aimeos shop and e-commerce framework) extension before 19.10.12 and 20.x before 20.10.5 for TYPO3 allows XSS via a backend user account.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-28295

Online Ordering System 1.0 is vulnerable to unauthenticated SQL injection through /onlineordering/GPST/admin/design.php, which may lead to database information disclosure.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-28294

Online Ordering System 1.0 is vulnerable to arbitrary file upload through /onlineordering/GPST/store/initiateorder.php, which may lead to remote code execution (RCE).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：33 | 回复：0
CVE漏洞

CVE-2020-28899

The Web CGI Script on ZyXEL LTE4506-M606 V1.00(ABDO.2)C0 devices does not require authentication, which allows remote unauthenticated attackers (via crafted JSON action data to /cgi-bin/gui.cgi) to us ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：45 | 回复：0
CVE漏洞

CVE-2021-27938

A vulnerability has been identified in the Silverstripe CMS 3 and 4 version of the symbiote/silverstripe-queuedjobs module. A Cross Site Scripting vulnerability allows an attacker to inject an arbitra ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：50 | 回复：0
CVE漏洞

CVE-2021-25916

Prototype pollution vulnerability in 'patchmerge' versions 1.0.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：60 | 回复：0
CVE漏洞

CVE-2021-22887

A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-28543

Varnish varnish-modules before 0.17.1 allows remote attackers to cause a denial of service (daemon restart) in some configurations. This does not affect organizations that only install the Varnish Cac ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：53 | 回复：0
CVE漏洞

CVE-2021-21193

Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：47 | 回复：0
CVE漏洞

CVE-2021-21192

Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：48 | 回复：0
CVE漏洞

CVE-2021-21191

Use after free in WebRTC in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：53 | 回复：0
CVE漏洞

CVE-2020-24264

Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. The restriction checks for bind mounts are applied only on the client-side and no ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：53 | 回复：0
CVE漏洞

CVE-2020-24263

Portainer 1.24.1 and earlier is affected by an insecure permissions vulnerability that may lead to remote arbitrary code execution. A non-admin user is allowed to spawn new containers with critical ca ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：45 | 回复：0
CVE漏洞

CVE-2020-4891

IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 uses an inadequate account lockout setting that could allow a local user er to brute force Rest API account credentials. IBM X-Force ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：43 | 回复：0
CVE漏洞

CVE-2020-4890

IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user with a valid role to the REST API to cause a denial of service due to weak or absense of rate limiting. IBM ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：44 | 回复：0
CVE漏洞

CVE-2020-4851

IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190450.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：49 | 回复：0
CVE漏洞

CVE-2020-1926

Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：45 | 回复：0
CVE漏洞

CVE-2021-27230

ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save() to write to an _lang.php file under the system/user/langu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：60 | 回复：0
CVE漏洞

CVE-2021-3418

If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：44 | 回复：0
CVE漏洞

CVE-2021-26987

Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Re ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-24029

A packet of death scenario is possible in mvfst via a specially crafted message during a QUIC session, which causes a crash via a failed assertion. Per QUIC specification, this particular message shou ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-20283

The web service responsible for fetching other users' enrolled courses did not validate that the requesting user had permission to view that information in each course in moodle before 3.10.2, 3.9 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-20282

When creating a user account, it was possible to verify the account without having access to the verification email link/secret in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：49 | 回复：0
CVE漏洞

CVE-2021-20281

It was possible for some users without permission to view other users' full names to do so via the online users block in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：47 | 回复：0
CVE漏洞

CVE-2021-20280

Text-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：59 | 回复：0
CVE漏洞

CVE-2021-20279

The ID number user profile field required additional sanitizing to prevent a stored XSS risk in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：42 | 回复：0
CVE漏洞

CVE-2020-27290

In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an information disclosure vulnerability in the ventilator allows attackers with physical access to the configuration interface's log ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：42 | 回复：0
CVE漏洞

CVE-2020-27282

In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an XML validation vulnerability in the ventilator allows privileged attackers with physical access to render the device persistently unu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：38 | 回复：0
CVE漏洞

CVE-2020-27278

In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, hard-coded credentials in the ventilator allow attackers with physical access to obtain admin privileges for the device’s configuration ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：37 | 回复：0
CVE漏洞

CVE-2021-3150

A cross-site scripting (XSS) vulnerability on the Delete Personal Data page in Cryptshare Server before 4.8.0 allows an attacker to inject arbitrary web script or HTML via the user name. The issue is ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：37 | 回复：0
CVE漏洞

CVE-2021-23879

Unquoted service path vulnerability in McAfee Endpoint Product Removal (EPR) Tool prior to 21.2 allows local administrators to execute arbitrary code, with higher-level privileges, via execution from ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：57 | 回复：0
CVE漏洞

CVE-2020-29553

The Scheduler in Grav CMS through 1.7.0-rc.17 allows an attacker to execute a system command by tricking an admin into visiting a malicious website (CSRF).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：66 | 回复：0
CVE漏洞

CVE-2021-28363

The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn&#39 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：47 | 回复：0
CVE漏洞

CVE-2021-27949

Cross-site Scripting vulnerability in MyBB before 1.8.26 via Custom moderator tools.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：51 | 回复：0
CVE漏洞

CVE-2021-27948

SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. (issue 3 of 3).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：61 | 回复：0
CVE漏洞

CVE-2021-27947

SQL Injection vulnerability in MyBB before 1.8.26 via the Copy Forum feature in Forum Management. (issue 2 of 3).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：50 | 回复：0
CVE漏洞

CVE-2021-27946

SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. (issue 1 of 3).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：49 | 回复：0
CVE漏洞

CVE-2021-27890

SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：49 | 回复：0