漏洞 - 第934页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2020-36192

An issue was discovered in the Source Integration plugin before 2.4.1 for MantisBT. An attacker can gain access to the Summary field of private Issues (either marked as Private, or part of a private P ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：32 | 回复：0
CVE漏洞

CVE-2020-7343

Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：36 | 回复：0
CVE漏洞

CVE-2020-28476

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-23336. Reason: This candidate is a reservation duplicate of CVE-2021-23336. Notes: All CVE users should reference CVE-2021-23336 ins ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：31 | 回复：0
CVE漏洞

CVE-2020-28473

The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-25178

An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A stack-based buffer overflow vulnerability exists when the recover operation is run with malformed .DXF and .DWG files. Th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-25177

An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Confusion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, pote ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-25176

An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-25175

An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Conversion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, pot ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-25174

An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potenti ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-25173

An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to ca ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-25295

OpenCATS through 0.9.5-3 has multiple Cross-site Scripting (XSS) issues.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-25294

OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity requests, leading to remote code execution. This occurs because lib/DataGrid.php calls unserialize for the parametersactivity:Activi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-3166

An issue was discovered on ASUS DSL-N14U-B1 1.1.2.3_805 devices. An attacker can upload arbitrary file content as a firmware update when the filename Settings_DSL-N14U-B1.trx is used. Once this file i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：27 | 回复：0
CVE漏洞

CVE-2020-29446

Affected versions of Atlassian Fisheye Crucible allow remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory. The affected versi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：38 | 回复：0
CVE漏洞

CVE-2020-15864

An issue was discovered in Quali CloudShell 9.3. An XSS vulnerability in the login page allows an attacker to craft a URL, with a constructor.constructor substring in the username field, that executes ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-3113

Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-3162

Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：26 | 回复：0
CVE漏洞

CVE-2020-25533

An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly va ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-21251

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3 there is a critical zip slip vulnerability. This issue may lead to arbitrary file write. The KubernetesResource REST endpoint un ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-21250

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which may lead to arbitrary file read. When BuildSpec is provided in XML format, the spec is ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：45 | 回复：0
CVE漏洞

CVE-2021-21249

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is an issue involving YAML parsing which can lead to post-auth remote code execution. In order to parse and process YAML ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-21248

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability involving the build endpoint parameters. InputSpec is used to define parameters of a Build sp ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-21247

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the application's BasePage registers an AJAX event listener (`AbstractPostAjaxBehavior`) in all pages other than the login ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-21246

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However f ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-21245

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.get ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-21242

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrus ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-21244

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, There is a vulnerability that enabled pre-auth server side template injection via Bean validation message tampering. Full detai ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：50 | 回复：0
CVE漏洞

CVE-2021-21243

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, a Kubernetes REST endpoint exposes two methods that deserialize untrusted data from the request body. These endpoints do not en ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：29 | 回复：0
CVE漏洞

CVE-2020-24641

In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through an unauthenticated endpoint that if successfully exploited can result in disclosure of sensitive infor ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：34 | 回复：0
CVE漏洞

CVE-2020-24640

There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：31 | 回复：0
CVE漏洞

CVE-2020-24639

There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：27 | 回复：0
CVE漏洞

CVE-2020-24638

Multiple authenticated remote command executions are possible in Airwave Glass before 1.3.3 via the glassadmin cli. These allow for a user with glassadmin privileges to execute arbitrary code as root ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-21237

Git LFS is a command line extension for managing large files with Git. On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program w ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-0223

A local privilege escalation vulnerability in telnetd.real of Juniper Networks Junos OS may allow a locally authenticated shell user to escalate privileges and execute arbitrary commands as root. teln ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-0222

A vulnerability in Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending certain crafted protocol packets from an adjacent device with invalid payloa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-0221

In an EVPN/VXLAN scenario, if an IRB interface with a virtual gateway address (VGA) is configured on a PE, a traffic loop may occur upon receipt of specific IP multicast traffic. The traffic loop will ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-0220

The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：45 | 回复：0
CVE漏洞

CVE-2021-0219

A command injection vulnerability in install package validation subsystem of Juniper Networks Junos OS that may allow a locally authenticated attacker with privileges to execute commands with root pri ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：57 | 回复：0
CVE漏洞

CVE-2021-0218

A command injection vulnerability in the license-check daemon of Juniper Networks Junos OS that may allow a locally authenticated attacker with low privileges to execute commands with root privilege. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：42 | 回复：0
CVE漏洞

CVE-2021-0217

A vulnerability in processing of certain DHCP packets from adjacent clients on EX Series and QFX Series switches running Juniper Networks Junos OS with DHCP local/relay server configured may lead to e ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：41 | 回复：0