漏洞 - 第940页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-23835

An issue was discovered in flatCore before 2.0.0 build 139. A local file disclosure vulnerability was identified in the docs_file HTTP request body parameter for the acp interface. This can be exploit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：31 | 回复：0
CVE漏洞

CVE-2020-35582

A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/post.php request with the post_tit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：27 | 回复：0
CVE漏洞

CVE-2020-35581

A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/admin-ajax.php request with the me ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：63 | 回复：0
CVE漏洞

CVE-2020-27220

The Eclipse Hono AMQP and MQTT protocol adapters do not check whether an authenticated gateway device is authorized to receive command control messages when it has subscribed only to commands for a s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：42 | 回复：0
CVE漏洞

CVE-2020-27219

In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 (Not Found) JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：41 | 回复：0
CVE漏洞

CVE-2020-6572

Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：32 | 回复：0
CVE漏洞

CVE-2020-29495

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, le ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：32 | 回复：0
CVE漏洞

CVE-2020-29494

Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：20 | 回复：0
CVE漏洞

CVE-2020-29493

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：25 | 回复：0
CVE漏洞

CVE-2020-16046

Script injection in iOSWeb in Google Chrome on iOS prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：24 | 回复：0
CVE漏洞

CVE-2020-16045

Use after Free in Payments in Google Chrome on Android prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HT ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-22132

Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Users who execute an async search will improperly store the HTTP headers. An Elasticsearch user w ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-21261

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. A bug was discovered in the `flatpak-portal` service that can allow sandboxed applications to execu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-21722

A ZTE Smart STB is impacted by an information leak vulnerability. The device did not fully verify the log, so attackers could use this vulnerability to obtain sensitive user information for further in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：27 | 回复：0
CVE漏洞

CVE-2020-6777

A vulnerability in the web-based management interface of Bosch PRAESIDEO until and including version 4.41 and Bosch PRAESENSA until and including version 1.10 allows an authenticated remote attacker w ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：28 | 回复：0
CVE漏洞

CVE-2020-6776

A vulnerability in the web-based management interface of Bosch PRAESIDEO until and including version 4.41 and Bosch PRAESENSA until and including version 1.10 allows an unauthenticated remote attacker ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：31 | 回复：0
CVE漏洞

CVE-2020-29587

SimplCommerce 1.0.0-rc uses the Bootbox.js library, which allows creation of programmatic dialog boxes using Bootstrap modals. The Bootbox.js library intentionally does not perform any sanitization of ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：58 | 回复：0
CVE漏洞

CVE-2020-29019

A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow a remote, unauthenticated attacker to crash the httpd daemon thread by sending a request ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：45 | 回复：0
CVE漏洞

CVE-2020-29018

A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：43 | 回复：0
CVE漏洞

CVE-2020-29017

An OS command injection vulnerability in FortiDeceptor 3.1.0, 3.0.1, 3.0.0 may allow a remote authenticated attacker to execute arbitrary commands on the system by exploiting a command injection vulne ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：39 | 回复：0
CVE漏洞

CVE-2020-29016

A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4 may allow an unauthenticated, remote attacker to overwrite the content of the stack and potentially ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：44 | 回复：0
CVE漏洞

CVE-2020-29015

A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sendi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：22 | 回复：0
CVE漏洞

CVE-2020-27368

Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /icons/ directories via GET Parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：25 | 回复：0
CVE漏洞

CVE-2020-26733

Cross Site Scripting (XSS) in Configuration page in SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 allows authenticated attacker to inject their own script into the page via DDNS ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：32 | 回复：0
CVE漏洞

CVE-2020-26732

Skyworth GN542VF Boa version 0.94.13 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its tran ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：53 | 回复：0
CVE漏洞

CVE-2021-24122

When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to J ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：52 | 回复：0
CVE漏洞

CVE-2021-23926

The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion atta ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：47 | 回复：0
CVE漏洞

CVE-2020-28470

This affects the package @scullyio/scully before 1.0.9. The transfer state is serialised with the JSON.stringify() function and then written into the HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：41 | 回复：0
CVE漏洞

CVE-2021-20618

Privilege chaining vulnerability in acmailer ver. 4.0.2 and earlier, and acmailer DB ver. 1.1.4 and earlier allows remote attackers to bypass authentication and to gain an administrative privilege whi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：55 | 回复：0
CVE漏洞

CVE-2021-20617

Improper access control vulnerability in acmailer ver. 4.0.1 and earlier, and acmailer DB ver. 1.1.3 and earlier allows remote attackers to execute an arbitrary OS command, or gain an administrative p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：43 | 回复：0
CVE漏洞

CVE-2021-3138

In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：39 | 回复：0
CVE漏洞

CVE-2020-16119

Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：36 | 回复：0
CVE漏洞

CVE-2020-27267

KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：31 | 回复：0
CVE漏洞

CVE-2020-27265

KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：42 | 回复：0
CVE漏洞

CVE-2020-27263

KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：47 | 回复：0
CVE漏洞

CVE-2021-21013

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Successful exploitatio ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：59 | 回复：0
CVE漏洞

CVE-2021-21012

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the checkout module. Successful exploitation co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-21011

Adobe Captivate 2019 version 11.5.1.499 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. An attacker with permissions to write to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：37 | 回复：0
CVE漏洞

CVE-2021-21010

InCopy version 15.1.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：45 | 回复：0
CVE漏洞

CVE-2021-21009

Adobe Campaign Classic Gold Standard 10 (and earlier), 20.3.1 (and earlier), 20.2.3 (and earlier), 20.1.3 (and earlier), 19.2.3 (and earlier) and 19.1.7 (and earlier) are affected by a server-side req ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：45 | 回复：0