漏洞 - 第949页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-21510

Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ he ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：43 | 回复：0
CVE漏洞

CVE-2021-21506

PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in its API handler. An un-authtenticated with ISI_PRIV_SYS_SUPPORT and ISI_PRIV_LOGIN_PAPI privileges could potenti ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-21503

PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in a command. The Compadmin user could potentially exploit this vulnerability, leading to potential privileges esca ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：51 | 回复：0
CVE漏洞

CVE-2020-27838

A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：56 | 回复：0
CVE漏洞

CVE-2020-27576

Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site scripting (XSS). Users are able to create folders in the web application. The folder name is insufficiently validated resulting in a stored cro ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：52 | 回复：0
CVE漏洞

CVE-2020-27575

Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. The web administration contains functionality in which administrators are able to manage users. The edit users form con ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：60 | 回复：0
CVE漏洞

CVE-2021-22134

A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. Get requests do not properly apply security permissions when ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：59 | 回复：0
CVE漏洞

CVE-2021-21337

Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an open redirect vulnerability. A malicious ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：61 | 回复：0
CVE漏洞

CVE-2021-21336

Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an information disclosure vulnerability - e ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：50 | 回复：0
CVE漏洞

CVE-2021-21335

In the SPNEGO HTTP Authentication Module for nginx (spnego-http-auth-nginx-module) before version 1.1.1 basic Authentication can be bypassed using a malformed username. This affects users of spnego-ht ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：56 | 回复：0
CVE漏洞

CVE-2020-27574

Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site request forgery (CSRF). If an authenticated user visits a malicious page, unintended actions could be performed in the web application as the a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：46 | 回复：0
CVE漏洞

CVE-2021-21362

MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-04T00-53-13Z it is possible to by ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：47 | 回复：0
CVE漏洞

CVE-2021-21354

Pollbot is open source software which frees its human masters from the toilsome task of polling for the state of things during the Firefox release process. In Pollbot before version 1.4.4 there is an ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-21329

RATCF is an open-source framework for hosting Cyber-Security Capture the Flag events. In affected versions of RATCF users with multi factor authentication enabled are able to log in without a valid to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：40 | 回复：0
CVE漏洞

CVE-2020-5014

IBM DataPower Gateway V10 and V2018 could allow a local attacker with administrative privileges to execute arbitrary code on the system using a server-side requesr forgery attack. IBM X-Force ID: 1932 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：53 | 回复：0
CVE漏洞

CVE-2020-4903

IBM API Connect V10 and V2018 could allow an attacker who has intercepted a registration invitation link to impersonate the registered user or obtain sensitive information. IBM X-Force ID: 191105.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：44 | 回复：0
CVE漏洞

CVE-2020-4695

IBM API Connect V10 is impacted by insecure communications during database replication. As the data replication happens over insecure communication channels, an attacker can view unencrypted data lead ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-21327

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 non-authenticated user c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：68 | 回复：0
CVE漏洞

CVE-2021-21326

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 it is possible to create ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：64 | 回复：0
CVE漏洞

CVE-2021-21325

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 a new budget type can be ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：58 | 回复：0
CVE漏洞

CVE-2021-21324

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 there is an Insecure Dir ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：46 | 回复：0
CVE漏洞

CVE-2020-27817

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：51 | 回复：0
CVE漏洞

CVE-2021-27222

In the Time in Status app before 4.13.0 for Jira, remote authenticated attackers can cause Stored XSS.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：32 | 回复：0
CVE漏洞

CVE-2020-23967

Dr.Web Security Space versions 11 and 12 allow elevation of privilege for local users without administrative privileges to NT AUTHORITY\SYSTEM due to insufficient control during autoupdate.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：48 | 回复：0
CVE漏洞

CVE-2021-26788

Oryx Embedded CycloneTCP 1.7.6 to 2.0.0, fixed in 2.0.2, is affected by incorrect input validation, which may cause a denial of service (DoS). To exploit the vulnerability, an attacker needs to have T ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：46 | 回复：0
CVE漏洞

CVE-2021-23351

The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service (DoS) via the parseVersion1() function. The reader in this package is a default bufio.Reader wrapping a net. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：80 | 回复：0
CVE漏洞

CVE-2009-20001

An issue was discovered in MantisBT before 2.24.5. It associates a unique cookie string with each user. This string is not reset upon logout (i.e., the user session is still considered valid and activ ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：40 | 回复：0
CVE漏洞

CVE-2020-28466

This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs that represent a service export/import cycles. Disclaimer from ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：41 | 回复：0
CVE漏洞

CVE-2021-27365

An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：45 | 回复：0
CVE漏洞

CVE-2013-20001

An issue was discovered in OpenZFS through 2.0.3. When an NFS share is exported to IPv6 addresses via the sharenfs feature, there is a silent failure to parse the IPv6 address data, and access is allo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-22985

On BIG-IP APM version 16.0.x before 16.0.1.1, under certain conditions, when processing VPN traffic with APM, TMM consumes excessive memory. A malicious, authenticated VPN user may abuse this to perfo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-22983

On BIG-IP AFM version 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.5, authenticated users accessing the Configuration utility for AFM are vulnerable to a cross-site scripting ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-22982

On BIG-IP DNS and GTM version 13.1.x before 13.1.0.4, and all versions of 12.1.x and 11.6.x, big3d does not securely handle and parse certain payloads resulting in a buffer overflow. Note: Software ve ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-22981

On all versions of BIG-IP 12.1.x and 11.6.x, the original TLS protocol includes a weakness in the master secret negotiation that is mitigated by the Extended Master Secret (EMS) extension defined in R ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-22980

In Edge Client version 7.2.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, and 7.1.x-7.1.8.x before 7.1.8.5, an untrusted search path vulnerability in the BIG-IP APM Client Troubleshooting Utility (CTU) for ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-22979

On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.2.8, 13.1.x before 13.1.3.5, and all 12.1.x versions, a reflected Cross-Site Scripting (XSS) vulnerability exists in an ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-22976

On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and all 12.1.x versions, when the BIG-IP ASM system processes WebSo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-22975

On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, and 14.1.x before 14.1.3.1, under some circumstances, Traffic Management Microkernel (TMM) may restart on the BIG-IP system while pass ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-22974

On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6 and all versions of BIG-IQ 7.x and 6.x, an authenticated attacker with access to iCon ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-22973

On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x versions, JSON parser function does not protect against out-of-bounds mem ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：27 | 回复：0