漏洞 - 第974页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-26916

In nopCommerce 4.30, a Reflected XSS issue in the Discount Coupon component allows remote attackers to inject arbitrary web script or HTML through the Filters/CheckDiscountCouponAttribute.cs discountc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：57 | 回复：0
CVE漏洞

CVE-2021-26915

NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in webrepdb StatusServlet.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-26914

NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in MvcUtil valueStringToObject.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：44 | 回复：0
CVE漏洞

CVE-2021-26913

NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in RpcServlet.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：44 | 回复：0
CVE漏洞

CVE-2021-26912

NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in SupportRpcServlet.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：46 | 回复：0
CVE漏洞

CVE-2021-25913

Prototype pollution vulnerability in 'set-or-get' version 1.0.0 through 1.2.10 allows an attacker to cause a denial of service and may lead to remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-22502

Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR serv ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：48 | 回复：0
CVE漏洞

CVE-2021-21306

Marked is an open-source markdown parser and compiler (npm package marked). In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. This v ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：38 | 回复：0
CVE漏洞

CVE-2020-8590

Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private- ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：39 | 回复：0
CVE漏洞

CVE-2020-8587

OnCommand System Manager 9.x versions prior to 9.3P20 and 9.4 prior to 9.4P3 are susceptible to a vulnerability that could allow HTTP clients to cache sensitive responses making them accessible to an ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：42 | 回复：0
CVE漏洞

CVE-2020-8578

Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parame ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：53 | 回复：0
CVE漏洞

CVE-2020-13947

An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：50 | 回复：0
CVE漏洞

CVE-2021-26576

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so uploadsshkey function.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：57 | 回复：0
CVE漏洞

CVE-2020-13116

OpenText Carbonite Server Backup Portal before 8.8.7 allows XSS by an authenticated user via policy creation.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：106 | 回复：0
CVE漏洞

CVE-2020-27148

The TIBCO EBX Add-on for Oracle Hyperion EPM, TIBCO EBX Data Exchange Add-on, and TIBCO EBX Insight Add-on components of TIBCO Software Inc.'s TIBCO EBX Add-ons contain a vulnerability that theore ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：83 | 回复：0
CVE漏洞

CVE-2021-3129

Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents() ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：68 | 回复：0
CVE漏洞

CVE-2021-21471

In CLA-Assistant, versions before 2.8.5, due to improper access control an authenticated user could access API endpoints which are not intended to be used by the user. This could impact the integrity ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：93 | 回复：0
CVE漏洞

CVE-2021-21470

SAP EPM Add-in for Microsoft Office, version - 1010 and SAP EPM Add-in for SAP Analysis Office, version - 2.8, allows an authenticated attacker with user privileges to parse malicious XML files which ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：74 | 回复：0
CVE漏洞

CVE-2021-21469

When security guidelines for SAP NetWeaver Master Data Management running on windows have not been thoroughly reviewed, it might be possible for an external operator to try and set custom paths in the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：75 | 回复：0
CVE漏洞

CVE-2021-21468

The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows the user to practically read out any database tab ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：78 | 回复：0
CVE漏洞

CVE-2021-21467

SAP Banking Services (Generic Market Data) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. An unauthorized User is allowed to display ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：91 | 回复：0
CVE漏洞

CVE-2021-21466

SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200, allow a low privileged attacker to inject code using a remote enabled function module ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：82 | 回复：0
CVE漏洞

CVE-2021-21465

The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the databa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：79 | 回复：0
CVE漏洞

CVE-2021-21464

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailab ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：72 | 回复：0
CVE漏洞

CVE-2021-21463

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailab ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：75 | 回复：0
CVE漏洞

CVE-2021-21462

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailab ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：88 | 回复：0
CVE漏洞

CVE-2021-21461

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailab ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：83 | 回复：0
CVE漏洞

CVE-2021-21460

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received from untrusted sources which results in crashing of the application and becoming temporarily unavailab ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：85 | 回复：0
CVE漏洞

CVE-2021-21459

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailab ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：78 | 回复：0
CVE漏洞

CVE-2021-21458

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailab ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：82 | 回复：0
CVE漏洞

CVE-2021-21457

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailab ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：95 | 回复：0
CVE漏洞

CVE-2021-21456

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received from untrusted sources which results in crashing of the application and becoming temporarily unavailab ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：100 | 回复：0
CVE漏洞

CVE-2021-21455

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received from untrusted sources which results in crashing of the application and becoming temporarily unavailab ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：93 | 回复：0
CVE漏洞

CVE-2021-21454

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RLE file received from untrusted sources which results in crashing of the application and becoming temporarily unavailab ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：100 | 回复：0
CVE漏洞

CVE-2021-21453

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RLE file received from untrusted sources which results in crashing of the application and becoming temporarily unavailab ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：107 | 回复：0
CVE漏洞

CVE-2021-21452

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailab ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：86 | 回复：0
CVE漏洞

CVE-2021-21451

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SGI file received from untrusted sources which results in crashing of the application and becoming temporarily unavailab ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：93 | 回复：0
CVE漏洞

CVE-2021-21450

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PSD file received from untrusted sources which results in crashing of the application and becoming temporarily unavailab ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：81 | 回复：0
CVE漏洞

CVE-2021-21449

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailab ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：69 | 回复：0
CVE漏洞

CVE-2021-21448

SAP GUI for Windows, version - 7.60, allows an attacker to spoof logon credentials for Application Server ABAP backend systems in the client PCs memory. Under certain conditions the attacker can acces ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：79 | 回复：0