漏洞 - 第979页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-26575

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a path traversal vulnerability in libifc.so webdeletesolvideofile function.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：48 | 回复：0
CVE漏洞

CVE-2021-26574

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a path traversal vulnerability in libifc.so webdeletevideofile function.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：69 | 回复：0
CVE漏洞

CVE-2021-26573

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgeneratesslcfg function.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：58 | 回复：0
CVE漏洞

CVE-2021-25172

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so websetdefaultlangcfg function.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：49 | 回复：0
CVE漏洞

CVE-2021-21305

CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1, there is a code injection vulnera ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：55 | 回复：0
CVE漏洞

CVE-2021-21290

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers clients. In Netty before version 4.1.59.Final ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：61 | 回复：0
CVE漏洞

CVE-2021-21288

CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1 the download feature has an SSRF v ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：73 | 回复：0
CVE漏洞

CVE-2021-21240

httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of \xa0 characters in the www-authenticate header may ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：48 | 回复：0
CVE漏洞

CVE-2021-26572

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgetactivexcfg function.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：46 | 回复：0
CVE漏洞

CVE-2021-26571

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgetactivexcfg function.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-26570

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webifc_setadconfig function.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：54 | 回复：0
CVE漏洞

CVE-2021-25171

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetlicensecfg function.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：49 | 回复：0
CVE漏洞

CVE-2021-25170

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetremoteimageinfo function.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：49 | 回复：0
CVE漏洞

CVE-2021-25169

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetservicecfg function.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：44 | 回复：0
CVE漏洞

CVE-2021-25168

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webupdatecomponent function.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：58 | 回复：0
CVE漏洞

CVE-2020-7786

This affects all versions of package macfromip. The injection point is located in line 66 in macfromip.js.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：60 | 回复：0
CVE漏洞

CVE-2020-7785

This affects all versions of package node-ps. The injection point is located in line 72 in lib/index.js.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：29 | 回复：0
CVE漏洞

CVE-2020-7782

This affects all versions of package spritesheet-js. It depends on a vulnerable package platform-command. The injection point is located in line 32 in lib/generator.js, which is triggered by main entr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：46 | 回复：0
CVE漏洞

CVE-2021-25837

Cosmos Network Ethermint = v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. Due to the inconsistency between the Storage caching cycle and the Tx processing cycle, Storage change ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：46 | 回复：0
CVE漏洞

CVE-2021-25836

Cosmos Network Ethermint = v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. The bytecode set in a FAILED transaction wrongfully remains in memory(stateObject.code) and is further ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：76 | 回复：0
CVE漏洞

CVE-2021-25835

Cosmos Network Ethermint = v0.4.0 is affected by a cross-chain transaction replay vulnerability in the EVM module. Since ethermint uses the same chainIDEpoch and signature schemes with ethereum for co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：58 | 回复：0
CVE漏洞

CVE-2021-25834

Cosmos Network Ethermint = v0.4.0 is affected by a transaction replay vulnerability in the EVM module. If the victim sends a very large nonce transaction, the attacker can replay the transaction throu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：54 | 回复：0
CVE漏洞

CVE-2021-25142

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webstartflash function.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：47 | 回复：0
CVE漏洞

CVE-2021-21304

Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dynamoose from version 2.0.0 and before version 2.7.0 there was a prototype pollution vulnerability in the internal utility meth ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：60 | 回复：0
CVE漏洞

CVE-2021-26541

The gitlog function in src/index.ts in gitlog before 4.0.4 has a command injection vulnerability.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：46 | 回复：0
CVE漏洞

CVE-2021-26540

Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the allowedIframeHostnames option when the allowIframeRelativeUrls is set to true, which allows attac ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：46 | 回复：0
CVE漏洞

CVE-2021-26539

Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname whitelist validation set by the allowed ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：51 | 回复：0
CVE漏洞

CVE-2021-22122

An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a reflect ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：37 | 回复：0
CVE漏洞

CVE-2020-6649

An insufficient session expiration vulnerability in FortiNet's FortiIsolator version 2.0.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：45 | 回复：0
CVE漏洞

CVE-2021-3293

emlog v5.3.1 has full path disclosure vulnerability in t/index.php, which allows an attacker to see the path to the webroot/file.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：59 | 回复：0
CVE漏洞

CVE-2021-26826

A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be loca ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-26825

An integer overflow issue exists in Godot Engine up to v3.2 that can be triggered when loading specially crafted.TGA image files. The vulnerability exists in ImageLoaderTGA::load_image() function at l ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：52 | 回复：0
CVE漏洞

CVE-2021-20359

IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 - Business Automation Application Designer Component stores potentially sensitive information in log files that could be obtained by an unauthorized u ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：37 | 回复：0
CVE漏洞

CVE-2021-20358

IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially sensitive information in clear text in API connection log files. This information could be obtained by a user with permissions to r ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：53 | 回复：0
CVE漏洞

CVE-2020-16629

PhpOK 5.4.137 contains a SQL injection vulnerability that can inject an attachment data through SQL, and then call the attachment replacement function through api.php to write a PHP file to the target ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：48 | 回复：0
CVE漏洞

CVE-2020-26052

Online Marriage Registration System 1.0 is affected by stored cross-site scripting (XSS) vulnerabilities in multiple parameters.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：37 | 回复：0
CVE漏洞

CVE-2020-26051

College Management System Php 1.0 suffers from SQL injection vulnerabilities in the index.php page from POST parameters 'unametxt' and 'pwdtxt', which are not filtered before passing a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-21436

Agents are able to see and link Config Items without permissions, which are defined in General Catalog. This issue affects: OTRS AG OTRSCIsInCustomerFrontend 7.0.x version 7.0.14 and prior versions.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：56 | 回复：0
CVE漏洞

CVE-2021-21435

Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface. This issue affects: OTRS AG OTRS 7.0.x version 7.0.23 and prior versions; 8.0. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：43 | 回复：0
CVE漏洞

CVE-2021-21434

Survey administrator can craft a survey in such way that malicious code can be executed in the agent interface (i.e. another agent who wants to make changes in the survey). This issue affects: OTRS AG ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：41 | 回复：0