漏洞 - 第988页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-20016

A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. Th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：83 | 回复：0
CVE漏洞

CVE-2021-3401

Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformpluginpath argument to the bitcoin-qt program, as demonstrated b ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：60 | 回复：0
CVE漏洞

CVE-2021-26024

The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：70 | 回复：0
CVE漏洞

CVE-2021-26023

The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to XSS.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：71 | 回复：0
CVE漏洞

CVE-2020-9390

SquaredUp allowed Stored XSS before version 4.6.0. A user was able to create a dashboard that executed malicious content in iframe or by uploading an SVG that contained a script.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：62 | 回复：0
CVE漏洞

CVE-2020-9389

A username enumeration issue was discovered in SquaredUp before version 4.6.0. The login functionality was implemented in a way that would enable a malicious user to guess valid username due to a diff ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：72 | 回复：0
CVE漏洞

CVE-2020-9388

CSRF protection was not present in SquaredUp before version 4.6.0. A CSRF attack could have been possible by an administrator executing arbitrary code in a HTML dashboard tile via a crafted HTML page, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：54 | 回复：0
CVE漏洞

CVE-2021-23331

This affects all versions of package com.squareup:connect. The method prepareDownloadFilecreates creates a temporary file with the permissions bits of -rw-r--r-- on unix-like systems. On unix-like sys ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：58 | 回复：0
CVE漏洞

CVE-2020-8589

Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the names of other Storage Virtual Machines (SVMs) a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：56 | 回复：0
CVE漏洞

CVE-2020-8588

Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the existence of data on other Storage Virtual Machi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：76 | 回复：0
CVE漏洞

CVE-2020-18724

Authenticated stored cross-site scripting (XSS) in the contact name field in the distribution list of MDaemon webmail 19.5.5 allows an attacker to executes code and perform a XSS attack while opening ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：72 | 回复：0
CVE漏洞

CVE-2020-18723

Stored cross-site scripting (XSS) in file attachment field in MDaemon webmail 19.5.5 allows an attacker to execute code on the email recipient side while forwarding an email to perform potentially mal ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：56 | 回复：0
CVE漏洞

CVE-2019-16268

Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML injection via the Description field on the Admin - User Administration userMgmt.do?actionToCall=ShowUser screen.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：67 | 回复：0
CVE漏洞

CVE-2021-25276

In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files (that include users' password hashes) that is world readable and writable. An unprivileged Windows u ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：54 | 回复：0
CVE漏洞

CVE-2021-25275

SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：73 | 回复：0
CVE漏洞

CVE-2021-25274

The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues. As a result, remote unauthenticated client ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：80 | 回复：0
CVE漏洞

CVE-2020-8294

A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows execution of a stored XSS attack using Internet Explorer when saving a 'javascript:' URL in markdown format. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：73 | 回复：0
CVE漏洞

CVE-2020-25857

The function ClientEAPOLKeyRecvd() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() ope ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：49 | 回复：0
CVE漏洞

CVE-2020-25856

The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operatio ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：59 | 回复：0
CVE漏洞

CVE-2020-25855

The function AES_UnWRAP() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for a memcpy() operation, result ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：73 | 回复：0
CVE漏洞

CVE-2020-25854

The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, rt ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：66 | 回复：0
CVE漏洞

CVE-2020-25853

The function CheckMic() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, _rt_md5_ ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：70 | 回复：0
CVE漏洞

CVE-2020-17523

Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：74 | 回复：0
CVE漏洞

CVE-2020-17516

Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internode_encryption setting, allows both encrypted and une ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：54 | 回复：0
CVE漏洞

CVE-2021-25778

In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：62 | 回复：0
CVE漏洞

CVE-2021-25777

In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：74 | 回复：0
CVE漏洞

CVE-2021-25776

In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：79 | 回复：0
CVE漏洞

CVE-2021-25775

In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for any other users.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：85 | 回复：0
CVE漏洞

CVE-2021-25774

In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：69 | 回复：0
CVE漏洞

CVE-2021-25773

JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several pages.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：62 | 回复：0
CVE漏洞

CVE-2021-25772

In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible via server integration.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：61 | 回复：0
CVE漏洞

CVE-2021-25771

In JetBrains YouTrack before 2020.6.1099, project information could be potentially disclosed.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：54 | 回复：0
CVE漏洞

CVE-2021-25770

In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：67 | 回复：0
CVE漏洞

CVE-2021-25769

In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn't able to access attachments.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：64 | 回复：0
CVE漏洞

CVE-2021-25768

In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperly.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：75 | 回复：0
CVE漏洞

CVE-2021-25767

In JetBrains YouTrack before 2020.6.1767, an issue's existence could be disclosed via YouTrack command execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：83 | 回复：0
CVE漏洞

CVE-2021-25766

In JetBrains YouTrack before 2020.4.4701, improper resource access checks were made.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：57 | 回复：0
CVE漏洞

CVE-2021-25765

In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload was possible.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：70 | 回复：0
CVE漏洞

CVE-2021-25763

In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：68 | 回复：0
CVE漏洞

CVE-2020-26773

Restaurant Reservation System 1.0 suffers from an authenticated SQL injection vulnerability, which allows a remote, authenticated attacker to execute arbitrary SQL commands via the date parameter in i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：71 | 回复：0