• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    公众号

CVE漏洞

RSS
  • CVE-2021-46201
    CVE-2021-46201
    An SQL Injection vulnerability exists in Sourcecodester Online Resort Management System 1.0 via the id parameterv in /orms/ node.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:25 | 回复:0
  • CVE-2021-46307
    CVE-2021-46307
    An SQL Injection vulnerability exists in Projectworlds Online Examination System 1.0 via the eid parameter in account.php.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:24 | 回复:0
  • CVE-2022-23220
    CVE-2022-23220
    USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain Polkit settings (e.g., allow_any=yes) for pkexec disable the authenticat ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:25 | 回复:0
  • CVE-2021-46308
    CVE-2021-46308
    An SQL Injection vulnerability exists in Sourcecodester Online Railway Reservation Sysytem 1.0 via the sid parameter.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:28 | 回复:0
  • CVE-2021-46309
    CVE-2021-46309
    An SQL Injection vulnerability exists in Sourcecodester Employee and Visitor Gate Pass Logging System 1.0 via the username parameter.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:21 | 回复:0
  • CVE-2020-4875
    CVE-2020-4875
    IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose s ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:24 | 回复:0
  • CVE-2020-4876
    CVE-2020-4876
    IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose s ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:25 | 回复:0
  • CVE-2020-4877
    CVE-2020-4877
    IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized modifications by using public fields in public classes. IBM X-Force ID: 190843.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:26 | 回复:0
  • CVE-2020-4879
    CVE-2020-4879
    IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies. IBM X-Force ID: 190847.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:27 | 回复:0
  • CVE-2021-4016
    CVE-2021-4016
    Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. An attacker can access, read and copy any of ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:26 | 回复:0
  • CVE-2022-0323
    CVE-2022-0323
    Improper Neutralization of Special Elements Used in a Template Engine in Packagist mustache/mustache prior to 2.14.1.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:25 | 回复:0
  • CVE-2021-23195
    CVE-2021-23195
    Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 has the option for automated indexing (directory listing) activated. When accessing a directory, a web server delivers its ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:22 | 回复:0
  • CVE-2021-23196
    CVE-2021-23196
    The web application on Agilia Link+ version 3.0 implements authentication and session management mechanisms exclusively on the client-side and does not protect authentication attributes sufficiently.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:25 | 回复:0
  • CVE-2021-23207
    CVE-2021-23207
    An attacker with physical access to the host can extract the secrets from the registry and create valid JWT tokens for the Fresenius Kabi Vigilant MasterMed version 2.0.1.3 application and impersonate ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:28 | 回复:0
  • CVE-2021-23233
    CVE-2021-23233
    Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can be accessed without any authentication information such as the session cookie. An attacker can send requests to sensitive endpoint ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:31 | 回复:0
  • CVE-2021-23236
    CVE-2021-23236
    Requests may be used to interrupt the normal operation of the device. When exploited, Fresenius Kabi Agilia Link+ version 3.0 must be rebooted via a hard reset triggered by pressing a button on the ra ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:26 | 回复:0
  • CVE-2021-31562
    CVE-2021-31562
    The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0 has serious deficiencies that may allow an attacker to compromise SSL/TLS sessions in different ways. An attacker may be able to e ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:29 | 回复:0
  • CVE-2021-33843
    CVE-2021-33843
    Fresenius Kabi Agilia SP MC WiFi vD25 and prior has a default configuration page accessible without authentication. An attacker may use this functionality to change the exposed configuration values su ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:31 | 回复:0
  • CVE-2021-33846
    CVE-2021-33846
    Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 issues authentication tokens to authenticated users that are signed with a symmetric encryption key. An attacker in possess ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:29 | 回复:0
  • CVE-2021-33848
    CVE-2021-33848
    Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 is vulnerable to reflected cross-site scripting attacks. An attacker could inject JavaScript in a GET parameter of HTTP req ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:33 | 回复:0
  • CVE-2021-33966
    CVE-2021-33966
    Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows authenticated attackers to execute arbitrary code via crafted GET request to the login page.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:44 | 回复:0
  • CVE-2021-40247
    CVE-2021-40247
    SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:45 | 回复:0
  • CVE-2021-41835
    CVE-2021-41835
    Fresenius Kabi Agilia Link + version 3.0 does not enforce transport layer encryption. Therefore, transmitted data may be sent in cleartext. Transport layer encryption is offered on Port TCP/443, but t ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:36 | 回复:0
  • CVE-2021-43355
    CVE-2021-43355
    Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 allows user input to be validated on the client side without authentication by the server. The server should not rely on th ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:43 | 回复:0
  • CVE-2021-44464
    CVE-2021-44464
    Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 contains service credentials likely to be common across all instances. An attacker in possession of the password may gain privileges on al ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:45 | 回复:0
  • CVE-2021-44593
    CVE-2021-44593
    Simple College Website 1.0 is vulnerable to unauthenticated file upload remote code execution via UNION-based SQL injection in the username parameter on /admin/login.php.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:46 | 回复:0
  • CVE-2021-4001
    CVE-2021-4001
    A race condition was found in the Linux kernel's ebpf verifier between bpf_map_update_elem and bpf_map_freeze due to a missing lock in kernel/bpf/syscall.c. In this flaw, a local user with a speci ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:48 | 回复:0
  • CVE-2021-4032
    CVE-2021-4032
    A vulnerability was found in the Linux kernel's KVM subsystem in arch/x86/kvm/lapic.c kvm_free_lapic when a failure allocation was detected. In this flaw the KVM subsystem may crash the kernel due ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:58 | 回复:0
  • CVE-2022-23127
    CVE-2022-23127
    Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior and ICONICS MobileHMI versions 10.96.2 and prior allows a remote unauthenticated attacker t ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:57 | 回复:0
  • CVE-2022-23128
    CVE-2022-23128
    Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper H ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:70 | 回复:0
  • CVE-2022-23129
    CVE-2022-23129
    Plaintext Storage of a Password vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior and ICONICS GENESIS64 versions 10.90 to 10.97 allows a local authenticated attac ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:79 | 回复:0
  • CVE-2022-23130
    CVE-2022-23130
    Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.97 and prior and ICONICS Hyper Historian versions ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:120 | 回复:0
  • CVE-2022-23728
    CVE-2022-23728
    Attacker can reset the device with AT Command in the process of rebooting the device. The LG ID is LVE-SMP-210011.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:159 | 回复:0
  • CVE-2021-23460
    CVE-2021-23460
    The package min-dash before 3.8.1 are vulnerable to Prototype Pollution via the set method due to missing enforcement of key types.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:125 | 回复:0
  • CVE-2021-23518
    CVE-2021-23518
    The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache variable that is set as {} instead of Object.create(null) in the cachedPathRelative function, which al ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:99 | 回复:0
  • CVE-2021-23631
    CVE-2021-23631
    This affects all versions of package convert-svg-core; all versions of package convert-svg-to-png; all versions of package convert-svg-to-jpeg. Using a specially crafted SVG file, an attacker could re ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:73 | 回复:0
  • CVE-2021-23664
    CVE-2021-23664
    The package @isomorphic-git/cors-proxy before 2.7.1 are vulnerable to Server-side Request Forgery (SSRF) due to missing sanitization and validation of the redirection action in middleware.js.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:51 | 回复:0
  • CVE-2021-40595
    CVE-2021-40595
    SQL injection vulnerability in Sourcecodester Online Leave Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /leave_system/classes/Log ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:52 | 回复:0
  • CVE-2021-36338
    CVE-2021-36338
    Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:36 | 回复:0
  • CVE-2021-36339
    CVE-2021-36339
    The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:38 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
专题导读
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap