• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    公众号

CVE漏洞

RSS
  • CVE-2022-22790
    CVE-2022-22790
    SYNEL - eharmony Directory Traversal. Directory Traversal - is an attack against a server or a Web application aimed at unauthorized access to the file system. on the Name parameter the attacker can r ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:09 | 阅读:139 | 回复:0
  • CVE-2022-22791
    CVE-2022-22791
    SYNEL - eharmony Authenticated Blind Stored XSS. Inject JS code into the comments field could lead to potential stealing of cookies, loading of HTML tags and JS code onto the system.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:09 | 阅读:119 | 回复:0
  • CVE-2022-22938
    CVE-2022-22938
    VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windows (5.x prior to 5.5.3) contains a denial-of-service vulnerability in the Cortado ThinPrint component. The issue exists in TrueTyp ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:09 | 阅读:110 | 回复:0
  • CVE-2022-22992
    CVE-2022-22992
    A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary system commands on the device. The vulnerab ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:09 | 阅读:109 | 回复:0
  • CVE-2022-22993
    CVE-2022-22993
    A limited SSRF vulnerability was discovered on Western Digital My Cloud devices that could allow an attacker to impersonate a server and reach any page on the server by bypassing access controls. The ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:09 | 阅读:100 | 回复:0
  • CVE-2022-22994
    CVE-2022-22994
    A remote code execution vulnerability was discovered on Western Digital My Cloud devices where an attacker could trick a NAS device into loading through an unsecured HTTP call. This was a result insuf ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:09 | 阅读:86 | 回复:0
  • CVE-2022-23456
    CVE-2022-23456
    Potential arbitrary file deletion vulnerability has been identified in HP Support Assistant software.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:09 | 阅读:86 | 回复:0
  • CVE-2022-23727
    CVE-2022-23727
    There is a privilege escalation vulnerability in some webOS TVs. Due to wrong setting environments, local attacker is able to perform specific operation to exploit this vulnerability. Exploitation may ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:09 | 阅读:78 | 回复:0
  • CVE-2022-23979
    CVE-2022-23979
    Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability discovered in Ultimate Reviews WordPress plugin (versions = 3.0.15).……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:09 | 阅读:76 | 回复:0
  • CVE-2022-23887
    CVE-2022-23887
    YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily delete user accounts via /admin/admin_manage/delete.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:09 | 阅读:81 | 回复:0
  • CVE-2022-23888
    CVE-2022-23888
    YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgey (CSRF) via the component /yzmcms/comment/index/init.html.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:09 | 阅读:76 | 回复:0
  • CVE-2022-23889
    CVE-2022-23889
    The comment function in YzmCMS v6.3 was discovered as being able to be operated concurrently, allowing attackers to create an unusually large number of comments.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:09 | 阅读:83 | 回复:0
  • CVE-2021-23484
    CVE-2021-23484
    The package zip-local before 0.3.5 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) which can lead to an extraction of a crafted file outside the intended extraction directory.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:09 | 阅读:93 | 回复:0
  • CVE-2021-23558
    CVE-2021-23558
    The package bmoor before 0.10.1 are vulnerable to Prototype Pollution due to missing sanitization in set function. **Note:** This vulnerability derives from an incomplete fix in (https://security.snyk ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:09 | 阅读:91 | 回复:0
  • CVE-2021-23760
    CVE-2021-23760
    The package keyget from 0.0.0 are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution. ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:09 | 阅读:88 | 回复:0
  • CVE-2021-46033
    CVE-2021-46033
    In ForestBlog, as of 2021-12-28, File upload can bypass verification.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:08 | 阅读:66 | 回复:0
  • CVE-2021-46089
    CVE-2021-46089
    In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root privileges.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:08 | 阅读:71 | 回复:0
  • CVE-2021-34865
    CVE-2021-34865
    This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The s ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:08 | 阅读:59 | 回复:0
  • CVE-2021-34866
    CVE-2021-34866
    This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.14-rc3. An attacker must first obtain the ability to execute low-privileged code on the tar ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:08 | 阅读:64 | 回复:0
  • CVE-2021-34867
    CVE-2021-34867
    This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute high-privileged code ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:08 | 阅读:58 | 回复:0
  • CVE-2021-34868
    CVE-2021-34868
    This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute low-privileged code o ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:08 | 阅读:63 | 回复:0
  • CVE-2021-34869
    CVE-2021-34869
    This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute low-privileged code o ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:08 | 阅读:56 | 回复:0
  • CVE-2021-34870
    CVE-2021-34870
    This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR XR1000 1.0.0.52_1.0.38 routers. Authentication is not required to exploit th ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:08 | 阅读:49 | 回复:0
  • CVE-2021-43863
    CVE-2021-43863
    The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. The Nextcloud Android app uses content providers to manage its data. Prior to version 3.18.1, the pr ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:08 | 阅读:63 | 回复:0
  • CVE-2021-46034
    CVE-2021-46034
    A problem was found in ForestBlog, as of 2021-12-29, there is a XSS vulnerability that can be injected through the nickname input box.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:08 | 阅读:67 | 回复:0
  • CVE-2021-46083
    CVE-2021-46083
    uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) via the input box of the statistical code.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:08 | 阅读:55 | 回复:0
  • CVE-2021-46084
    CVE-2021-46084
    uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) via close registration information input box.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:08 | 阅读:52 | 回复:0
  • CVE-2021-46085
    CVE-2021-46085
    OneBlog = 2.2.8 is vulnerable to Insecure Permissions. Low level administrators can delete high-level administrators beyond their authority.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:08 | 阅读:51 | 回复:0
  • CVE-2021-46086
    CVE-2021-46086
    xzs-mysql = t3.4.0 is vulnerable to Insecure Permissions. The front end of this open source system is an online examination system. There is an unsafe vulnerability in the functional method of submitt ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:08 | 阅读:55 | 回复:0
  • CVE-2021-46087
    CVE-2021-46087
    In jfinal_cms = 5.1 0, there is a storage XSS vulnerability in the background system of CMS. Because developers do not filter the parameters submitted by the user input form, any user with background ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:08 | 阅读:53 | 回复:0
  • CVE-2021-39031
    CVE-2021-39031
    IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could e ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:08 | 阅读:63 | 回复:0
  • CVE-2022-0351
    CVE-2022-0351
    Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:08 | 阅读:68 | 回复:0
  • CVE-2021-38129
    CVE-2021-38129
    Escalation of privileges vulnerability in Micro Focus in Micro Focus Operations Agent, affecting versions 12.x up to and including 12.21. The vulnerability could be exploited by a non-privileged local ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:08 | 阅读:60 | 回复:0
  • CVE-2021-40158
    CVE-2021-40158
    A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 may be forced to read beyond allocated boundaries when parsing the JT file. This vulnerability can be exploited to execute arb ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:08 | 阅读:64 | 回复:0
  • CVE-2021-40159
    CVE-2021-40159
    An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022, 2021, 2020, 2019 may lead to code execution through maliciously crafted JT files.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:08 | 阅读:66 | 回复:0
  • CVE-2021-40167
    CVE-2021-40167
    A Memory Corruption Vulnerability in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 and prior may lead to remote code execution through maliciously crafted DWF and TGA files.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:08 | 阅读:55 | 回复:0
  • CVE-2021-40337
    CVE-2021-40337
    Cross-site Scripting (XSS) vulnerability in Hitachi Energy LinkOne allows an attacker that manages to exploit the vulnerability can take advantage to exploit multiple web attacks and stole sensitive i ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:08 | 阅读:58 | 回复:0
  • CVE-2021-41598
    CVE-2021-41598
    A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:08 | 阅读:63 | 回复:0
  • CVE-2021-43298
    CVE-2021-43298
    The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacke ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:08 | 阅读:55 | 回复:0
  • CVE-2021-45729
    CVE-2021-45729
    The Privilege Escalation vulnerability discovered in the WP Google Map WordPress plugin (versions = 1.8.0) allows authenticated low-role users to create, edit, and delete maps.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:08 | 阅读:65 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
专题导读
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap