• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    公众号
登陆 注册
OStack程序员社区-中国程序员成长平台 门户 漏洞

漏洞

RSS

下级分类:

  • CVE-2021-25354
    CVE漏洞
    CVE-2021-25354
    Improper input check in Samsung Internet prior to version 13.2.1.46 allows attackers to launch non-exported activity in Samsung Browser via malicious deeplink.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:54 | 阅读:31 | 回复:0
  • CVE-2021-25353
    CVE漏洞
    CVE-2021-25353
    Using empty PendingIntent in Galaxy Themes prior to version 5.2.00.1215 allows local attackers to read/write private file directories of Galaxy Themes application without permission via hijacking the ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:54 | 阅读:23 | 回复:0
  • CVE-2021-25352
    CVE漏洞
    CVE-2021-25352
    Using PendingIntent with implicit intent in Bixby Voice prior to version 3.0.52.14 allows attackers to execute privileged action by hijacking and modifying the intent.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:54 | 阅读:27 | 回复:0
  • CVE-2021-25351
    CVE漏洞
    CVE-2021-25351
    Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:54 | 阅读:33 | 回复:0
  • CVE-2021-25350
    CVE漏洞
    CVE-2021-25350
    Information Exposure vulnerability in Samsung Account prior to version 12.1.1.3 allows physically proximate attackers to access user information via log.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:54 | 阅读:27 | 回复:0
  • CVE-2021-25349
    CVE漏洞
    CVE-2021-25349
    Using unsafe PendingIntent in Slow Motion Editor prior to version 3.5.18.5 allows local attackers unauthorized action without permission via hijacking the PendingIntent.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:54 | 阅读:26 | 回复:0
  • CVE-2021-21783
    CVE漏洞
    CVE-2021-21783
    A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HT ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:54 | 阅读:27 | 回复:0
  • CVE-2021-22659
    CVE漏洞
    CVE-2021-22659
    Rockwell Automation MicroLogix 1400 Version 21.6 and below may allow a remote unauthenticated attacker to send a specially crafted Modbus packet allowing the attacker to retrieve or modify random valu ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:54 | 阅读:21 | 回复:0
  • CVE-2021-22496
    CVE漏洞
    CVE-2021-22496
    Authentication Bypass Vulnerability in Micro Focus Access Manager Product, affects all version prior to version 4.5.3.3. The vulnerability could cause information leakage.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:54 | 阅读:26 | 回复:0
  • CVE-2020-6790
    CVE漏洞
    CVE-2020-6790
    Calling an executable through an Uncontrolled Search Path Element in the Bosch Video Streaming Gateway installer up to and including version 6.45.10 potentially allows an attacker to execute arbitrary ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:54 | 阅读:31 | 回复:0
  • CVE-2020-6789
    CVE漏洞
    CVE-2020-6789
    Loading a DLL through an Uncontrolled Search Path Element in the Bosch Monitor Wall installer up to and including version 10.00.0164 potentially allows an attacker to execute arbitrary code on a victi ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:54 | 阅读:30 | 回复:0
  • CVE-2020-6788
    CVE漏洞
    CVE-2020-6788
    Loading a DLL through an Uncontrolled Search Path Element in the Bosch Configuration Manager installer up to and including version 7.21.0078 potentially allows an attacker to execute arbitrary code on ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:54 | 阅读:34 | 回复:0
  • CVE-2020-6787
    CVE漏洞
    CVE-2020-6787
    Loading a DLL through an Uncontrolled Search Path Element in the Bosch Video Client installer up to and including version 1.7.6.079 potentially allows an attacker to execute arbitrary code on a victim ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:54 | 阅读:30 | 回复:0
  • CVE-2020-8585
    CVE漏洞
    CVE-2020-8585
    OnCommand Unified Manager Core Package versions prior to 5.2.5 may disclose sensitive account information to unauthorized users via the use of PuTTY Link (plink).……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:53 | 阅读:59 | 回复:0
  • CVE-2021-3337
    CVE漏洞
    CVE-2021-3337
    The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remote attackers to bypass intended content-reading restrictions by clicking on reply or quote in the postbit.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:53 | 阅读:63 | 回复:0
  • CVE-2021-3160
    CVE漏洞
    CVE-2021-3160
    Deserialization of untrusted data in the login page of ASSUWEB 359.3 build 1 subcomponent of ACA ASSUREX RENTES product allows a remote attacker to inject unsecure serialized Java object using a speci ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:53 | 阅读:35 | 回复:0
  • CVE-2021-20185
    CVE漏洞
    CVE-2021-20185
    It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that messaging did not impose a character limit when sending messages, which could result in client-side (browser) denial of servi ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:53 | 阅读:35 | 回复:0
  • CVE-2020-36115
    CVE漏洞
    CVE-2020-36115
    Stored Cross Site Scripting (XSS) vulnerability in EGavilan Media CRUD Operation with PHP, MySQL, Bootstrap, and Dompdf via First Name or Last Name parameter in the 'Add New Record Feature'. ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:53 | 阅读:30 | 回复:0
  • CVE-2020-35754
    CVE漏洞
    CVE-2020-35754
    OpenSolution Quick.CMS 6.7 and Quick.Cart 6.7 allow an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Language tab.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:53 | 阅读:33 | 回复:0
  • CVE-2020-35517
    CVE漏洞
    CVE-2020-35517
    A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared dir ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:53 | 阅读:42 | 回复:0
  • CVE-2020-1725
    CVE漏洞
    CVE-2020-1725
    A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access tok ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:53 | 阅读:50 | 回复:0
  • CVE-2020-1723
    CVE漏洞
    CVE-2020-1723
    The logout endpoint /oauth/logout?redirect=url can be abused to redirect logged in users to arbitrary web pages. This vulnerability could be used in phishing attacks. Versions shipped with Red Hat Mob ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:53 | 阅读:45 | 回复:0
  • CVE-2019-25016
    CVE漏洞
    CVE-2019-25016
    In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed to ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:53 | 阅读:44 | 回复:0
  • CVE-2021-25647
    CVE漏洞
    CVE-2021-25647
    Mobile application Testes de Codigo v11.3 and prior allows stored XSS by injecting a payload in the feedback message field causing it to be stored in the remote database and leading to its execution o ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:53 | 阅读:40 | 回复:0
  • CVE-2021-20187
    CVE漏洞
    CVE-2021-20187
    It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authenticat ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:53 | 阅读:35 | 回复:0
  • CVE-2021-20186
    CVE漏洞
    CVE-2021-20186
    It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that if the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:53 | 阅读:65 | 回复:0
  • CVE-2021-20184
    CVE漏洞
    CVE-2021-20184
    It was found in Moodle before version 3.10.1, 3.9.4 and 3.8.7 that a insufficient capability checks in some grade related web services meant students were able to view other students grades.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:53 | 阅读:46 | 回复:0
  • CVE-2021-20183
    CVE漏洞
    CVE-2021-20183
    It was found in Moodle before version 3.10.1 that some search inputs were vulnerable to reflected XSS due to insufficient escaping of search queries.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:53 | 阅读:80 | 回复:0
  • CVE-2020-26272
    CVE漏洞
    CVE-2020-26272
    The Electron framework lets you write cross-platform desktop applications using JavaScript, HTML and CSS. In affected versions of Electron IPC messages sent from the main process to a subframe in the ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:53 | 阅读:52 | 回复:0
  • CVE-2021-22875
    CVE漏洞
    CVE-2021-22875
    Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in stats.php via the `setPerPage` parameter.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:53 | 阅读:49 | 回复:0
  • CVE-2021-22874
    CVE漏洞
    CVE-2021-22874
    Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in userlog-index.php via the `period_preset` parameter.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:53 | 阅读:31 | 回复:0
  • CVE-2020-4888
    CVE漏洞
    CVE-2020-4888
    IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:53 | 阅读:37 | 回复:0
  • CVE-2020-4682
    CVE漏洞
    CVE-2020-4682
    IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit thi ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:53 | 阅读:41 | 回复:0
  • CVE-2020-13569
    CVE漏洞
    CVE-2020-13569
    A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP r ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:53 | 阅读:48 | 回复:0
  • CVE-2021-20622
    CVE漏洞
    CVE-2021-20622
    Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to inject an arbitrary script via unspecif ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:53 | 阅读:45 | 回复:0
  • CVE-2021-20621
    CVE漏洞
    CVE-2021-20621
    Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:53 | 阅读:52 | 回复:0
  • CVE-2021-20620
    CVE漏洞
    CVE-2021-20620
    Cross-site scripting vulnerability in Aterm WF800HP firmware Ver1.0.9 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:53 | 阅读:40 | 回复:0
  • CVE-2020-5626
    CVE漏洞
    CVE-2020-5626
    Logstorage version 8.0.0 and earlier, and ELC Analytics version 3.0.0 and earlier allow remote attackers to execute arbitrary OS commands via a specially crafted log file.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:53 | 阅读:39 | 回复:0
  • CVE-2021-3142
    CVE漏洞
    CVE-2021-3142
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-35128. Reason: This candidate is a reservation duplicate of CVE-2020-35128. Notes: All CVE users should reference CVE-2020-35128 ins ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:53 | 阅读:33 | 回复:0
  • CVE-2020-35124
    CVE漏洞
    CVE-2020-35124
    A cross-site scripting (XSS) vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:53 | 阅读:32 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap