漏洞 - 第953页-OStack程序员社区-中国程序员成长平台

OStack程序员社区-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-21604

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantia ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：66 | 回复：0
CVE漏洞

CVE-2021-21603

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape notification bar response contents, resulting in a cross-site scripting (XSS) vulnerability.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：58 | 回复：0
CVE漏洞

CVE-2021-21602

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：59 | 回复：0
CVE漏洞

CVE-2021-20616

Untrusted search path vulnerability in the installer of SKYSEA Client View Ver.1.020.05b to Ver.16.001.01g allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：72 | 回复：0
CVE漏洞

CVE-2020-5686

Incorrect implementation of authentication algorithm issue in UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to access the remote system maintenance feature and ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：41 | 回复：0
CVE漏洞

CVE-2020-5685

UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to execute arbitrary OS commands or cause a denial-of-service (DoS) condition by sending a specially crafted requ ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：52 | 回复：0
CVE漏洞

CVE-2020-5633

Multiple NEC products (Express5800/T110j, Express5800/T110j-S, Express5800/T110j (2nd-Gen), Express5800/T110j-S (2nd-Gen), iStorage NS100Ti, and Express5800/GT110j) where Baseboard Management Controll ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：89 | 回复：0
CVE漏洞

CVE-2020-35686

The SECOMN service in Sound Research DCHU model software component modules (APO) through 2.0.9.17, delivered on HP Windows 10 computers, may allow escalation of privilege via a fake DLL. (As a resolut ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：73 | 回复：0
CVE漏洞

CVE-2020-36191

JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：67 | 回复：0
CVE漏洞

CVE-2020-28374

In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：51 | 回复：0
CVE漏洞

CVE-2021-23936

OX App Suite through 7.10.4 allows XSS via the subject of a task.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：44 | 回复：0
CVE漏洞

CVE-2021-23935

OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：66 | 回复：0
CVE漏洞

CVE-2021-23934

OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：61 | 回复：0
CVE漏洞

CVE-2021-23933

OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：63 | 回复：0
CVE漏洞

CVE-2021-23932

OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：59 | 回复：0
CVE漏洞

CVE-2021-23931

OX App Suite through 7.10.4 allows XSS via an inline binary file.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：63 | 回复：0
CVE漏洞

CVE-2021-23930

OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：72 | 回复：0
CVE漏洞

CVE-2021-23929

OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/share-token?delivery=view URI.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：50 | 回复：0
CVE漏洞

CVE-2021-27364

An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：62 | 回复：0
CVE漏洞

CVE-2021-27363

An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：54 | 回复：0
CVE漏洞

CVE-2021-26294

An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. They allow directory traversal to read files (such as a data/settings/settings.xml file containing admin panel ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：54 | 回复：0
CVE漏洞

CVE-2021-26814

Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI. An authenticated user to the service may exploit inco ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：48 | 回复：0
CVE漏洞

CVE-2021-27581

The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：55 | 回复：0
CVE漏洞

CVE-2021-28042

Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Traversal via a crafted ZIP archive to the Upload feature or the MO Connect component. This can lead to remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：65 | 回复：0
CVE漏洞

CVE-2021-3420

A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：51 | 回复：0
CVE漏洞

CVE-2021-3377

The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：63 | 回复：0
CVE漏洞

CVE-2021-28041

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：53 | 回复：0
CVE漏洞

CVE-2020-29030

Cross-Site Request Forgery (CSRF) vulnerability in web GUI of Secomea GateManager allows an attacker to execute malicious code. This issue affects: Secomea GateManager All versions prior to 9.4.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：65 | 回复：0
CVE漏洞

CVE-2020-29029

Improper Input Validation, Cross-site Scripting (XSS) vulnerability in Web GUI of Secomea GateManager allows an attacker to execute arbitrary javascript code. This issue affects: Secomea GateManager a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：51 | 回复：0
CVE漏洞

CVE-2020-29028

Cross-site Scripting (XSS) vulnerability in web GUI of Secomea GateManager allows an attacker to inject arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：56 | 回复：0
CVE漏洞

CVE-2020-29020

Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：47 | 回复：0
CVE漏洞

CVE-2021-27257

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not r ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-27256

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Although authentication is required to exploit this ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：41 | 回复：0
CVE漏洞

CVE-2021-27255

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-27254

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific fla ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：50 | 回复：0
CVE漏洞

CVE-2021-26705

An issue was discovered in SquareBox CatDV Server through 9.2. An attacker can invoke sensitive RMI methods such as getConnections without authentication, the results of which can be used to generate ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：37 | 回复：0
CVE漏洞

CVE-2021-28040

An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vulnerability in os_xml.c occurs when a large number of opening and closing XML tags is used. Because recursion is used in _ReadElem w ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：48 | 回复：0
CVE漏洞

CVE-2021-28039

An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：46 | 回复：0
CVE漏洞

CVE-2021-28038

An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：42 | 回复：0
CVE漏洞

CVE-2021-27099

In SPIRE before versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1, the aws_iid Node Attestor improperly normalizes the path provided through the agent ID templating feature, which may allow the issuanc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：52 | 回复：0