漏洞 - 第961页-OStack程序员社区-中国程序员成长平台

OStack程序员社区-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-25331

Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen in specific condition.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-24032

Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：57 | 回复：0
CVE漏洞

CVE-2021-24031

In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output fi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：67 | 回复：0
CVE漏洞

CVE-2020-8298

fs-path node module before 0.0.25 is vulnerable to command injection by way of user-supplied inputs via the `copy`, `copySync`, `remove`, and `removeSync` methods.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：65 | 回复：0
CVE漏洞

CVE-2020-35636

A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh-volume() OOB read. A specially craft ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：67 | 回复：0
CVE漏洞

CVE-2020-35628

A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh-in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：61 | 回复：0
CVE漏洞

CVE-2020-28636

A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh-tw ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：59 | 回复：0
CVE漏洞

CVE-2020-28601

A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：60 | 回复：0
CVE漏洞

CVE-2021-20351

IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially l ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：59 | 回复：0
CVE漏洞

CVE-2021-20350

IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially l ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：57 | 回复：0
CVE漏洞

CVE-2021-20340

IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially l ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：75 | 回复：0
CVE漏洞

CVE-2020-4975

IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially l ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：61 | 回复：0
CVE漏洞

CVE-2020-4866

IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially l ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：63 | 回复：0
CVE漏洞

CVE-2020-4863

IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potent ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：47 | 回复：0
CVE漏洞

CVE-2020-4857

IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potent ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：53 | 回复：0
CVE漏洞

CVE-2020-4856

IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potent ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：79 | 回复：0
CVE漏洞

CVE-2021-27217

An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message receive ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：56 | 回复：0
CVE漏洞

CVE-2021-26029

An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate filtering of form contents could allow to overwrite the author field.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：45 | 回复：0
CVE漏洞

CVE-2021-26028

An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an specifilcy crafted zip package could write files outside of the intended path.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：54 | 回复：0
CVE漏洞

CVE-2021-26027

An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL checks could allow unauthorized change of the category for an article.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：54 | 回复：0
CVE漏洞

CVE-2021-23132

An issue was discovered in Joomla! 3.0.0 through 3.9.24. com_media allowed paths that are not intended for image uploads……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：49 | 回复：0
CVE漏洞

CVE-2021-23131

An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input validation within the template manager.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：58 | 回复：0
CVE漏洞

CVE-2021-23130

An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of feed fields could lead to xss issues.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：61 | 回复：0
CVE漏洞

CVE-2021-23129

An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of messages showed to users that could lead to xss issues.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：67 | 回复：0
CVE漏洞

CVE-2021-23128

An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core shipped but unused randval implementation within FOF (FOFEncryptRandval) used an potential insecure implemetation. That has now been r ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：56 | 回复：0
CVE漏洞

CVE-2021-23127

An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：50 | 回复：0
CVE漏洞

CVE-2021-23126

An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function within the process of generating the 2FA secret.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：52 | 回复：0
CVE漏洞

CVE-2021-22128

An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：70 | 回复：0
CVE漏洞

CVE-2020-15938

When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the FortiGate in version below 6.2.5 and below 6.4.2 on port 80/443, it is not redirected to the transparent proxy policy for process ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：51 | 回复：0
CVE漏洞

CVE-2021-23346

This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Sending certain input could cause one of the regular expressions that is used for parsing to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：70 | 回复：0
CVE漏洞

CVE-2021-23344

The package total.js before 3.4.8 are vulnerable to Remote Code Execution (RCE) via set.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：53 | 回复：0
CVE漏洞

CVE-2020-35329

Courier Management System 1.0 1.0 is affected by SQL Injection via 'MULTIPART street '.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：71 | 回复：0
CVE漏洞

CVE-2020-35328

Courier Management System 1.0 - 'First Name' Stored XSS……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：62 | 回复：0
CVE漏洞

CVE-2020-35327

SQL injection vulnerability was discovered in Courier Management System 1.0, which can be exploited via the ref_no (POST) parameter to admin_class.php……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：49 | 回复：0
CVE漏洞

CVE-2021-22189

Starting with version 13.7 the Gitlab CE/EE editions were affected by a security issue related to the validation of the certificates for the Fortinet OTP that could result in authentication issues.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：63 | 回复：0
CVE漏洞

CVE-2021-22183

An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：52 | 回复：0
CVE漏洞

CVE-2020-24914

A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable strProfileData and allows an unauthenticated attacker to execute ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：56 | 回复：0
CVE漏洞

CVE-2020-24913

A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：73 | 回复：0
CVE漏洞

CVE-2020-24912

A reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：60 | 回复：0
CVE漏洞

CVE-2020-24036

PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：48 | 回复：0