漏洞 - 第994页-OStack程序员社区-中国程序员成长平台

OStack程序员社区-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-23271

The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Stored Cross Sit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：107 | 回复：0
CVE漏洞

CVE-2021-21291

OAuth2 Proxy is an open-source reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group. In OAuth2 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：122 | 回复：0
CVE漏洞

CVE-2021-21289

Mechanize is an open-source ruby library that makes automated web interaction easy. In Mechanize from version 2.0.0 and before version 2.7.7 there is a command injection vulnerability. Affected versio ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：132 | 回复：0
CVE漏洞

CVE-2021-20199

Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：112 | 回复：0
CVE漏洞

CVE-2020-7775

This affects all versions of package freediskspace. The vulnerability arises out of improper neutralization of arguments in line 71 of freediskspace.js.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：124 | 回复：0
CVE漏洞

CVE-2020-28498

The package elliptic before 6.5.4 are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm that the public key point passed into the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：125 | 回复：0
CVE漏洞

CVE-2021-21285

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：126 | 回复：0
CVE漏洞

CVE-2021-21284

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using --userns-r ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：127 | 回复：0
CVE漏洞

CVE-2020-15097

loklak is an open-source server application which is able to collect messages from various sources, including twitter. The server contains a search index and a peer-to-peer index sharing interface. Al ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：134 | 回复：0
CVE漏洞

CVE-2019-25018

In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of . or an empty filename, similar to CVE-2018-20685 and CVE-2019-7282. T ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：125 | 回复：0
CVE漏洞

CVE-2019-25017

An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to the rcp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：107 | 回复：0
CVE漏洞

CVE-2021-25310

** UNSUPPORTED WHEN ASSIGNED ** The administration web interface on Belkin Linksys WRT160NL 1.0.04.002_US_20130619 devices allows remote authenticated attackers to execute system commands with root pr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：127 | 回复：0
CVE漏洞

CVE-2020-4934

IBM Content Navigator 3.0.CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arb ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：112 | 回复：0
CVE漏洞

CVE-2020-18568

The D-Link DSR-250 (3.14) DSR-1000N (2.11B201) UPnP service contains a command injection vulnerability, which can cause remote command execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：130 | 回复：0
CVE漏洞

CVE-2020-25506

D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：139 | 回复：0
CVE漏洞

CVE-2020-8101

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in HTTP interface of ADT LifeShield DIY HD Video Doorbell allows an attacker on the same netwo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：97 | 回复：0
CVE漏洞

CVE-2020-28495

This affects the package total.js before 3.4.7. The set function can be used to set a value into the object according to the path. However the keys of the path being set are not properly sanitized, le ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：124 | 回复：0
CVE漏洞

CVE-2020-28494

This affects the package total.js before 3.4.7. The issue occurs in the image.pipe and image.stream functions. The type parameter is used to build the command that is then executed using child_process ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：112 | 回复：0
CVE漏洞

CVE-2021-3281

In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by startapp --template and startproject --template) allows directory traversal via a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：118 | 回复：0
CVE漏洞

CVE-2021-20207

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs:CVE-2021-3348. Reason: This candidate is a reservation duplicate of CVE-2021-3348. Notes: All CVE users should reference CVE-2021-3348 instead ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：96 | 回复：0
CVE漏洞

CVE-2020-24335

An issue was discovered in uIP through 1.0, as used in Contiki and Contiki-NG. Domain name parsing lacks bounds checks, allowing an attacker to corrupt memory with crafted DNS packets.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：95 | 回复：0
CVE漏洞

CVE-2020-1896

A stack overflow vulnerability in Facebook Hermes 'builtin apply' prior to commit 86543ac47e59c522976b5632b8bf9a2a4583c7d2 (https://github.com/facebook/hermes/commit/86543ac47e59c522976b5632b8 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：116 | 回复：0
CVE漏洞

CVE-2020-25036

UCOPIA Wi-Fi appliances 6.0.5 allow authenticated remote attackers to escape the restricted administration shell CLI, and access a shell with admin user rights, via an unprotected less command.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：132 | 回复：0
CVE漏洞

CVE-2020-25035

UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with root privileges using chroothole_client's PHP call, a related issue to CVE-2017-11322.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：129 | 回复：0
CVE漏洞

CVE-2020-25037

UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with admin user privileges via an escape from a restricted command.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：116 | 回复：0
CVE漏洞

CVE-2020-36231

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References (IDOR) vulnerab ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：104 | 回复：0
CVE漏洞

CVE-2020-14192

Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product's SEN via an Information Disclosure vulnerability in the x-asen response header from Atlassian Analytic ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：109 | 回复：0
CVE漏洞

CVE-2021-3378

FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a Content-Type: image/png header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：106 | 回复：0
CVE漏洞

CVE-2021-3340

A cross-site scripting (XSS) vulnerability in many forms of Wikindx before 5.7.0 and 6.x through 6.4.0 allows remote attackers to inject arbitrary web script or HTML via the message parameter to index ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：106 | 回复：0
CVE漏洞

CVE-2019-20473

An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. Any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device simply produces a Re ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：104 | 回复：0
CVE漏洞

CVE-2019-20471

An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. When using the device at initial setup, a default password is used (123456) for administrative purposes. There is no pr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：117 | 回复：0
CVE漏洞

CVE-2019-20470

An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs actions based on certain SMS commands. This can be used to set up a voice communication channel from the wa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：111 | 回复：0
CVE漏洞

CVE-2019-20468

An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It has unnecessary permissions such as READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE, and READ_CONTACTS.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：119 | 回复：0
CVE漏洞

CVE-2020-28493

This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re regex` operator and its use of multiple wildcards. The last wildcard is the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：117 | 回复：0
CVE漏洞

CVE-2021-21287

MinIO is a High Performance Object Storage released under Apache License v2.0. In MinIO before version RELEASE.2021-01-30T00-20-58Z there is a server-side request forgery vulnerability. The target app ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：108 | 回复：0
CVE漏洞

CVE-2020-21180

Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signup page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：100 | 回复：0
CVE漏洞

CVE-2020-21179

Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signin page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：115 | 回复：0
CVE漏洞

CVE-2020-21176

SQL injection vulnerability in the model.increment and model.decrement function in ThinkJS 3.2.10 allows remote attackers to execute arbitrary SQL commands via the step parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：109 | 回复：0
CVE漏洞

CVE-2020-20296

An issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL commands.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：116 | 回复：0
CVE漏洞

CVE-2020-20295

An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:36 | 阅读：118 | 回复：0