当前节点:cve-famous
时间节点
2021-04-23 10:12:20知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several HTTP endpoints, attackers with Overall/Read permission to enumerate configuration file IDs.

Jenkins Config File Provider Plugin 3.7.0及更早版本不在多个 HTTP 端点执行权限检查,攻击者使用 Overall/Read 权限枚举配置文件 id。
2021-04-23 10:12:18知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jenkins
A cross-site request forgery (CSRF) vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID.

Jenkins Config File Provider Plugin 3.7.0及更早版本中的一个跨站请求伪造安全漏洞允许攻击者删除与攻击者指定的 ID 对应的配置文件。
2021-04-23 10:12:15知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins.

Jenkins Config File Provider Plugin 3.7.0及更早版本在多个 HTTP 端点中不能正确执行权限检查,允许具有全局作业/配置权限的攻击者枚举存储在 Jenkins 中的凭据的系统范围的凭据 id。
2021-04-23 10:12:13知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Jenkins Config File Provider Plugin 3.7.0及更早版本没有配置其 XML 解析器以防止 XML 外部实体(XXE)攻击。
2021-04-23 10:12:04知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:IBM WebSphere
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196649.

IBM WebSphere Application Server 7.0、8.0、8.5和9.0在处理 XML 数据时容易受到 XML 外部实体注入(XXE)攻击。远程攻击者可以利用此漏洞公开敏感信息或消耗内存资源。196649.
2021-04-23 10:11:06知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:通达
2021-04-21 18:11:31知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:IBM WebSphere
IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196648.

IBM WebSphere Application Server 8.0、8.5和9.0在处理 XML 数据时容易受到 XML 外部实体注入(XXE)攻击。远程攻击者可以利用此漏洞公开敏感信息或消耗内存资源。196648.
2021-04-20 22:12:54知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Django
Wagtail is a Django content management system. In affected versions of Wagtail, when saving the contents of a rich text field in the admin interface, Wagtail does not apply server-side checks to ensure that link URLs use a valid protocol. A malicious user with access to the admin interface could thus craft a POST request to publish content with `javascript:` URLs containing arbitrary code. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. See referenced GitHub advisory for additional details, including a workaround. Patched versions have been released as Wagtail 2.11.7 (for the LTS 2.11 branch) and Wagtail 2.12.4 (for the current 2.12 branch).

Wagtail 是一个 Django 内容管理系统。在受影响的 Wagtail 版本中,当在管理界面中保存富文本字段的内容时,Wagtail 不应用服务器端检查来确保链接 url 使用有效的协议。一个恶意用户访问管理界面,因此可以编造一个 POST 请求,用包含任意代码的‘ javascript:’url 发布内容。这个漏洞不会被没有访问 Wagtail 管理员的普通站点访问者利用。查看引用的 GitHub 通知了解更多细节,包括一个变通方案。修补后的版本已经发布为 Wagtail 2.11.7(针对 LTS 2.11分支)和 Wagtail 2.12.4(针对当前的2.12分支)。
2021-04-17 10:09:27知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Apache
The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-http(s) hyperlinks. The problem has existed since about 2006 and the issue is also in 4.1.9. If the link is specifically crafted this could lead to untrusted code execution. It is always best practice to be careful opening documents from unknown and unverified sources. The mitigation in Apache OpenOffice 4.1.10 (unreleased) assures that a security warning is displayed giving the user the option of continuing to open the hyperlink.

2021-04-17 10:09:15知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:F5
Sydent is a reference Matrix identity server. Sydent does not limit the size of requests it receives from HTTP clients. A malicious user could send an HTTP request with a very large body, leading to memory exhaustion and denial of service. Sydent also does not limit response size for requests it makes to remote Matrix homeservers. A malicious homeserver could return a very large response, again leading to memory exhaustion and denial of service. This affects any server which accepts registration requests from untrusted clients. This issue has been patched by releases 89071a1, 0523511, f56eee3. As a workaround request sizes can be limited in an HTTP reverse-proxy. There are no known workarounds for the problem with overlarge responses.

2021-04-17 10:08:59知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Spring Boot
Broken Authentication in Atlassian Connect Spring Boot (ACSB) from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a server-to-server JWT or a context JWT. Atlassian Connect Spring Boot versions between 1.1.0 - 2.1.2 erroneously accept context JWTs in lifecycle endpoints (such as installation) where only server-to-server JWTs should be accepted, permitting an attacker to send authenticated re-installation events to an app.

2021-04-17 10:08:36知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:通达
2021-04-16 14:08:47知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:用友
2021-04-16 14:08:42知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:泛微
2021-04-16 14:08:38知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:用友
2021-04-15 18:10:00知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Django
A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form.

2021-04-15 18:09:40知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Apache
A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL. An attacker was able to download the file `AppModule.class` by requesting the URL `http://localhost:8080/assets/something/services/AppModule.class` which contains a HMAC secret key. The fix for that bug was a blacklist filter that checks if the URL ends with `.class`, `.properties` or `.xml`. Bypass: Unfortunately, the blacklist solution can simply be bypassed by appending a `/` at the end of the URL: `http://localhost:8080/assets/something/services/AppModule.class/` The slash is stripped after the blacklist check and the file `AppModule.class` is loaded into the response. This class usually contain
2021-04-15 18:09:32知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:SAP NetWeaver
In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Enterprise Service Repository JAVA Mappings), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, SAP recommends to refer this note.

2021-04-15 18:09:30知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:SAP NetWeaver
SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Integration Builder Framework), versions - 7.10, 7.30, 7.31, 7.40, 7.50, allows an attacker to access information under certain conditions, which would otherwise be restricted.

2021-04-15 18:09:02知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jira
The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.0 allows remote anonymous attackers who can perform an attacker in the middle attack to learn which mode a user is editing in due to the cookie not being set with a secure attribute if Jira was configured to use https.

2021-04-15 18:09:01知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jira
The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remote authenticated attackers to obtain the full path of the Jira application data directory via an information disclosure vulnerability in the error message when presented with an invalid filename.

2021-04-15 18:08:56知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:F5
A Creation of Temporary File With Insecure Permissions vulnerability in hawk2 of SUSE Linux Enterprise High Availability 12-SP3, SUSE Linux Enterprise High Availability 12-SP5, SUSE Linux Enterprise High Availability 15-SP2 allows local attackers to escalate to root. This issue affects: SUSE Linux Enterprise High Availability 12-SP3 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 12-SP5 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 15-SP2 hawk2 versions prior to 2.6.3+git.1614684118.af555ad9.

2021-04-15 18:08:47知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jira
The issue navigation and search view in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.1 allows remote attackers to inject arbitrary HTML or JavaScript via a DOM Cross-Site Scripting (XSS) vulnerability caused by parameter pollution.

2021-04-14 19:27:53知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Microsoft Exchange
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28480, CVE-2021-28481, CVE-2021-28482.

2021-04-14 19:27:52知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Microsoft Exchange
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28480, CVE-2021-28481, CVE-2021-28483.

2021-04-14 19:27:51知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Microsoft Exchange
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28480, CVE-2021-28482, CVE-2021-28483.

2021-04-14 19:27:50知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Microsoft Exchange
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28481, CVE-2021-28482, CVE-2021-28483.

2021-04-14 19:27:24知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Outlook
Microsoft Outlook Memory Corruption Vulnerability

2021-04-14 19:27:22知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Microsoft SharePoint
Microsoft SharePoint Denial of Service Update

2021-04-14 19:24:55知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:SAP NetWeaver
An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABAP, versions - 731, 740, 750, allows to keep a work process busy for any length of time. An attacker could call this function module multiple times to block all work processes thereby causing Denial of Service and affecting the Availability of the SAP system.

2021-04-14 19:24:53知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:SAP NetWeaver
SAP NetWeaver AS Java (Applications based on HTMLB for Java) allows a basic-level authorized attacker to store a malicious file on the server. When a victim tries to open this file, it results in a Cross-Site Scripting (XSS) vulnerability and the attacker can read and modify data. However, the attacker does not have control over kind or degree.

2021-04-14 19:24:50知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:SAP NetWeaver
SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 7.31, 7.40, 7.50, allows an attacker to read some statistical data like product version, traffic, timestamp etc. because of missing authorization check in the servlet.

2021-04-14 19:23:50知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:SAP NetWeaver
SAP NetWeaver Application Server Java(HTTP Service), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate logon group in URLs, resulting in a content spoofing vulnerability when directory listing is enabled.

2021-04-14 19:23:49知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:SAP NetWeaver
An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user.

2021-04-14 19:23:46知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:SAP NetWeaver
SAP NetWeaver Master Data Management, versions - 710, 710.750, allows a malicious unauthorized user with access to the MDM Server subnet to find the password using a brute force method. If successful, the attacker could obtain access to highly sensitive data and MDM administrative privileges leading to information disclosure vulnerability thereby affecting the confidentiality and integrity of the application. This happens when security guidelines and recommendations concerning administrative accounts of an SAP NetWeaver Master Data Management installation have not been thoroughly reviewed.

2021-04-13 23:25:53知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Solr
有新的漏洞组件被发现啦,组件ID:Apache Solr
有新的漏洞组件被发现啦,组件ID:Apache
When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.

2021-04-13 23:25:49知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Apache
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.

2021-04-13 23:25:36知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Solr
有新的漏洞组件被发现啦,组件ID:Apache Solr
有新的漏洞组件被发现啦,组件ID:Apache
When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. Additionally, with any ZkACLProvider, if the security.json is already present, Solr will not automatically update the ACLs.

2021-04-13 23:24:51知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Solr
有新的漏洞组件被发现啦,组件ID:Apache Solr
有新的漏洞组件被发现啦,组件ID:Apache
The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2.

2021-04-13 23:21:08知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:GitLab
A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token

2021-04-10 19:09:27知名组件CVE监控
2021-04-09 20:00:14知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jenkins
Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow access without permission checks.

2021-04-09 20:00:11知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jenkins
Cross-Site Request Forgery (CSRF) vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow form validation without permission checks.

2021-04-09 20:00:08知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jenkins
Improper Certificate Validation vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow unconditionally disabling of SSL/TLS certificates.

2021-04-09 20:00:03知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jenkins
Reflected XSS vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects all version 6.7 and earlier versions.

2021-04-09 19:59:53知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:IBM WebSphere
IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197502.

2021-04-09 19:59:23知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jira
The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to obtain gadget related settings via a missing permissions check.

2021-04-09 19:59:18知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:ZCMS
zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as CSRF.

2021-04-09 00:02:40知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Docker
有新的漏洞组件被发现啦,组件ID:Apache
Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain installations with the Apache HTTP Server and the local-storage driver (e.g., when the product was obtained from hub.docker.com).

2021-04-09 00:02:21知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jenkins
A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds.

2021-04-09 00:02:15知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not properly check that a newly created view has an allowed name, allowing attackers with View/Create permission to create views with invalid or already-used names.

2021-04-09 00:02:13知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate the type of object created after loading the data submitted to the `config.xml` REST API endpoint of a node, allowing attackers with Computer/Configure permission to replace a node with one of a different type.

2021-04-09 00:02:02知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Cisco IOS
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges on the underlying Linux operating system (OS) of an affected device. This vulnerability is due to insufficient input validation of commands that are supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to an affected command. A successful exploit could allow the attacker to execute commands on the underlying Linux OS with root privileges.

2021-04-08 04:00:18知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Seafile
Seafile 7.0.5 (2019) allows Persistent XSS via the "share of library functionality."

2021-04-08 04:00:09知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Django
In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.

2021-04-08 03:59:30知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:F5
An issue was discovered in the Linux kernel before 5.7. The KVM subsystem allows out-of-range access to memslots after a deletion, aka CID-0774a964ef56. This affects arch/s390/kvm/kvm-s390.c, include/linux/kvm_host.h, and virt/kvm/kvm_main.c.