查看最新发布的CVE列表 (117555)

CVE-2018-8013(发布:2018-05-24 12:29:00)NMPS
CVSSN/A

[原文]In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.

CVE-2018-5485(发布:2018-05-24 10:29:00)NM
CVSSN/A

[原文]NetApp OnCommand Unified Manager for Windows versions 7.2 through 7.3 are susceptible to a vulnerability which could lead to a privilege escalation attack.

CVE-2018-5487(发布:2018-05-24 10:29:00)NM
CVSSN/A

[原文]NetApp OnCommand Unified Manager for Linux versions 7.2 through 7.3 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution.

CVE-2018-7902(发布:2018-05-24 10:29:00)NM
CVSSN/A

[原文]Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system.

CVE-2018-7903(发布:2018-05-24 10:29:00)NM
CVSSN/A

[原文]Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system.

CVE-2018-7904(发布:2018-05-24 10:29:00)NM
CVSSN/A

[原文]Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system.

12345678下一页尾页 第1页 / 共19593页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站