CVSS评分在区间 [7,9.9] 的搜索结果 (27557)

CVE-2012-4449(发布:2017-10-30 15:29:00)NM
CVSS7.5

[原文]Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-dependent attackers to crack secret keys via a brute-force attack.

CVE-2013-4366(发布:2017-10-30 15:29:00)NM
CVSS7.5

[原文]http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification.

CVE-2014-0115(发布:2017-10-30 12:29:00)NM
CVSS7.8

[原文]Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to log.

CVE-2017-9450(发布:2017-10-30 10:29:00)NMS
CVSS7.2

[原文]The Amazon Web Services (AWS) CloudFormation bootstrap tools package (aka aws-cfn-bootstrap) before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the ability to create files in an unspecified directory.

CVE-2012-5357(发布:2017-10-30 10:29:00)NMCOEPS
CVSS7.5

[CNNVD]Ektron CMS ‘XslCompiledTransform’类远程代码执行漏洞--Ektron CMS是企业级Web内容管理系统。 Ektron CMS 8.02 Service Pack 5之前版本的XslCompiledTransform类在处理用户提交的XSL数据时存在安全漏洞,如果使用XslCompiledTransform类时启用了enablescript设置,远程攻击...

CVE-2012-5358(发布:2017-10-30 10:29:00)NMO
CVSS7.5

[原文]The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read arbitrary files and consequently bypass authentication, modify viewstate, cause a denial of service, or possibly have unspecified other impact via crafted XSL data.

12345678下一页尾页 第1页 / 共4593页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站