CVSS评分在区间 [7,9.9] 的搜索结果 (27557)

CVE-2012-4449(发布:2017-10-30 15:29:00)NM

[原文]Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-dependent attackers to crack secret keys via a brute-force attack.

CVE-2013-4366(发布:2017-10-30 15:29:00)NM

[原文]http/impl/client/ in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification.

CVE-2014-0115(发布:2017-10-30 12:29:00)NM

[原文]Directory traversal vulnerability in the log viewer in Apache Storm allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to log.

CVE-2017-9450(发布:2017-10-30 10:29:00)NMS

[原文]The Amazon Web Services (AWS) CloudFormation bootstrap tools package (aka aws-cfn-bootstrap) before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the ability to create files in an unspecified directory.

CVE-2012-5357(发布:2017-10-30 10:29:00)NMCOEPS

[CNNVD]Ektron CMS ‘XslCompiledTransform’类远程代码执行漏洞--Ektron CMS是企业级Web内容管理系统。 Ektron CMS 8.02 Service Pack 5之前版本的XslCompiledTransform类在处理用户提交的XSL数据时存在安全漏洞,如果使用XslCompiledTransform类时启用了enablescript设置,远程攻击...

CVE-2012-5358(发布:2017-10-30 10:29:00)NMO

[原文]The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read arbitrary files and consequently bypass authentication, modify viewstate, cause a denial of service, or possibly have unspecified other impact via crafted XSL data.

12345678下一页尾页 第1页 / 共4593页