CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-43617

Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which ar ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：32 | 回复：0
CVE-2020-14424

Cacti before 1.2.18 allows remote attackers to trigger XSS via template import for the midwinter theme.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：16 | 回复：0
CVE-2020-16152

The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP reques ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：14 | 回复：0
CVE-2021-26795

A SQL Injection vulnerability in /appliance/shiftmgn.php in TalariaX sendQuick Alert Plus Server Admin 4.3 before 8HF11 allows attackers to obtain sensitive information via a Roster Time to Roster Man ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：23 | 回复：0
CVE-2021-41057

In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked file without checking permissions.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：14 | 回复：0
CVE-2021-43272

An improper handling of exceptional conditions vulnerability exists in Open Design Alliance ODA Viewer sample before 2022.11. ODA Viewer continues to process invalid or malicious DWF files instead of ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：14 | 回复：0
CVE-2021-43273

An Out-of-bounds Read vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.11. Crafted data in a DGN file and lack of verification of input data can ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：13 | 回复：0
CVE-2021-43274

A Use After Free Vulnerability exists in the Open Design Alliance Drawings SDK before 2022.11. The specific flaw exists within the parsing of DWF files. The issue results from the lack of validating t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：25 | 回复：0
CVE-2021-43275

A Use After Free vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of validating the existence of an object pri ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：26 | 回复：0
CVE-2021-43276

An Out-of-bounds Read vulnerability exists in Open Design Alliance ODA Viewer before 2022.8. Crafted data in a DWF file can trigger a read past the end of an allocated buffer. An attacker can leverage ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：17 | 回复：0
CVE-2021-43277

An out-of-bounds read vulnerability exists in the U3D file reading procedure in Open Design Alliance PRC SDK before 2022.10. Crafted data in a U3D file can trigger a read past the end of an allocated ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：12 | 回复：0
CVE-2021-43278

An Out-of-bounds Read vulnerability exists in the OBJ file reading procedure in Open Design Alliance Drawings SDK before 2022.11. The lack of validating the input length can trigger a read past the en ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：8 | 回复：0
CVE-2021-43279

An out-of-bounds write vulnerability exists in the U3D file reading procedure in Open Design Alliance PRC SDK before 2022.10. Crafted data in a U3D file can trigger a write past the end of an allocate ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：20 | 回复：0
CVE-2021-43280

A stack-based buffer overflow vulnerability exists in the DWF file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of proper validation of the len ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：12 | 回复：0
CVE-2021-43336

An Out-of-Bounds Write vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：13 | 回复：0
CVE-2021-43390

An Out-of-Bounds Write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：12 | 回复：0
CVE-2021-43391

An Out-of-Bounds Read vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：17 | 回复：0
CVE-2021-43618

GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：25 | 回复：0
CVE-2021-43620

An issue was discovered in the fruity crate through 0.2.0 for Rust. Security-relevant validation of filename extensions is plausibly affected. Methods of NSString for conversion to a string may return ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：21 | 回复：0
CVE-2021-41289

ASUS P453UJ contains the Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. With a general user’s permission, local attackers can modify the BIOS by replacing or f ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：16 | 回复：0
CVE-2021-42838

Grand Vice info Co. webopac7 book search field parameter does not properly restrict the input of special characters, thus unauthenticated attackers can inject JavaScript syntax remotely, and further p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：6 | 回复：0
CVE-2021-42839

Grand Vice info Co. webopac7 file upload function fails to filter special characters. While logging in with general user’s permission, remote attackers can upload malicious script and execute arbitra ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：9 | 回复：0
CVE-2021-43495

AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability in alquist/IO/input.py. This attack can cause the disclosure of critical ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：7 | 回复：0
CVE-2021-42706

This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations of WebAccess/MHI Designer……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：12 | 回复：0
CVE-2020-12964

A potential privilege escalation/denial of service issue exists in the AMD Radeon Kernel Mode driver Escape 0x2000c00 Call handler. An attacker with low privilege could potentially induce a Windows Bu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：14 | 回复：0
CVE-2021-22959

The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp v2.1.4 and v6.0.6.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：14 | 回复：0
CVE-2021-42703

This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage, and performing un ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：7 | 回复：0
CVE-2021-43574

** UNSUPPORTED WHEN ASSIGNED ** WebAdmin Control Panel in Atmail 6.5.0 (a version released in 2012) allows XSS via the format parameter to the default URI. NOTE: This vulnerability only affects produc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：9 | 回复：0
CVE-2020-12895

Pool/Heap Overflow in AMD Graphics Driver for Windows 10 in Escape 0x110037 may lead to escalation of privilege, information disclosure or denial of service.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：18 | 回复：0
CVE-2020-12897

Kernel Pool Address disclosure in AMD Graphics Driver for Windows 10 may lead to KASLR bypass.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：15 | 回复：0
CVE-2020-12899

Arbitrary Read in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or denial of service.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：21 | 回复：0
CVE-2020-12900

An arbitrary write vulnerability in the AMD Radeon Graphics Driver for Windows 10 potentially allows unprivileged users to gain Escalation of Privileges and cause Denial of Service.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：24 | 回复：0
CVE-2020-12902

Arbitrary Decrement Privilege Escalation in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：23 | 回复：0
CVE-2020-12904

Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004203 may lead to arbitrary information disclosure.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：10 | 回复：0
CVE-2020-12920

A potential denial of service issue exists in the AMD Display driver Escape 0x130007 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：6 | 回复：0
CVE-2020-12929

Improper parameters validation in some trusted applications of the PSP contained in the AMD Graphics Driver may allow a local attacker to bypass security restrictions and achieve arbitrary code execut ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：12 | 回复：0
CVE-2020-12963

An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows may allow unprivileged users to compromise the system.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：11 | 回复：0
CVE-2021-34991

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400v2 1.0.4.106_10.0.80 routers. Authentication is not required to exploit this vu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：23 | 回复：0
CVE-2021-34992

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS 6.10. Authentication is required to exploit this vulnerability. The specific flaw exi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：17 | 回复：0
CVE-2021-38974

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to cause a denial of service using specially crafted HTTP requests. IBM X-Force ID: 212779.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：11 | 回复：0