CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2020-18440

Buffer overflow vulnerability in framework/init.php in qinggan phpok 5.1, allows attackers to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：53 | 回复：0
CVE-2020-20657

Buffer overflow vulnerability in fcovatti libiec_iccp_mod v1.5, allows attackers to cause a denial of service via an unexpected packet while trying to connect.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：53 | 回复：0
CVE-2020-20658

Buffer overflow vulnerability in fcovatti libiec_iccp_mod v1.5, allows attackers to cause a denail of service when trying to calloc an unexpectiedly large space.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：48 | 回复：0
CVE-2020-21572

Buffer overflow vulnerability in function src_parser_trans_stage_1_2_3 trgil gilcc before commit 803969389ca9c06237075a7f8eeb1a19e6651759, allows attackers to cause a denial of service.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：52 | 回复：0
CVE-2020-21573

An issue was discoverered in in abhijitnathwani image-processing v0.1.0, allows local attackers to cause a denial of service via a crafted image file.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：55 | 回复：0
CVE-2020-21574

Buffer overflow vulnerability in YotsuyaNight c-http v0.1.0, allows attackers to cause a denial of service via a long url request which is passed to the delimitedread function.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：42 | 回复：0
CVE-2020-23685

SQL Injection vulnerability in 188Jianzhan v2.1.0, allows attackers to execute arbitrary code and gain escalated privileges, via the username parameter to login.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：50 | 回复：0
CVE-2020-23686

Cross site request forgery (CSRF) vulnerability in AyaCMS 3.1.2 allows attackers to change an administrators password or other unspecified impacts.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：64 | 回复：0
CVE-2020-23718

Cross site scripting (XSS) vulnerability in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the route parameter to index.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：62 | 回复：0
CVE-2020-23719

Cross site scripting (XSS) vulnerability in application/controllers/AdminController.php in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the bbsmeta parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：47 | 回复：0
CVE-2020-23754

Cross Site Scripting (XSS) vulnerability in infusions/member_poll_panel/poll_admin.php in PHP-Fusion 9.03.50, allows attackers to execute arbitrary code, via the polls feature.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：70 | 回复：0
CVE-2021-26107

An improper access control vulnerability in FortiManager versions 6.4.4 and 6.4.5 may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs usi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：74 | 回复：0
CVE-2021-32595

Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP reque ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：76 | 回复：0
CVE-2021-36172

An improper restriction of XML external entity reference vulnerability in the parser of XML responses of FortiPortal before 6.0.6 may allow an attacker who controls the producer of XML reports consume ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：72 | 回复：0
CVE-2021-36181

A concurrent execution using shared resource with improper Synchronization vulnerability ('Race Condition') in the customer database interface of FortiPortal before 6.0.6 may allow an authenti ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：64 | 回复：0
CVE-2021-41019

An improper validation of certificate with host mismatch vulnerability in FortiOS versions 6.4.6 and below may allow the connection to a malicious LDAP server via options in GUI, leading to disclosur ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：57 | 回复：0
CVE-2021-41232

Thunderdome is an open source agile planning poker tool in the theme of Battling for points. In affected versions there is an LDAP injection vulnerability which affects instances with LDAP authenticat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：78 | 回复：0
CVE-2021-41238

Hangfire is an open source system to perform background job processing in a .NET or .NET Core applications. No Windows Service or separate process required. Dashboard UI in Hangfire.Core uses authoriz ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：63 | 回复：0
CVE-2020-15935

A cleartext storage of sensitive information in GUI in FortiADC versions 5.4.3 and below, 6.0.0 and below may allow a remote authenticated attacker to retrieve some sensitive information such as users ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：60 | 回复：0
CVE-2021-36174

A memory allocation with excessive size value vulnerability in the license verification function of FortiPortal before 6.0.6 may allow an attacker to perform a denial of service attack via specially c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：59 | 回复：0
CVE-2021-36176

Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP reque ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：43 | 回复：0
CVE-2021-36183

An improper authorization vulnerability in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：69 | 回复：0
CVE-2021-36184

A improper neutralization of Special Elements used in an SQL Command ('SQL Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclosure device, users and database inf ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：51 | 回复：0
CVE-2021-36185

A improper neutralization of special elements used in an OS command ('OS Command Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute unauthorized code or comman ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：59 | 回复：0
CVE-2021-36186

A stack-based buffer overflow in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：45 | 回复：0
CVE-2021-36187

A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker to cause a denial of service for webserver daemon via crafted HTTP req ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：68 | 回复：0
CVE-2021-41022

A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute privileged code or commands via powershell scripts……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：56 | 回复：0
CVE-2021-41023

A unprotected storage of credentials in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows an authenticated user to disclosure agent password due to plaintext credential storage in log fi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：49 | 回复：0
CVE-2021-42754

An improper control of generation of code vulnerability in FortiClientMacOS versions 7.0.0 and below and 6.4.5 and below may allow an authenticated attacker to hijack the MacOS camera without the use ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：62 | 回复：0
CVE-2018-6044

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-16064. Reason: This candidate is a reservation duplicate of CVE-2018-16064. Notes: All CVE users should reference CVE-2018-16064 ins ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：63 | 回复：0
CVE-2018-6058

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11215. Reason: This candidate is a reservation duplicate of CVE-2017-11215. Notes: All CVE users should reference CVE-2017-11215 ins ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：65 | 回复：0
CVE-2018-6059

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11225. Reason: This candidate is a reservation duplicate of CVE-2017-11225. Notes: All CVE users should reference CVE-2017-11225 ins ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：59 | 回复：0
CVE-2019-5863

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：58 | 回复：0
CVE-2021-30631

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：81 | 回复：0
CVE-2021-37960

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：71 | 回复：0
CVE-2021-37977

Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：54 | 回复：0
CVE-2021-37978

Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：56 | 回复：0
CVE-2021-37979

heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who convinced a user to browse to a malicious website to potentially exploit heap corruption via a craft ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：43 | 回复：0
CVE-2021-37980

Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：55 | 回复：0
CVE-2017-5123

Insufficient data validation in waitid allowed an user to escape sandboxes on Linux.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：56 | 回复：0