CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2019-13776

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: some publication ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：59 | 回复：0
CVE-2021-37981

Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：69 | 回复：0
CVE-2021-37982

Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：56 | 回复：0
CVE-2021-37983

Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：45 | 回复：0
CVE-2021-37984

Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：55 | 回复：0
CVE-2021-37985

Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had convinced a user to allow for connection to debugger to potentially exploit heap corruption via a crafted ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：52 | 回复：0
CVE-2021-37986

Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to engage with Dev Tools to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：55 | 回复：0
CVE-2021-37987

Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：63 | 回复：0
CVE-2021-37988

Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who convinced a user to engage in specific gestures to potentially exploit heap corruption via a crafted HTM ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：61 | 回复：0
CVE-2021-37989

Inappropriate implementation in Blink in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to abuse content security policy via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：64 | 回复：0
CVE-2021-37990

Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote attacker to leak cross-origin data via a crafted app.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：50 | 回复：0
CVE-2021-37991

Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：63 | 回复：0
CVE-2021-37992

Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：52 | 回复：0
CVE-2021-37993

Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：52 | 回复：0
CVE-2021-37994

Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：44 | 回复：0
CVE-2021-37995

Inappropriate implementation in WebApp Installer in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially overlay and spoof the contents of the Omnibox (URL bar) via a crafted H ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：63 | 回复：0
CVE-2021-37996

Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a malicious file.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：44 | 回复：0
CVE-2021-42697

Akka HTTP 10.1.x and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：59 | 回复：0
CVE-2021-43264

In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, adjusting the path component for the page help file allows attackers to bypass the intended access control for HTML files via directory travers ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：57 | 回复：0
CVE-2021-43265

In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, certain tag syntax could be used for XSS, such as via a SCRIPT element.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：71 | 回复：0
CVE-2021-43266

In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting collections via PDF export could lead to code execution via shell metacharacters in a collection name.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：59 | 回复：0
CVE-2018-6122

Type confusion in WebAssembly in Google Chrome prior to 66.0.3359.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：62 | 回复：0
CVE-2018-6125

Insufficient policy enforcement in USB in Google Chrome on Windows prior to 67.0.3396.62 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：63 | 回复：0
CVE-2020-16048

Out of bounds read in ANGLE allowed a remote attacker to obtain sensitive data via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：77 | 回复：0
CVE-2020-6492

Use after free in ANGLE in Google Chrome prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：76 | 回复：0
CVE-2021-43267

An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient valida ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：79 | 回复：0
CVE-2021-43270

Datalust Seq.App.EmailPlus (aka seq-app-htmlemail) 3.1.0-dev-00148, 3.1.0-dev-00170, and 3.1.0-dev-00176 can use cleartext SMTP on port 25 in some cases where encryption on port 465 was intended.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：61 | 回复：0
CVE-2020-27820

A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without powe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：72 | 回复：0
CVE-2021-20135

Nessus versions 8.15.2 and earlier were found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Ag ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：75 | 回复：0
CVE-2021-42574

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft sourc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:28 | 阅读：30 | 回复：0
CVE-2021-42694

An issue was discovered in the character definitions of the Unicode Specification through 14.0. The specification allows an adversary to produce source code identifiers such as function names using ho ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:28 | 阅读：49 | 回复：0
CVE-2021-40348

Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:28 | 阅读：44 | 回复：0
CVE-2015-10001

The WP-Stats WordPress plugin before 2.52 does not have CSRF check when saving its settings, and did not escape some of them when outputting them, allowing attacker to make logged in high privilege us ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:28 | 阅读：38 | 回复：0
CVE-2015-20019

The Content text slider on post WordPress plugin before 6.9 does not sanitise and escape the Title and Message/Content settings, which could lead to Cross-Site Scripting issues……

作者：菜鸟教程小白 | 时间：2022-2-5 12:28 | 阅读：40 | 回复：0
CVE-2015-20067

The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:28 | 阅读：34 | 回复：0
CVE-2018-25019

The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndash_assignment_process_init() function, which could allow unauthe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:28 | 阅读：33 | 回复：0
CVE-2020-36503

The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some connections' fields, which could lead to a CSV injection issue……

作者：菜鸟教程小白 | 时间：2022-2-5 12:28 | 阅读：37 | 回复：0
CVE-2020-36504

The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF check in place when deleting a quiz, which could allow an attacker to make a logged in admin delete arbitrary quiz on the blog……

作者：菜鸟教程小白 | 时间：2022-2-5 12:28 | 阅读：32 | 回复：0
CVE-2020-36505

The Delete All Comments Easily WordPress plugin through 1.3 is lacking Cross-Site Request Forgery (CSRF) checks, which could result in an unauthenticated attacker making a logged in admin delete all c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:28 | 阅读：33 | 回复：0
CVE-2021-24539

The Coming Soon, Under Construction Maintenance Mode By Dazzler WordPress plugin before 1.6.7 does not sanitise or escape its description setting when outputting it in the frontend when the Coming So ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:28 | 阅读：38 | 回复：0