CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-32773

Racket is a general-purpose programming language and an ecosystem for language-oriented programming. In versions prior to 8.2, code evaluated using the Racket sandbox could cause system modules to inc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：18 | 回复：0
CVE-2021-32774

DataDump is a MediaWiki extension that provides dumps of wikis. Prior to commit 67a82b76e186925330b89ace9c5fd893a300830b, DataDump had no protection against CSRF attacks so requests to generate or del ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：6 | 回复：0
CVE-2021-26081

REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to enumerate usernames via ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：12 | 回复：0
CVE-2021-26082

The XML Export in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：18 | 回复：0
CVE-2021-26083

Export HTML Report in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to inject arbitr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：6 | 回复：0
CVE-2019-25050

netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：12 | 回复：0
CVE-2019-25051

objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list).……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：25 | 回复：0
CVE-2020-36428

matio (aka MAT File I/O Library) 1.5.18 through 1.5.21 has a heap-based buffer overflow in ReadInt32DataDouble (called from ReadInt32Data and Mat_VarRead4).……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：26 | 回复：0
CVE-2020-36429

Variant_encodeJson in open62541 1.x before 1.0.4 has an out-of-bounds write for a large recursion depth.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：10 | 回复：0
CVE-2020-36430

libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：9 | 回复：0
CVE-2020-36431

Unicorn Engine 1.0.2 has an out-of-bounds write in helper_wfe_arm.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：10 | 回复：0
CVE-2021-35054

Minecraft before 1.17.1, when online-mode=false is configured, allows path traversal for deletion of arbitrary JSON files.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：11 | 回复：0
CVE-2021-36976

libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：9 | 回复：0
CVE-2021-36977

matio (aka MAT File I/O Library) 1.5.20 and 1.5.21 has a heap-based buffer overflow in H5MM_memcpy (called from H5MM_malloc and H5C_load_entry), related to use of HDF5 1.12.0.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：12 | 回复：0
CVE-2021-36978

QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in Pl_ASCII85Decoder::write (called from Pl_AES_PDF::flush and Pl_AES_PDF::finish) when a certain downstream write fails ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：23 | 回复：0
CVE-2021-36979

Unicorn Engine 1.0.2 has an out-of-bounds write in tb_flush_armeb (called from cpu_arm_exec_armeb and tcg_cpu_exec_armeb).……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：30 | 回复：0
CVE-2021-36980

Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：21 | 回复：0
CVE-2020-7866

When using XPLATFORM 9.2.2.270 or earlier versions ActiveX component, arbitrary commands can be executed due to improper input validation……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：10 | 回复：0
CVE-2021-22125

An instance of improper neutralization of special elements in the sniffer module of FortiSandbox before 3.2.2 may allow an authenticated administrator to execute commands on the underlying system' ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：21 | 回复：0
CVE-2021-24022

A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and FortiManager CLI 6.4.5 and below, 6.2.7 and below, 6.0.x may allow an authenticated, local attacker to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：13 | 回复：0
CVE-2021-26095

The combination of various cryptographic issues in the session management of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6, including the encryption construction of the session cookie, may all ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：20 | 回复：0
CVE-2021-27021

A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：38 | 回复：0
CVE-2021-32463

An incorrect permission assignment denial-of-service vulnerability in Trend Micro Apex One, Apex One as a Service (SaaS), Worry-Free Business Security 10.0 SP1 and Worry-Free Servgices could allow a l ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：31 | 回复：0
CVE-2020-15660

Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：24 | 回复：0
CVE-2021-22235

Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：14 | 回复：0
CVE-2021-27338

Faraday Edge before 3.7 allows XSS via the network/create/ page and its network name parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：9 | 回复：0
CVE-2021-27517

Foxit PDF SDK For Web through 7.5.0 allows XSS. There is arbitrary JavaScript code execution in the browser if a victim uploads a malicious PDF document containing embedded JavaScript code that abuses ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：28 | 回复：0
CVE-2020-35427

SQL injection vulnerability in PHPGurukul Employee Record Management System 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：12 | 回复：0
CVE-2021-32667

TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When _Page ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：11 | 回复：0
CVE-2021-32668

TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When error ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：18 | 回复：0
CVE-2021-3246

A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：21 | 回复：0
CVE-2021-32669

TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When settin ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：11 | 回复：0
CVE-2021-32767

TYPO3 is an open source PHP based web content management system. In versions 9.0.0 through 9.5.27, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0, user credentials may been logged as plain-text. Th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：15 | 回复：0
CVE-2021-20478

IBM Cloud Pak System 2.3 could allow a local user in some situations to view the artifacts of another user in self service console. IBM X-Force ID: 197497.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：13 | 回复：0
CVE-2021-32763

OpenProject is open-source, web-based project management software. In versions prior to 11.3.3, the `MessagesController` class of OpenProject has a `quote` method that implements the logic behind the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：29 | 回复：0
CVE-2020-25205

The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 is vulnerable to stored XSS in the set_banner() function of /var/www/core/controller/index.php. An unauthenticated attacker may set ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：34 | 回复：0
CVE-2020-25206

The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 allows authenticated command injection in the Throughput, WANStats, PhyStats, and QosStats API classes. An attacker with access to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：6 | 回复：0
CVE-2021-33909

fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：5 | 回复：0
CVE-2021-33910

basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：6 | 回复：0
CVE-2020-23284

Information disclosure in aspx pages in MV's IDCE application v1.0 allows an attacker to copy and paste aspx pages in the end of the URL application that connect into the database which reveals in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：16 | 回复：0