CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-21739

A ZTE's product of the transport network access layer has a security vulnerability. Because the system does not sufficiently verify the data reliability, attackers could replace an authenticated o ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：40 | 回复：0
CVE-2021-21863

A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：26 | 回复：0
CVE-2021-22240

Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14.0.2 allows users to be created via single sign on despite user cap being enabled……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：23 | 回复：0
CVE-2021-22241

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0. It was possible to exploit a stored cross-site-scripting via a specifically crafted default branch name.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：27 | 回复：0
CVE-2021-23849

A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (CSRF - Cross Site Request Forgery). This requir ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：26 | 回复：0
CVE-2021-25443

A use after free vulnerability in conn_gadget driver prior to SMR AUG-2021 Release 1 allows malicious action by an attacker.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：31 | 回复：0
CVE-2021-25444

An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom keyblob with privileged process.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：33 | 回复：0
CVE-2021-25445

Unprotected component vulnerability in Samsung Internet prior to version 14.2 allows untrusted application to access internal files in Samsung Internet.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：37 | 回复：0
CVE-2021-25446

Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause arbitrary webpage loading in webview.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：42 | 回复：0
CVE-2021-25447

Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause local file inclusion in webview.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：29 | 回复：0
CVE-2021-25448

Improper access control vulnerability in Smart Touch Call prior to version 1.0.0.5 allows arbitrary webpage loading in webview.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：40 | 回复：0
CVE-2021-29969

If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't igno ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：39 | 回复：0
CVE-2021-29970

A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerabilit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：16 | 回复：0
CVE-2021-29971

If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. *This bug only affects F ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：26 | 回复：0
CVE-2021-29972

A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediated other, unknown security vulnerabiliti ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：20 | 回复：0
CVE-2021-29973

Password autofill was enabled without user interaction on insecure websites on Firefox for Android. This was corrected to require user interaction with the page before a user's password would be e ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：28 | 回复：0
CVE-2021-29974

When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error on a domain which had specified HTTP Strict ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：21 | 回复：0
CVE-2021-29975

Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain (with the new domain correctly ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：53 | 回复：0
CVE-2021-29976

Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort so ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：34 | 回复：0
CVE-2021-29977

Mozilla developers reported memory safety bugs present in Firefox 89. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been explo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：21 | 回复：0
CVE-2021-29978

Multiple low security issues were discovered and fixed in a security audit of Mozilla VPN 2.x branch as part of a 3rd party security audit. This vulnerability affects Mozilla VPN 2.3.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：40 | 回复：0
CVE-2021-32576

Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 1 of 2).……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：42 | 回复：0
CVE-2021-32577

Acronis True Image prior to 2021 Update 5 for Windows allowed local privilege escalation due to insecure folder permissions.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：28 | 回复：0
CVE-2021-32578

Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 2 of 2).……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：27 | 回复：0
CVE-2021-32579

Acronis True Image prior to 2021 Update 4 for Windows and Acronis True Image prior to 2021 Update 5 for macOS allowed an unauthenticated attacker (who has a local code execution ability) to tamper wit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：40 | 回复：0
CVE-2021-32580

Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to DLL hijacking.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：31 | 回复：0
CVE-2021-32581

Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Image prior to 2021 Update 5 for Mac, Acronis Agent prior to build 26653, Acronis Cyber Protect prior to build 27009 did not impleme ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：29 | 回复：0
CVE-2021-33596

Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. Exploiting the vulnerability requir ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：37 | 回复：0
CVE-2021-33597

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be trigg ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：25 | 回复：0
CVE-2021-34371

Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code exe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：33 | 回复：0
CVE-2021-34631

The NewsPlugin WordPress plugin is vulnerable to Cross-Site Request Forgery via the handle_save_style function found in the ~/news-plugin.php file which allows attackers to inject arbitrary web script ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：42 | 回复：0
CVE-2021-35306

An issue was discovered in Bento4 through v1.6.0-636. A NULL pointer dereference exists in the function AP4_StszAtom::WriteFields located in Ap4StszAtom.cpp. It allows an attacker to cause a denial of ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：78 | 回复：0
CVE-2021-35307

An issue was discovered in Bento4 through v1.6.0-636. A NULL pointer dereference exists in the AP4_DescriptorFinder::Test component located in /Core/Ap4Descriptor.h. It allows an attacker to cause a d ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：33 | 回复：0
CVE-2021-36584

An issue was discovered in GPAC 1.0.1. There is a heap-based buffer overflow in the function gp_rtp_builder_do_tx3g function in ietf/rtp_pck_3gpp.c, as demonstrated by MP4Box. This can cause a denial ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：27 | 回复：0
CVE-2021-37614

In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3), SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the datab ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：44 | 回复：0
CVE-2021-37859

Fixed a bypass for a reflected cross-site scripting vulnerability affecting OAuth-enabled instances of Mattermost.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：37 | 回复：0
CVE-2021-3679

A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (w ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：40 | 回复：0
CVE-2021-3682

A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：36 | 回复：0
CVE-2020-7863

A vulnerability in File Transfer Solution of Raonwiz could allow arbitrary command execution as the result of viewing a specially-crafted web page. This vulnerability is due to insufficient validation ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：42 | 回复：0
CVE-2021-1630

XML external entity (XXE) vulnerability affecting certain versions of a Mule runtime component that may affect CloudHub, GovCloud, Runtime Fabric, Pivotal Cloud Foundry, Private Cloud Edition, and on- ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：54 | 回复：0