CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-30563

Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：11 | 回复：0
CVE-2021-30564

Heap buffer overflow in WebXR in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：13 | 回复：0
CVE-2021-32803

The npm package tar (aka node-tar) before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. `node-tar` aims to guaran ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：16 | 回复：0
CVE-2021-32804

The npm package tar (aka node-tar) before versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has a arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. node-tar aims t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：18 | 回复：0
CVE-2021-33320

The Flags module in Liferay Portal 7.3.1 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2 before fix pack 5, does not limit the rate at which content can be flagged ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：33 | 回复：0
CVE-2021-33321

Insecure default configuration in Liferay Portal 6.2.3 through 7.3.2, and Liferay DXP before 7.3, allows remote attackers to enumerate user email address via the forgot password functionality. The por ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：15 | 回复：0
CVE-2021-33322

In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 18, and 7.2 before fix pack 5, password reset tokens are not invalidated after a user changes their pas ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：20 | 回复：0
CVE-2021-33323

The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, autosaves form values for unauthenticated users, which allows ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：15 | 回复：0
CVE-2021-33324

The Layout module in Liferay Portal 7.1.0 through 7.3.1, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 5, does not properly check permission of pages, which allows remote authenticat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：24 | 回复：0
CVE-2021-33325

The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19, and 7.2 before fix pack 7, user's clear text passwords are stored in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：23 | 回复：0
CVE-2021-33326

Cross-site scripting (XSS) vulnerability in the Frontend JS module in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20 and 7.2 before fix pack 9, allows ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：19 | 回复：0
CVE-2021-33327

The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3, and Liferay DXP 7.0 fix pack pack 93 and 94, 7.1 fix pack 18, and 7.2 before fix pack 8, does not properly check user permission ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：26 | 回复：0
CVE-2021-33328

Cross-site scripting (XSS) vulnerability in the Asset module's edit vocabulary page in Liferay Portal 7.0.0 through 7.3.4, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2 b ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：14 | 回复：0
CVE-2021-33330

Liferay Portal 7.2.0 through 7.3.2, and Liferay DXP 7.2 before fix pack 9, allows access to Cross-origin resource sharing (CORS) protected resources if the user is only authenticated using the portal ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：18 | 回复：0
CVE-2021-35343

Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.Ajax.php in SeedDMS v5.1.x5.1.23 and v6.0.x6.0.16 allows a remote attacker to edit document name without victim's knowledge, by entici ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：22 | 回复：0
CVE-2021-36542

Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.LockDocument.php in SeedDMS v5.1.x5.1.23 and v6.0.x 6.0.16 allows a remote attacker to lock any document without victim's knowledge, b ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：18 | 回复：0
CVE-2021-36543

Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.UnlockDocument.php in SeedDMS v5.1.x 5.1.23 and v6.0.x 6.0.16 allows a remote attacker to unlock any document without victim's knowled ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：19 | 回复：0
CVE-2021-36701

In htmly version 2.8.1, is vulnerable to an Arbitrary File Deletion on the local host when delete backup files. The vulnerability may allow a remote attacker to delete arbitrary know files on the host ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：26 | 回复：0
CVE-2021-36702

The content field in the regular post page of the add content menu under dashboard in htmly 2.8.1 has a storage cross site scripting (XSS) vulnerability. It allows remote attackers to send authenticat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：17 | 回复：0
CVE-2021-36703

The blog title field in the Settings menu config page of dashboard in htmly 2.8.1 has a storage cross site scripting (XSS) vulnerability. It allows remote attackers to send an authenticated post HTTP ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：16 | 回复：0
CVE-2021-30565

Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds me ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：28 | 回复：0
CVE-2021-30566

Stack buffer overflow in Printing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit stack corruption via a crafted HTML ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：25 | 回复：0
CVE-2021-30567

Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to open DevTools to potentially exploit heap corruption via specific user gesture.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：19 | 回复：0
CVE-2021-30568

Heap buffer overflow in WebGL in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：19 | 回复：0
CVE-2021-30569

Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：18 | 回复：0
CVE-2021-30571

Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape vi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：18 | 回复：0
CVE-2021-30572

Use after free in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：24 | 回复：0
CVE-2021-30573

Use after free in GPU in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：65 | 回复：0
CVE-2021-30574

Use after free in protocol handling in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：66 | 回复：0
CVE-2021-30575

Out of bounds write in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML pag ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：45 | 回复：0
CVE-2021-30576

Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：41 | 回复：0
CVE-2021-30577

Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform local privilege escalation via a crafted file.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：44 | 回复：0
CVE-2021-30578

Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：44 | 回复：0
CVE-2021-30579

Use after free in UI framework in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：53 | 回复：0
CVE-2021-30580

Insufficient policy enforcement in Android intents in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious application to obtain potentially sensitive i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：44 | 回复：0
CVE-2021-30581

Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：57 | 回复：0
CVE-2021-30582

Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：34 | 回复：0
CVE-2021-30583

Insufficient policy enforcement in image handling in iOS in Google Chrome on iOS prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：39 | 回复：0
CVE-2021-30584

Incorrect security UI in Downloads in Google Chrome on Android prior to 92.0.4515.107 allowed a remote attacker to perform domain spoofing via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：46 | 回复：0
CVE-2021-30585

Use after free in sensor handling in Google Chrome on Windows prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：44 | 回复：0