CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2020-22886

Buffer overflow vulnerability in function jsG_markobject in jsgc.c in mujs before 1.0.8, allows remote attackers to cause a denial of service.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：44 | 回复：0
CVE-2020-22907

Stack overflow vulnerability in function jsi_evalcode_sub in jsish before 3.0.18, allows remote attackers to cause a Denial of Service via a crafted value to the execute parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：23 | 回复：0
CVE-2021-20360

IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195031.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：39 | 回复：0
CVE-2021-20361

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pote ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：40 | 回复：0
CVE-2021-20362

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pote ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：35 | 回复：0
CVE-2021-20363

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pote ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：29 | 回复：0
CVE-2021-20364

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pote ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：26 | 回复：0
CVE-2021-20365

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pote ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：32 | 回复：0
CVE-2021-20366

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pote ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：29 | 回复：0
CVE-2021-20368

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pote ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：28 | 回复：0
CVE-2021-20369

IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195361.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：27 | 回复：0
CVE-2021-20422

IBM Cloud Pak for Applications 4.3 could disclose sensitive information to a malicious attacker by accessing data stored in memory. IBM X-Force ID: 196304.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：20 | 回复：0
CVE-2021-20423

IBM Cloud Pak for Applications 4.3 could allow an authenticated user gain escalated privilesges due to improper application permissions. IBM X-Force ID: 196308.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：23 | 回复：0
CVE-2021-20424

IBM Cloud Pak for Applications 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in f ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：16 | 回复：0
CVE-2021-34552

Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：25 | 回复：0
CVE-2020-20252

Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL point ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：22 | 回复：0
CVE-2021-31217

In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow file deletion as SYSTEM.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：21 | 回复：0
CVE-2021-36214

LINE client for iOS before 10.16.3 allows cross site script with specific header in WebView.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：21 | 回复：0
CVE-2021-21994

SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. A malicious actor with network access to port 5989 on ESXi may exploit this issue to bypass SFCB authentic ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：47 | 回复：0
CVE-2021-21995

OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. A malicious actor with network access to port 427 on ESXi may be able to trigger a heap out-of-bounds ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：29 | 回复：0
CVE-2021-22000

VMware Thinapp version 5.x prior to 5.2.10 contain a DLL hijacking vulnerability due to insecure loading of DLLs. A malicious actor with non-administrative privileges may exploit this vulnerability to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：25 | 回复：0
CVE-2021-32755

Wire is a collaboration platform. wire-ios-transport handles authentication of requests, network failures, and retries for the iOS implementation of Wire. In the 3.82 version of the iOS application, a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：34 | 回复：0
CVE-2020-19715

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-13110 Reason: This candidate is a duplicate of CVE-2019-13110. Notes: All CVE users should reference CVE-2019-13110 instead of this ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：26 | 回复：0
CVE-2020-19716

A buffer overflow vulnerability in the Databuf function in types.cpp of Exiv2 v0.27.1 leads to a denial of service (DOS).……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：43 | 回复：0
CVE-2020-19717

An unhandled memory allocation failure in Core/Ap48bdlAtom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS).……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：34 | 回复：0
CVE-2020-19718

An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS).……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：42 | 回复：0
CVE-2020-19719

A buffer overflow vulnerability in Ap4ElstAtom.cpp of Bento 1.5.1-628 leads to a denial of service (DOS).……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：36 | 回复：0
CVE-2020-19720

An unhandled memory allocation failure in Core/AP4IkmsAtom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS).……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：26 | 回复：0
CVE-2020-19721

A heap buffer overflow vulnerability in Ap4TrunAtom.cpp of Bento 1.5.1-628 may lead to an out-of-bounds write while running mp42aac, leading to system crashes and a denial of service (DOS).……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：45 | 回复：0
CVE-2020-19722

An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1.5.1-628 causes a direct copy to NULL pointer dereference, leading to a denial of service (DOS).……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：27 | 回复：0
CVE-2021-20747

Improper authorization in handler for custom URL scheme vulnerability in Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 allows a remote attacker to lead ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：37 | 回复：0
CVE-2021-20748

Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an exter ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：34 | 回复：0
CVE-2021-20781

Cross-site request forgery (CSRF) vulnerability in WordPress Meta Data Filter Taxonomies Filter versions prior to v.1.2.8 and versions prior to v.2.2.8 allows remote attackers to hijack the authentic ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：37 | 回复：0
CVE-2021-20782

Cross-site request forgery (CSRF) vulnerability in Software License Manager versions prior to 4.4.6 allows remote attackers to hijack the authentication of administrators via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：41 | 回复：0
CVE-2021-20784

HTTP header injection vulnerability in Everything all versions except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product via unspecif ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：32 | 回复：0
CVE-2021-36373

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：35 | 回复：0
CVE-2021-36374

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. Thi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：33 | 回复：0
CVE-2021-22318

A component of the HarmonyOS 2.0 has a Null Pointer Dereference Vulnerability. Local attackers may exploit this vulnerability to cause system denial of service.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：28 | 回复：0
CVE-2021-25953

Prototype pollution vulnerability in 'putil-merge' versions1.0.0 through 3.6.6 allows attacker to cause a denial of service and may lead to remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：25 | 回复：0
CVE-2021-33667

Under certain conditions, SAP Business Objects Web Intelligence (BI Launchpad) versions - 420, 430, allows an attacker to access jsp source code, through SDK calls, of Analytical Reporting bundle, a p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：25 | 回复：0