CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-28556

Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a DOM-based Cross-Site Scripting vulnerability on mage-messages cookies. Successful exploitation ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：32 | 回复：0
CVE-2021-28562

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability when executing search que ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：28 | 回复：0
CVE-2021-28563

Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by an Improper Authorization vulnerability via the 'Create Customer' endpoint. Successful e ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：30 | 回复：0
CVE-2021-28570

Adobe After Effects version 18.1 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An unauthenticated attacker could exploit this to to plant custom binaries and execute ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：31 | 回复：0
CVE-2021-28573

Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to di ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：26 | 回复：0
CVE-2021-28574

Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to di ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：28 | 回复：0
CVE-2021-28575

Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to di ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：42 | 回复：0
CVE-2021-28576

Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to di ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：26 | 回复：0
CVE-2021-28583

Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Violation of Secure Design Principles vulnerability in RMA PDF filename formats. Successful ex ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：22 | 回复：0
CVE-2021-28584

Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Path Traversal vulnerability when creating a store with child theme.Successful exploitation co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：32 | 回复：0
CVE-2021-28585

Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by an Improper input validation vulnerability in the New customer WebAPI.Successful exploitation co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：22 | 回复：0
CVE-2021-28586

After Effects version 18.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this iss ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：17 | 回复：0
CVE-2021-28587

After Effects versions 18.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：25 | 回复：0
CVE-2021-28579

Adobe Connect version 11.2.1 (and earlier) is affected by an Improper access control vulnerability that can lead to the elevation of privileges. An attacker with 'Learner' permissions can leve ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：47 | 回复：0
CVE-2021-28588

Adobe RoboHelp Server version 2019.0.9 (and earlier) is affected by a Path Traversal vulnerability when parsing a crafted HTTP POST request. An authenticated attacker could leverage this vulnerability ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：18 | 回复：0
CVE-2021-28597

Adobe Photoshop Elements version 5.2 (and earlier) is affected by an insecure temporary file creation vulnerability. An unauthenticated attacker could leverage this vulnerability to call functions aga ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：36 | 回复：0
CVE-2021-28623

Adobe Premiere Elements version 5.2 (and earlier) is affected by an insecure temporary file creation vulnerability. An unauthenticated attacker could leverage this vulnerability to call functions agai ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：21 | 回复：0
CVE-2021-32718

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation m ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：39 | 回复：0
CVE-2021-35456

Online Pet Shop We App 1.0 is vulnerable to remote SQL injection and shell upload……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：16 | 回复：0
CVE-2021-3556

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: Assigned but a duplicate for CVE-2021-3559.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：15 | 回复：0
CVE-2020-23710

Cross Site Scripting (XSS) vulneraiblity in LimeSurvey 4.2.5 on textbox via the Notifications data feature.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：20 | 回复：0
CVE-2021-20413

IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be u ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：34 | 回复：0
CVE-2021-20494

IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a heap based buffer overflow, caused by improper bounds. An authenticared user could overflow the buffer and cause the service to c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：28 | 回复：0
CVE-2021-20572

IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow the and cause the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：27 | 回复：0
CVE-2021-20573

IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow the and cause the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：28 | 回复：0
CVE-2021-20574

IBM Security Identity Manager Adapters 6.0 and 7.0 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulner ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：25 | 回复：0
CVE-2021-29693

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user that is in the with elevated group privileges to cause a denial of service due to a vulnerability in the lpd daemon. IBM X-Force ID: 200255.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：51 | 回复：0
CVE-2021-29751

IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 could allow an authenticated user to obtain sensitive information about another user under nondefault ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：36 | 回复：0
CVE-2021-29775

IBM Business Automation Workflow 19.0.03 and 20.0 and IBM Cloud Pak for Automation 20.0.3-IF002 and 21.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary Ja ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：26 | 回复：0
CVE-2021-32719

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：71 | 回复：0
CVE-2021-34187

main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Injection via the searchField, filters, or filters2 parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：22 | 回复：0
CVE-2021-34254

Umbraco CMS before 7.15.7 is vulnerable to Open Redirection due to insufficient url sanitization on booting.aspx.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：29 | 回复：0
CVE-2020-23711

SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET input category in navigate.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：25 | 回复：0
CVE-2020-23715

Directory Traversal vulnerability in Webport CMS 1.19.10.17121 via the file parameter to file/download.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：26 | 回复：0
CVE-2021-35523

Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe configuration handling that enables local privilege escalation to NT AUTHORITY\SYSTEM. A non-privileged local user can modify the Open ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：30 | 回复：0
CVE-2020-20640

Cross Site Scripting (XSS) vulnerability in ECShop 4.0 due to security filtering issues, in the user.php file, we can use the html entity encoding to bypass the security policy of the safety.php file, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：21 | 回复：0
CVE-2021-35525

PostSRSd before 1.11 allows a denial of service (subprocess hang) if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：21 | 回复：0
CVE-2020-22607

Cross Site Scripting vulnerabilty in LimeSurvey 4.1.11+200316 via the (1) name and (2) description parameters in application/controllers/admin/PermissiontemplatesController.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：26 | 回复：0
CVE-2020-22608

Cross Site Scripting vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter to include/ajax.search.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:52 | 阅读：20 | 回复：0
CVE-2021-0559

In Lag_max of p_ol_wgh.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：16 | 回复：0