CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-21809

A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have admi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：39 | 回复：0
CVE-2021-34067

Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：18 | 回复：0
CVE-2021-34068

Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：10 | 回复：0
CVE-2021-34069

Divide-by-zero bug in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：10 | 回复：0
CVE-2021-34070

Out-of-bounds Read in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：13 | 回复：0
CVE-2021-34071

Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：11 | 回复：0
CVE-2021-2322

Vulnerability in OpenGrok (component: Web App). Versions that are affected are 1.6.7 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to comprom ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：7 | 回复：0
CVE-2021-32823

In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. In affected versions it is very slow for certain classes in BinData to be created. For example BinDat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：7 | 回复：0
CVE-2021-35041

The blockchain node in FISCO-BCOS V2.7.2 may have a bug when dealing with unformatted packet and lead to a crash. A malicious node can send a packet continuously. The packet is in an incorrect format ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：7 | 回复：0
CVE-2021-28800

A command injection vulnerability has been reported to affect QNAP NAS running legacy versions of QTS. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：11 | 回复：0
CVE-2021-25649

** UNSUPPORTED WHEN ASSIGNED ** An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services. This vulnerability may potentially allow any ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：12 | 回复：0
CVE-2021-25650

** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a pri ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：13 | 回复：0
CVE-2021-25651

** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to escalate privileges. Affects all 7.x versi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：13 | 回复：0
CVE-2021-25652

An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：20 | 回复：0
CVE-2021-25653

A privilege escalation vulnerability was discovered in Avaya Aura Appliance Virtualization Platform Utilities (AVPU) that may potentially allow a local user to escalate privileges. Affects 8.0.0.0 thr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：23 | 回复：0
CVE-2021-25655

A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrusted site through a crafted attack. Affected versions include 7.0 through 7.2 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：16 | 回复：0
CVE-2021-25656

Stored XSS injection vulnerabilities were discovered in the Avaya Aura Experience Portal Web management which could allow an authenticated user to potentially disclose sensitive information. Affected ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：15 | 回复：0
CVE-2020-7862

A vulnerability in agent program of HelpU remote control solution could allow an authenticated remote attacker to execute arbitrary commands This vulnerability is due to insufficient input santization ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：22 | 回复：0
CVE-2021-21737

A smart STB product of ZTE is impacted by a permission and access control vulnerability. Due to insufficient protection of system application, attackers could use this vulnerability to tamper with the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：17 | 回复：0
CVE-2021-25923

In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. If a malicious user is aware of the first 72 characters of th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：18 | 回复：0
CVE-2020-28097

The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：10 | 回复：0
CVE-2021-26585

A potential vulnerability has been identified in HPE OneView Global Dashboard release 2.31 which could lead to a local disclosure of privileged information. HPE has provided an update to OneView Globa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：10 | 回复：0
CVE-2021-31412

Improper sanitization of path in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.14 (Vaadin 10.0.0 through 10.0.18), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14), ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：10 | 回复：0
CVE-2021-33604

URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows local us ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：12 | 回复：0
CVE-2021-23991

If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may sen ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：26 | 回复：0
CVE-2021-23992

Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature. An attacker may create a crafted version of an OpenPGP key, by either replacing the original user ID ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：20 | 回复：0
CVE-2021-23993

An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self signature, a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：12 | 回复：0
CVE-2021-23994

A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：26 | 回复：0
CVE-2021-23995

When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnera ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：28 | 回复：0
CVE-2021-23996

By utilizing 3D CSS in conjunction with Javascript, content could have been rendered outside the webpage's viewport, resulting in a spoofing attack that could have been used for phishing or other ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：17 | 回复：0
CVE-2021-23997

Due to unexpected data type conversions, a use-after-free could have occurred when interacting with the font cache. We presume that with enough effort this could have been exploited to run arbitrary c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：15 | 回复：0
CVE-2021-23998

Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：21 | 回复：0
CVE-2021-23999

If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vuln ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：17 | 回复：0
CVE-2021-24000

A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain elements ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：20 | 回复：0
CVE-2021-24001

A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations. T ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：17 | 回复：0
CVE-2021-24002

When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. Thi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：15 | 回复：0
CVE-2021-27658

exacqVision Enterprise Manager 20.12 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to ot ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：14 | 回复：0
CVE-2021-27659

exacqVision Web Service 21.03 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other use ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：6 | 回复：0
CVE-2021-29944

Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a Content Security Policy prevents direct code execution, HTML injection is still possible. *Note: This issue on ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：10 | 回复：0
CVE-2021-29945

The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. *Note: This issue only affected x86-32 platforms. Other platforms are unaffecte ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：9 | 回复：0