CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-29946

Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox E ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：6 | 回复：0
CVE-2021-29947

Mozilla developers and community members reported memory safety bugs present in Firefox 87. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：5 | 回复：0
CVE-2021-29948

Signatures are written to disk before and read during verification, which might be subject to a race condition when a malicious local process or user is replacing the file. This vulnerability affects ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：11 | 回复：0
CVE-2021-29949

When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filename that isn't distributed by Thunderbird. If a computer h ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：7 | 回复：0
CVE-2021-29950

Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure, the secret key may remain in memory in its unprotected stat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：6 | 回复：0
CVE-2021-29951

The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：13 | 回复：0
CVE-2021-29952

When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This vulnerab ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：20 | 回复：0
CVE-2021-29953

A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resulting in a Universal Cross-Site Scripting vulnerabi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：14 | 回复：0
CVE-2021-29954

Proxy functionality built into Hubs Cloud’s Reticulum software allowed access to internal URLs, including the metadata service. This vulnerability affects Hubs Cloud mozillareality/reticulum/1.0.1/2 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：33 | 回复：0
CVE-2021-29955

A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：26 | 回复：0
CVE-2021-29956

OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master password protection was inactive for thos ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：34 | 回复：0
CVE-2021-29957

If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：32 | 回复：0
CVE-2021-29958

When a download was initiated, the client did not check whether it was in normal or private browsing mode, which led to private mode cookies being shared in normal browsing mode. This vulnerability af ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：28 | 回复：0
CVE-2021-29959

When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. This was only ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：15 | 回复：0
CVE-2021-29960

Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined m ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：8 | 回复：0
CVE-2021-29961

When styling and rendering an oversized `select` element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. This vulnerability affects Firefox 89.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：15 | 回复：0
CVE-2021-29962

Firefox for Android would become unstable and hard-to-recover when a website opened too many popups. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerab ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：6 | 回复：0
CVE-2021-29963

Address bar search suggestions in private browsing mode were re-using session data from normal mode. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerab ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：13 | 回复：0
CVE-2021-29964

A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read. *This bug only affects Firefox on Windows. Other operati ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：11 | 回复：0
CVE-2021-29965

A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：11 | 回复：0
CVE-2021-29966

Mozilla developers reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been explo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：11 | 回复：0
CVE-2021-29967

Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：20 | 回复：0
CVE-2021-29968

When drawing text onto a canvas with WebRender disabled, an out of bounds read could occur. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：7 | 回复：0
CVE-2021-32944

A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：17 | 回复：0
CVE-2021-32948

An out-of-bounds write issue exists in the DWG file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can re ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：26 | 回复：0
CVE-2021-32950

An out-of-bounds read issue exists within the parsing of DXF files in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can resul ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：20 | 回复：0
CVE-2021-32952

An out-of-bounds write issue exists in the DGN file-reading procedure in the Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of user-supplied data. This can result ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：23 | 回复：0
CVE-2021-31818

Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly. Explo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：27 | 回复：0
CVE-2021-34825

Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：20 | 回复：0
CVE-2020-25414

A local file inclusion vulnerability was discovered in the captcha function in Monstra 3.0.4 which allows remote attackers to execute arbitrary PHP code.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：10 | 回复：0
CVE-2021-32078

An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., acc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：19 | 回复：0
CVE-2013-20002

Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework (before 1.2.2) wp-content/themes/elemin/themify/themify-ajax.php file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：11 | 回复：0
CVE-2020-19202

An authenticated Stored XSS (Cross-site Scripting) exists in the captive.cgi Captive Portal via the Title of Login Page text box or TITLE parameter in IPFire 2.21 (x86_64) - Core Update 130. It allows ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：12 | 回复：0
CVE-2020-35373

In Fiyo CMS 2.0.6.1, the 'tag' parameter results in an unauthenticated XSS attack.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：14 | 回复：0
CVE-2021-29706

IBM AIX 7.1 could allow a non-privileged local user to exploit a vulnerability in the trace facility to expose sensitive information or cause a denial of service. IBM X-Force ID: 200663.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：11 | 回复：0
CVE-2021-23396

All versions of package lutils are vulnerable to Prototype Pollution via the main (merge) function.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：17 | 回复：0
CVE-2021-32681

Wagtail is an open source content management system built on Django. A cross-site scripting vulnerability exists in versions 2.13-2.13.1, versions 2.12-2.12.4, and versions prior to 2.11.8. When the ` ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：12 | 回复：0
CVE-2020-36388

In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：11 | 回复：0
CVE-2020-36389

In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：8 | 回复：0
CVE-2021-32575

HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：6 | 回复：0