CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-31497

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：20 | 回复：0
CVE-2021-31498

This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：18 | 回复：0
CVE-2021-31499

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：16 | 回复：0
CVE-2021-31500

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：14 | 回复：0
CVE-2021-31501

This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：12 | 回复：0
CVE-2021-31502

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：9 | 回复：0
CVE-2020-21316

A Cross-site scripting (XSS) vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：17 | 回复：0
CVE-2020-29214

SQL injection vulnerability in SourceCodester Alumni Management System 1.0 allows the user to inject SQL payload to bypass the authentication via admin/login.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：12 | 回复：0
CVE-2020-29215

A Cross Site Scripting in SourceCodester Employee Management System 1.0 allows the user to execute alert messages via /Employee Management System/addemp.php on admin account.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：21 | 回复：0
CVE-2020-5000

IBM Financial Transaction Manager 3.0.2 and 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended fun ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：13 | 回复：0
CVE-2020-7864

Parameter manipulation can bypass authentication to cause file upload and execution. This will execute the remote code. This issue affects: Raonwiz DEXT5Editor versions prior to 3.5.1405747.1100.03.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：49 | 回复：0
CVE-2021-23395

This affects all versions of package nedb. The library could be tricked into adding or modifying properties of Object.prototype using a __proto__ or constructor.prototype payload.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：26 | 回复：0
CVE-2021-27388

SINAMICS medium voltage routable products are affected by a vulnerability in the Sm@rtServer component for remote access that could allow an unauthenticated attacker to cause a denial-of-service condi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：16 | 回复：0
CVE-2021-32683

wire-webapp is the web version of Wire, an open-source messenger. A cross-site scripting vulnerability exists in wire-webapp prior to version 2021-06-01-production.0. If a user is instructed to open a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：16 | 回复：0
CVE-2021-33622

Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8, has an Incorrect Check of a Function's Return Value.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：20 | 回复：0
CVE-2021-33887

Insufficient verification of data authenticity in Peloton TTR01 up to and including PTV55G allows an attacker with physical access to boot into a modified kernel/ramdisk without unlocking the bootload ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：22 | 回复：0
CVE-2021-34128

LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=systemaction=pay to upload a ZIP archive containing a .php file, as demonstrated by the ../../. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：22 | 回复：0
CVE-2021-34129

LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary files, as demonstrated by deleting install.lock in order to reinstall the product in an attacker-controlled manner. This deletion i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：20 | 回复：0
CVE-2021-34170

Bandai Namco FromSoftware Dark Souls III allows remote attackers to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：28 | 回复：0
CVE-2021-3592

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is sm ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：33 | 回复：0
CVE-2021-3593

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is sma ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：19 | 回复：0
CVE-2021-3594

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smal ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：17 | 回复：0
CVE-2021-3595

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is sma ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：25 | 回复：0
CVE-2021-24037

A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScrip ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：21 | 回复：0
CVE-2021-28857

TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username and password are sent via the cookie.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：28 | 回复：0
CVE-2021-28858

TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not use SSL by default. Attacker on the local network can monitor traffic and capture the cookie and other sensitive information.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：22 | 回复：0
CVE-2021-30544

Use after free in BFCache in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：21 | 回复：0
CVE-2021-30545

Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：29 | 回复：0
CVE-2021-30546

Use after free in Autofill in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：19 | 回复：0
CVE-2021-30547

Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：14 | 回复：0
CVE-2021-30548

Use after free in Loader in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：17 | 回复：0
CVE-2021-30549

Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTM ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：12 | 回复：0
CVE-2021-30550

Use after free in Accessibility in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted H ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：11 | 回复：0
CVE-2021-30551

Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：18 | 回复：0
CVE-2021-30552

Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：24 | 回复：0
CVE-2021-30553

Use after free in Network service in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：27 | 回复：0
CVE-2021-32623

Opencast is a free and open source solution for automated video capture and distribution. Versions of Opencast prior to 9.6 are vulnerable to the billion laughs attack, which allows an attacker to eas ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：16 | 回复：0
CVE-2021-32676

Nextcloud Talk is a fully on-premises audio/video and chat communication service. Password protected shared chats in Talk before version 9.0.10, 10.0.8 and 11.2.2 did not rotate the session cookie aft ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：15 | 回复：0
CVE-2021-32685

tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser (hashing, random, encryption, decryption, signatures, conversions), used by TogaTech.org. In versions prior to 7.0.3, the `verifyWi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：21 | 回复：0
CVE-2021-3535

Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console's Filtered Asset Search feature. A specific search criterion and operator combina ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：16 | 回复：0