CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2020-35504

A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：22 | 回复：0
CVE-2020-35505

A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：21 | 回复：0
CVE-2020-35506

A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). Th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：24 | 回复：0
CVE-2021-20195

A flaw was found in keycloak in versions before 13.0.0. A Self Stored XSS attack vector escalating to a complete account takeover is possible due to user-supplied data fields not being properly encode ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：14 | 回复：0
CVE-2021-20201

A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a sin ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：11 | 回复：0
CVE-2021-20236

A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：9 | 回复：0
CVE-2021-20237

An uncontrolled resource consumption (memory leak) flaw was found in ZeroMQ's src/xpub.cpp in versions before 4.3.3. This flaw allows a remote unauthenticated attacker to send crafted PUB messages ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：14 | 回复：0
CVE-2021-20239

A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows an attacker with a local account to leak information about kernel internal addresses. The highest t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：10 | 回复：0
CVE-2021-20240

A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to cr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：11 | 回复：0
CVE-2021-20278

An authentication bypass vulnerability was found in Kiali in versions before 1.31.0 when the authentication strategy `OpenID` is used. When RBAC is enabled, Kiali assumes that some of the token valida ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：13 | 回复：0
CVE-2021-20292

There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：15 | 回复：0
CVE-2021-33591

An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15.0 allowed a remote attacker to execute arbitrary code via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：7 | 回复：0
CVE-2021-21734

Some PON MDU devices of ZTE stored sensitive information in plaintext, and users with login authority can obtain it by inputing command. This affects: ZTE PON MDU device ZXA10 F821 V1.7.0P3T22, ZXA10 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：12 | 回复：0
CVE-2021-27032

Autodesk Licensing Installer was found to be vulnerable to privilege escalation issues. A malicious user with limited privileges could run any number of tools on a system to identify services that are ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：9 | 回复：0
CVE-2021-33620

Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expect ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：17 | 回复：0
CVE-2010-3843

The GTK version of ettercap uses a global settings file at /tmp/.ettercap_gtk and does not verify ownership of this file. When parsing this file for settings in gtkui_conf_read() (src/interfacesgtk/ec ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：11 | 回复：0
CVE-2020-1716

A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being used as default passwords while deploying Ceph services. Any authenticated attacker can abuse this ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：12 | 回复：0
CVE-2020-1729

A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：8 | 回复：0
CVE-2021-29628

In FreeBSD 13.0-STABLE before n245764-876ffe28796c, 12.2-STABLE before r369857, 13.0-RELEASE before p1, and 12.2-RELEASE before p7, a system call triggering a fault could cause SMAP protections to be ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：7 | 回复：0
CVE-2021-29629

In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before r369859, 11.4-STABLE before r369866, 13.0-RELEASE before p1, 12.2-RELEASE before p7, and 11.4-RELEASE before p10, missing message ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：12 | 回复：0
CVE-2021-3514

When using a sync_repl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：9 | 回复：0
CVE-2020-15782

A vulnerability has been identified in SIMATIC Drive Controller family (All versions V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP O ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：15 | 回复：0
CVE-2013-4536

An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially re ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：18 | 回复：0
CVE-2021-32637

Authelia is a a single sign-on multi-factor portal for web apps. This affects uses who are using nginx ngx_http_auth_request_module with Authelia, it allows a malicious individual who crafts a malform ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：19 | 回复：0
CVE-2021-32642

radsecproxy is a generic RADIUS proxy that supports both UDP and TLS (RadSec) RADIUS transports. Missing input validation in radsecproxy's `naptr-eduroam.sh` and `radsec-dynsrv.sh` scripts can lea ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：22 | 回复：0
CVE-2021-32646

Roomer is a discord bot cog (extension) which provides automatic voice channel generation as well as private voice and text channels. A vulnerability has been discovered allowing discord users to get ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：8 | 回复：0
CVE-2021-33623

The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：15 | 回复：0
CVE-2021-20267

A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impers ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：17 | 回复：0
CVE-2020-26641

A Cross Site Request Forgery (CSRF) vulnerability was discovered in iCMS 7.0.16 which can allow an attacker to execute arbitrary web scripts.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：9 | 回复：0
CVE-2020-26642

A cross-site scripting (XSS) vulnerability has been discovered in the login page of SeaCMS version 11 which allows an attacker to inject arbitrary web script or HTML.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：7 | 回复：0
CVE-2021-22519

Execute arbitrary code vulnerability in Micro Focus SiteScope product, affecting versions 11.40,11.41 , 2018.05(11.50), 2018.08(11.51), 2018.11(11.60), 2019.02(11.70), 2019.05(11.80), 2019.08(11.90), ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：7 | 回复：0
CVE-2021-33587

The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：15 | 回复：0
CVE-2020-18392

Stack overflow vulnerability in parse_array Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：13 | 回复：0
CVE-2020-18395

A NULL-pointer deference issue was discovered in GNU_gama::set() in ellipsoid.h in Gama 2.04 which can lead to a denial of service (DOS) via segment faults caused by crafted inputs.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：15 | 回复：0
CVE-2020-36366

Stack overflow vulnerability in parse_value Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：46 | 回复：0
CVE-2020-36367

Stack overflow vulnerability in parse_block Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：34 | 回复：0
CVE-2020-36368

Stack overflow vulnerability in parse_statement Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：17 | 回复：0
CVE-2020-36369

Stack overflow vulnerability in parse_statement_list Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：21 | 回复：0
CVE-2020-36370

Stack overflow vulnerability in parse_unary Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：22 | 回复：0
CVE-2020-36371

Stack overflow vulnerability in parse_mul_div_rem Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：20 | 回复：0