CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2020-36372

Stack overflow vulnerability in parse_plus_minus Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：9 | 回复：0
CVE-2020-36373

Stack overflow vulnerability in parse_shifts Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：10 | 回复：0
CVE-2020-36374

Stack overflow vulnerability in parse_comparison Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：6 | 回复：0
CVE-2020-36375

Stack overflow vulnerability in parse_equality Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：31 | 回复：0
CVE-2021-29492

Envoy is a cloud-native edge/middle/service proxy. Envoy does not decode escaped slash sequences `%2F` and `%5C` in HTTP URL paths in versions 1.18.2 and before. A remote attacker may craft a path wit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：21 | 回复：0
CVE-2021-29505

XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：22 | 回复：0
CVE-2021-29507

GENIVI Diagnostic Log and Trace (DLT) provides a log and trace interface. In versions of GENIVI DLT between 2.10.0 and 2.18.6, a configuration file containing the special characters could cause a vuln ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：19 | 回复：0
CVE-2021-32616

1CDN is open-source file sharing software. In 1CDN before commit f88a2730fa50fc2c2aeab09011f6f142fd90ec25, there is a basic cross-site scripting vulnerability that allows an attacker to inject /script ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：12 | 回复：0
CVE-2021-32619

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. In Deno versions 1.5.0 to 1.10.1, modules that are dynamically imported through `import()` or `new Worker` might have ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：17 | 回复：0
CVE-2021-32620

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 11.10.13, 12.6.7, and 12.10.2, a user disabled on a wiki using email verif ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：25 | 回复：0
CVE-2021-32621

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 12.6.7 and 12.10.3, a user without Script or Programming right is able to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：23 | 回复：0
CVE-2021-32635

Singularity is an open source container platform. In verions 3.7.2 and 3.7.3, Dde to incorrect use of a default URL, `singularity` action commands (`run`/`shell`/`exec`) specifying a container using a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：24 | 回复：0
CVE-2021-30461

A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61. When the recheck option is used, the user-supplied SPOOLDIR value (which might contain PHP code) is injected int ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：37 | 回复：0
CVE-2021-31702

Frontier ichris through 5.18 mishandles making a DNS request for the hostname in the HTTP Host header, as demonstrated by submitting 127.0.0.1 multiple times for DoS.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：21 | 回复：0
CVE-2021-31703

Frontier ichris through 5.18 allows users to upload malicious executable files that might later be downloaded and run by any client user.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：12 | 回复：0
CVE-2021-33564

An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. Th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：13 | 回复：0
CVE-2021-33790

The RebornCore library before 4.7.3 allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of reborncore.common.network.ExtendedPacketBuffer. An at ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：12 | 回复：0
CVE-2020-10666

The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code execution via a URL variable to an AMI command.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：12 | 回复：0
CVE-2020-13663

Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：16 | 回复：0
CVE-2021-20591

Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R00/01/02CPU all versions, R04/08/16/32/120(EN)CPU all versions, R08/16/32/120SFCPU all versions, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：32 | 回复：0
CVE-2021-22175

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthent ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：11 | 回复：0
CVE-2021-22181

A denial of service vulnerability in GitLab CE/EE affecting all versions since 11.8 allows an attacker to create a recursive pipeline relationship and exhaust resources.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：15 | 回复：0
CVE-2021-22749

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior that could cause information leak concerning the current ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：11 | 回复：0
CVE-2021-22750

A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21041 and prior that could result in loss of data or remote code execution due to missing length checks, when a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：15 | 回复：0
CVE-2021-22751

A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or execution of arbitrary code due to lack of inp ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：22 | 回复：0
CVE-2021-22752

A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing size checks, when a ma ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：15 | 回复：0
CVE-2021-22753

A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing length checks, when a m ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：19 | 回复：0
CVE-2021-22754

A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to lack of proper validation of u ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：13 | 回复：0
CVE-2021-22755

A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of sanity ch ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：15 | 回复：0
CVE-2021-22756

A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of user-suppl ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：11 | 回复：0
CVE-2021-22757

A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of sanity che ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：16 | 回复：0
CVE-2021-22758

A CWE-824: Access of uninitialized pointer vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to lack validation of ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：22 | 回复：0
CVE-2021-22759

A CWE-416: Use after free vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to use of unchecked input data, when a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：17 | 回复：0
CVE-2021-22760

A CWE-763: Release of invalid pointer or reference vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing ch ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：12 | 回复：0
CVE-2021-22761

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of informati ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：21 | 回复：0
CVE-2021-22762

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in remote code execution, when a malici ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：14 | 回复：0
CVE-2021-22763

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：31 | 回复：0
CVE-2021-22764

A CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：9 | 回复：0
CVE-2021-22765

** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：5 | 回复：0
CVE-2021-22766

** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：5 | 回复：0