CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2020-22024

Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame16 function in libavfilter/vf_lagfun.c, which could let a remote malicious user cause Denial of Service.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：17 | 回复：0
CVE-2020-22026

Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input function at libavfilter/af_tremolo.c, which could let a remote malicious user cause a Denial of Service.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：23 | 回复：0
CVE-2020-22028

Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_vertically_8 at libavfilter/vf_avgblur.c, which could cause a remote Denial of Service.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：20 | 回复：0
CVE-2020-25634

A flaw was found in Red Hat 3scale’s API docs URL, where it is accessible without credentials. This flaw allows an attacker to view sensitive information or modify service APIs. Versions before 3scal ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：23 | 回复：0
CVE-2020-25724

A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerabil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：20 | 回复：0
CVE-2021-20177

A flaw was found in the Linux kernel's implementation of string matching within a packet. A privileged user (with root or CAP_NET_ADMIN) when inserting iptables rules could insert a rule which can ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：16 | 回复：0
CVE-2021-20191

A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：13 | 回复：0
CVE-2021-20297

A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a profile crashes NetworkManager. The highest threat from this vulnerability is to system availability.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：12 | 回复：0
CVE-2021-25643

An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2. Internal users with administrator privileges, @cbq-engine-cbauth and @index-cbauth, leak credentials in cle ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：13 | 回复：0
CVE-2021-3548

A flaw was found in dmg2img through 20170502. dmg2img did not validate the size of the read buffer during memcpy() inside the main() function. This possibly leads to memory layout information leaking ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：10 | 回复：0
CVE-2021-3549

An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：14 | 回复：0
CVE-2008-3523

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：9 | 回复：0
CVE-2008-5084

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：17 | 回复：0
CVE-2008-5085

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：21 | 回复：0
CVE-2008-5509

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs:CVE-2008-5508. Reason: This candidate is a duplicate of CVE-2008-5508. Notes: All CVE users should reference CVE-2008-5508 instead of this can ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：20 | 回复：0
CVE-2009-3721

Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：14 | 回复：0
CVE-2020-10695

An insecure modification flaw in the /etc/passwd file was found in the redhat-sso-7 container. An attacker with access to the container can use this flaw to modify the /etc/passwd and escalate their p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：23 | 回复：0
CVE-2020-27839

A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attack ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：19 | 回复：0
CVE-2021-20196

A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a bloc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：16 | 回复：0
CVE-2021-25217

In ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16, ISC DHCP 4.4.0 - 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EO ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：19 | 回复：0
CVE-2021-28170

In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：21 | 回复：0
CVE-2021-30469

A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：15 | 回复：0
CVE-2021-30470

A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：29 | 回复：0
CVE-2021-30471

A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：15 | 回复：0
CVE-2021-30472

A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：16 | 回复：0
CVE-2021-30498

A flaw was found in libcaca. A heap buffer overflow in export.c in function export_tga might lead to memory corruption and other potential consequences.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：20 | 回复：0
CVE-2021-32614

A flaw was found in dmg2img through 20170502. fill_mishblk() does not check the length of the read buffer, and copy 0xCC bytes from it. The length of the buffer is controlled by an attacker. By provid ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：11 | 回复：0
CVE-2021-3486

GLPi 9.5.4 does not sanitize the metadata. This way its possible to insert XSS into plugins to execute JavaScript code.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：18 | 回复：0
CVE-2021-3527

A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined si ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：15 | 回复：0
CVE-2021-3561

An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：14 | 回复：0
CVE-2020-27831

A flaw was found in Red Hat Quay, where it does not properly protect the authorization token when authorizing email addresses for repository email notifications. This flaw allows an attacker to add em ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：19 | 回复：0
CVE-2021-30499

A flaw was found in libcaca. A buffer overflow of export.c in function export_troff might lead to memory corruption and other potential consequences.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：26 | 回复：0
CVE-2021-30500

Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version UPX 4.0.0. That allow attackers to execute arbitrary code and cause a denial of service via a crafted fil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：17 | 回复：0
CVE-2021-30501

An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service (abort) via a crafted file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：13 | 回复：0
CVE-2021-3509

A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：12 | 回复：0
CVE-2021-31920

Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F or %5C) could potentially bypass an ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：21 | 回复：0
CVE-2021-33586

InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able to connect to the server) to access recently deallocated memory, aka the malformed PONG issue.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：26 | 回复：0
CVE-2021-20727

Cross-site scripting vulnerability in Zettlr from 0.20.0 to 1.8.8 allows an attacker to execute an arbitrary script by loading a file or code snippet containing an invalid iframe into Zettlr.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：12 | 回复：0
CVE-2021-32458

Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl which ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：16 | 回复：0
CVE-2021-32459

Trend Micro Home Network Security version 6.6.604 and earlier contains a hard-coded password vulnerability in the log collection server which could allow an attacker to use a specially crafted network ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：20 | 回复：0