CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-27490

Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior are vulnerable to an out-of-bounds read, which may allow an ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：15 | 回复：0
CVE-2021-32645

Tenancy multi-tenant is an open source multi-domain controller for the Laravel web framework. In some situations, it is possible to have open redirects where users can be redirected from your site to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：17 | 回复：0
CVE-2020-22029

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_colorconstancy.c: in slice_get_derivative, which crossfade_samples_fltp, which might lead to memory corruption and oth ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：14 | 回复：0
CVE-2020-22030

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/af_afade.c in crossfade_samples_fltp, which might lead to memory corruption and other potential consequences.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：16 | 回复：0
CVE-2020-22031

A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_w3fdif.c in filter16_complex_low, which might lead to memory corruption and other potential consequences.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：16 | 回复：0
CVE-2021-32643

Http4s is a Scala interface for HTTP services. `StaticFile.fromUrl` can leak the presence of a directory on a server when the `URL` scheme is not `file://`, and the URL points to a fetchable resource ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：32 | 回复：0
CVE-2020-10688

A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：25 | 回复：0
CVE-2020-10697

A flaw was found in Ansible Tower when running Openshift. Tower runs a memcached, which is accessed via TCP. An attacker can take advantage of writing a playbook polluting this cache, causing a denial ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：11 | 回复：0
CVE-2020-10698

A flaw was found in Ansible Tower when running jobs. This flaw allows an attacker to access the stdout of the executed jobs which are run from other organizations. Some sensible data can be disclosed. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：18 | 回复：0
CVE-2020-10701

A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：15 | 回复：0
CVE-2020-10709

A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application. Ansible Tower uses the token to provide authentication. This flaw allows an attacker to obtain a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：13 | 回复：0
CVE-2020-10716

A flaw was found in Red Hat Satellite's Job Invocation, where the User Input entry was not properly restricted to the view. This flaw allows a malicious Satellite user to scan through the Job Invo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：11 | 回复：0
CVE-2020-10729

A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since n ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：11 | 回复：0
CVE-2020-10774

A memory disclosure flaw was found in the Linux kernel's versions before 4.18.0-193.el8 in the sysctl subsystem when reading the /proc/sys/kernel/rh_features file. This flaw allows a local user to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：12 | 回复：0
CVE-2020-12403

A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly dis ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：12 | 回复：0
CVE-2020-22016

A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at libavcodec/get_bits.h when writing .mov files, which might lead to memory corruption and other potential consequences.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：19 | 回复：0
CVE-2020-22017

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at ff_fill_rectangle in libavfilter/drawutils.c, which might lead to memory corruption and other potential consequences.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：15 | 回复：0
CVE-2020-22022

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_fieldorder.c, which might lead to memory corruption and other potential consequences.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：20 | 回复：0
CVE-2020-22023

A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_bitplanenoise.c, which might lead to memory corruption and other potential consequences.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：20 | 回复：0
CVE-2020-22025

A heap-based Buffer Overflow vulnerability exists in gaussian_blur at libavfilter/vf_edgedetect.c, which might lead to memory corruption and other potential consequences.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：23 | 回复：0
CVE-2020-22027

A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 in deflate16 at libavfilter/vf_neighbor.c, which might lead to memory corruption and other potential consequences.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：22 | 回复：0
CVE-2020-22032

A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_edgedetect.c in gaussian_blur, which might lead to memory corruption and other potential consequences.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：35 | 回复：0
CVE-2020-22033

A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavfilter/vf_vmafmotion.c in convolution_y_8bit, which could let a remote malicious user cause a Denial of Service.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：15 | 回复：0
CVE-2020-22034

A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_floodfill.c, which might lead to memory corruption and other potential consequences.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：10 | 回复：0
CVE-2021-20026

A vulnerability in the SonicWall NSM On-Prem product allows an authenticated attacker to perform OS command injection using a crafted HTTP request. This vulnerability affects NSM On-Prem 2.2.0-R10 and ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：13 | 回复：0
CVE-2021-33394

Cubecart 6.4.2 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value and inject it ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：12 | 回复：0
CVE-2020-14301

An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：11 | 回复：0
CVE-2020-14327

A Server-side request forgery (SSRF) flaw was found in Ansible Tower in versions before 3.6.5 and before 3.7.2. Functionality on the Tower server is abused by supplying a URL that could lead to the se ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：13 | 回复：0
CVE-2020-14328

A flaw was found in Ansible Tower in versions before 3.7.2. A Server Side Request Forgery flaw can be abused by supplying a URL which could lead to the server processing it connecting to internal serv ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：7 | 回复：0
CVE-2020-14329

A data exposure flaw was found in Ansible Tower in versions before 3.7.2, where sensitive data can be exposed from the /api/v2/labels/ endpoint. This flaw allows users from other organizations in the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：9 | 回复：0
CVE-2020-14387

A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：10 | 回复：0
CVE-2020-15180

A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：22 | 回复：0
CVE-2020-1701

A flaw was found in the KubeVirt main virt-handler versions before 0.26.0 regarding the access permissions of virt-handler. An attacker with access to create VMs could attach any secret within their n ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：20 | 回复：0
CVE-2020-1702

A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：6 | 回复：0
CVE-2020-1761

A flaw was found in the OpenShift web console, where the access token is stored in the browser's local storage. An attacker can use this flaw to get the access token via physical access, or an XSS ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：18 | 回复：0
CVE-2020-10145

The Adobe ColdFusion installer fails to set a secure access-control list (ACL) on the default installation directory, such as C:\ColdFusion2021\. By default, unprivileged users can create files in thi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：24 | 回复：0
CVE-2020-15438

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：26 | 回复：0
CVE-2020-15439

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：31 | 回复：0
CVE-2020-15440

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：21 | 回复：0
CVE-2020-15441

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：9 | 回复：0