CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2020-23309

There is an Assertion 'context_p-stack_depth == context_p-context_stack_depth' failed at js-parser-statm.c:2756 in parser_parse_statements in JerryScript 2.2.0.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：7 | 回复：0
CVE-2020-23310

There is an Assertion 'context_p-next_scanner_info_p-type == SCANNER_TYPE_FUNCTION' failed at js-parser-statm.c:733 in parser_parse_function_statement in JerryScript 2.2.0.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：11 | 回复：0
CVE-2020-23311

There is an Assertion 'context_p-token.type == LEXER_RIGHT_BRACE || context_p-token.type == LEXER_ASSIGN || context_p-token.type == LEXER_COMMA' failed at js-parser-expr.c:3230 in parser_parse ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：9 | 回复：0
CVE-2020-23312

There is an Assertion 'context.status_flags PARSER_SCANNING_SUCCESSFUL' failed at js-parser.c:2185 in parser_parse_source in JerryScript 2.2.0.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：13 | 回复：0
CVE-2020-23313

There is an Assertion 'scope_stack_p context_p-scope_stack_p' failed at js-scanner-util.c:2510 in scanner_literal_is_created in JerryScript 2.2.0……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：11 | 回复：0
CVE-2020-23314

There is an Assertion 'block_found' failed at js-parser-statm.c:2003 parser_parse_try_statement_end in JerryScript 2.2.0.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：5 | 回复：0
CVE-2020-23319

There is an Assertion in '(flags CBC_STACK_ADJUST_SHIFT) = CBC_STACK_ADJUST_BASE || (CBC_STACK_ADJUST_BASE - (flags CBC_STACK_ADJUST_SHIFT)) = context_p-stack_depth' in parser_emit_cbc_backw ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：5 | 回复：0
CVE-2020-23320

There is an Assertion in 'context_p-next_scanner_info_p-type == SCANNER_TYPE_FUNCTION' in parser_parse_function_arguments in JerryScript 2.2.0.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：9 | 回复：0
CVE-2020-23321

There is a heap-buffer-overflow at lit-strings.c:431 in lit_read_code_unit_from_utf8 in JerryScript 2.2.0.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：9 | 回复：0
CVE-2020-23322

There is an Assertion in 'context_p-token.type == LEXER_RIGHT_BRACE || context_p-token.type == LEXER_ASSIGN || context_p-token.type == LEXER_COMMA' in parser_parse_object_initializer in JerryS ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：13 | 回复：0
CVE-2020-23323

There is a heap-buffer-overflow at re-parser.c in re_parse_char_escape in JerryScript 2.2.0.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：12 | 回复：0
CVE-2021-26194

An issue was discovered in JerryScript 2.4.0. There is a heap-use-after-free in ecma_is_lexical_environment in the ecma-helpers.c file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：9 | 回复：0
CVE-2021-26195

An issue was discovered in JerryScript 2.4.0. There is a heap-buffer-overflow in lexer_parse_number in js-lexer.c file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：5 | 回复：0
CVE-2021-26197

An issue was discovered in JerryScript 2.4.0. There is a SEGV in main_print_unhandled_exception in main-utils.c file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：27 | 回复：0
CVE-2021-26198

An issue was discovered in JerryScript 2.4.0. There is a SEVG in ecma_deref_bigint in ecma-helpers.c file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：11 | 回复：0
CVE-2021-26199

An issue was discovered in JerryScript 2.4.0. There is a heap-use-after-free in ecma_bytecode_ref in ecma-helpers.c file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：11 | 回复：0
CVE-2021-23393

This affects the package Flask-Unchained before 0.9.0. When using the the _validate_redirect_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：13 | 回复：0
CVE-2021-25682

It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：8 | 回复：0
CVE-2021-25683

It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：7 | 回复：0
CVE-2021-25684

It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：34 | 回复：0
CVE-2021-24035

A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite Wha ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：18 | 回复：0
CVE-2021-28801

An out-of-bounds read vulnerability has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read sensitive information on the system. This i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：21 | 回复：0
CVE-2021-28805

Inclusion of sensitive information in the source code has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read application data. This is ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：15 | 回复：0
CVE-2021-28814

An improper access control vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows remote attackers to compromise the security of the software. This issue affects: ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：8 | 回复：0
CVE-2021-26828

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：5 | 回复：0
CVE-2021-26829

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：16 | 回复：0
CVE-2021-33205

Western Digital EdgeRover before 0.25 has an escalation of privileges vulnerability where a low privileged user could load malicious content into directories with higher privileges, because of how Nod ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：17 | 回复：0
CVE-2021-34540

Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：8 | 回复：0
CVE-2021-3013

ripgrep before 13 on Windows allows attackers to trigger execution of arbitrary programs from the current working directory via the -z/--search-zip or --pre flag.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：6 | 回复：0
CVE-2021-26997

E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover information via ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：20 | 回复：0
CVE-2021-26993

E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to cause a partial Denial o ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：17 | 回复：0
CVE-2021-26995

E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow privileged attackers to execute arbitrary cod ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：13 | 回复：0
CVE-2021-26996

E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover system configur ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：10 | 回复：0
CVE-2020-13688

Cross-site scripting vulnerability in l Drupal Core allows an attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：9 | 回复：0
CVE-2020-5003

IBM Financial Transaction Manager 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：15 | 回复：0
CVE-2021-20396

IBM QRadar Analyst Workflow App 1.0 through 1.18.0 for IBM QRadar SIEM allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 196009.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：5 | 回复：0
CVE-2021-25383

An improper input validation vulnerability in scmn_mfal_read() in libsapeextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：6 | 回复：0
CVE-2021-25384

An improper input validation vulnerability in sdfffd_parse_chunk_PROP() with Sample Rate Chunk in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：8 | 回复：0
CVE-2021-25385

An improper input validation vulnerability in sdfffd_parse_chunk_PROP() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：5 | 回复：0
CVE-2021-25386

An improper input validation vulnerability in sdfffd_parse_chunk_FVER() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：7 | 回复：0