CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2020-20254

Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：19 | 回复：0
CVE-2021-30145

A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：23 | 回复：0
CVE-2020-23851

A stack-based buffer overflow vulnerability exists in ffjpeg through 2020-07-02 in the jfif_decode(void *ctxt, BMP *pb) function at ffjpeg/src/jfif.c:513:28, which could cause a denial of service by s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：21 | 回复：0
CVE-2020-23852

A heap based buffer overflow vulnerability exists in ffjpeg through 2020-07-02 in the jfif_decode(void *ctxt, BMP *pb) function at ffjpeg/src/jfif.c (line 544 line 545), which could cause a denial of ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：16 | 回复：0
CVE-2020-23856

Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service via the pointer variable caller-callee.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：26 | 回复：0
CVE-2020-24026

TinyShop, a free and open source mall based on RageFrame2, has a stored XSS vulnerability that affects version 1.2.0. TinyShop allows XSS via the explain_first and again_explain parameters of the /eva ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：19 | 回复：0
CVE-2021-32238

Epic Games / Psyonix Rocket League =1.95 is affected by Buffer Overflow. Stack-based buffer overflow occurs when Rocket League handles UPK object files that can result in code execution and denial of ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：11 | 回复：0
CVE-2020-20951

In Pluck-4.7.10-dev2 admin background, a remote command execution vulnerability exists when uploading files.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：11 | 回复：0
CVE-2020-23861

A heap-based buffer overflow vulnerability exists in LibreDWG 0.10.1 via the read_system_page function at libredwg-0.10.1/src/decode_r2007.c:666:5, which causes a denial of service by submitting a dwg ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：11 | 回复：0
CVE-2020-24740

An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerability that can editpage via a /admin.php?action=editpage……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：10 | 回复：0
CVE-2021-32305

WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：17 | 回复：0
CVE-2021-3200

Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **resultp, int *resultflagsp function at src/testcase.c: ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：28 | 回复：0
CVE-2020-18178

Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit, and delete arbitrary files via a crafted POST request to the component /hcms/admin/index.php/language/ajax.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：16 | 回复：0
CVE-2020-20214

Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion failure vulnerability in the btest process. An authenticated remote attacker can cause a Denial of Service due to an assertion failu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：14 | 回复：0
CVE-2020-20222

Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service (NULL pointer ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：17 | 回复：0
CVE-2020-20236

Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper m ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：17 | 回复：0
CVE-2020-20237

Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper m ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：17 | 回复：0
CVE-2020-19924

In Boostnote 0.12.1, exporting to PDF contains opportunities for XSS attacks.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：16 | 回复：0
CVE-2020-20220

Mikrotik RouterOs prior to stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/bfd process. An authenticated remote attacker can cause a Denial of Service (NULL pointer derefer ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：25 | 回复：0
CVE-2020-20227

Mikrotik RouterOs stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：22 | 回复：0
CVE-2020-20245

Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the log process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：16 | 回复：0
CVE-2020-20246

Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the mactel process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：24 | 回复：0
CVE-2021-31315

Telegram Android 7.1.0 (2090), Telegram iOS 7.1, and Telegram macOS 7.1 are affected by a Stack Based Overflow in the blit function of their custom fork of the rlottie library. A remote attacker might ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：22 | 回复：0
CVE-2021-31316

The unprivileged user portal part of CentOS Web Panel is affected by a SQL Injection via the 'idsession' HTTP POST parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：17 | 回复：0
CVE-2021-31317

Telegram Android 7.1.0 (2090), Telegram iOS 7.1, and Telegram macOS 7.1 are affected by a Type Confusion in the VDasher constructor of their custom fork of the rlottie library. A remote attacker might ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：10 | 回复：0
CVE-2021-31318

Telegram Android 7.1.0 (2090), Telegram iOS 7.1, and Telegram macOS 7.1 are affected by a Type Confusion in the LOTCompLayerItem::LOTCompLayerItem function of their custom fork of the rlottie library. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：5 | 回复：0
CVE-2021-31319

Telegram Android 7.1.0 (2090), Telegram iOS 7.1, and Telegram macOS 7.1 are affected by an Integer Overflow in the LOTGradient::populate function of their custom fork of the rlottie library. A remote ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：5 | 回复：0
CVE-2021-31320

Telegram Android 7.1.0 (2090), Telegram iOS 7.1, and Telegram macOS 7.1 are affected by a Heap Buffer Overflow in the VGradientCache::generateGradientColorTable function of their custom fork of the rl ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：14 | 回复：0
CVE-2021-31321

Telegram Android 7.1.0 (2090), Telegram iOS 7.1, and Telegram macOS 7.1 are affected by a Stack Based Overflow in the gray_split_cubic function of their custom fork of the rlottie library. A remote at ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：5 | 回复：0
CVE-2021-31322

Telegram Android 7.1.0 (2090), Telegram iOS 7.1, and Telegram macOS 7.1 are affected by a Heap Buffer Overflow in the LOTGradient::populate function of their custom fork of the rlottie library. A remo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：12 | 回复：0
CVE-2021-31323

Telegram Android 7.1.0 (2090), Telegram iOS 7.1, and Telegram macOS 7.1 are affected by a Heap Buffer Overflow in the LottieParserImpl::parseDashProperty function of their custom fork of the rlottie l ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：15 | 回复：0
CVE-2021-31324

The unprivileged user portal part of CentOS Web Panel is affected by a Command Injection vulnerability leading to root Remote Code Execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：6 | 回复：0
CVE-2021-20589

Buffer access with incorrect length value vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.38.000, GT25 model communication driver versions 01.19.000 throu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：19 | 回复：0
CVE-2021-21732

A mobile phone of ZTE is impacted by improper access control vulnerability. Due to improper permission settings, third-party applications can read some files in the proc file system without authorizat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：19 | 回复：0
CVE-2020-20264

Mikrotik RouterOs before 6.47 (stable tree) in the /ram/pckg/advanced-tools/nova/bin/netwatch process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：18 | 回复：0
CVE-2020-20266

Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/dot1x process. An authenticated remote attacker can cause a Denial of Service (NULL pointer ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：26 | 回复：0
CVE-2021-21733

The management system of ZXCDN is impacted by the information leak vulnerability. Attackers can make further analysis according to the information returned by the program, and then obtain some sensiti ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：24 | 回复：0
CVE-2017-17674

BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of restrictions on what can be targeted, the system can be vulnerable to attacks such as system fingerprintin ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：26 | 回复：0
CVE-2017-17675

BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Remote logging can be accessed by unauthenticated users, allowing for an attacker to hijack the system logs. This data can include user names a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：35 | 回复：0
CVE-2017-17677

BMC Remedy 9.1SP3 is affected by authenticated code execution. Authenticated users that have the right to create reports can use BIRT templates to run code.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：23 | 回复：0