CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-30531

Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：28 | 回复：0
CVE-2021-30532

Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：24 | 回复：0
CVE-2021-30533

Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：18 | 回复：0
CVE-2021-30534

Insufficient policy enforcement in iFrameSandbox in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：38 | 回复：0
CVE-2021-30535

Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：29 | 回复：0
CVE-2021-30536

Out of bounds read in V8 in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：25 | 回复：0
CVE-2021-30537

Insufficient policy enforcement in cookies in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass cookie policy via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：25 | 回复：0
CVE-2021-30538

Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：24 | 回复：0
CVE-2021-30539

Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：31 | 回复：0
CVE-2021-30540

Incorrect security UI in payments in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform domain spoofing via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：16 | 回复：0
CVE-2021-30542

Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：14 | 回复：0
CVE-2021-30543

Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：14 | 回复：0
CVE-2020-1750

A flaw was found in the machine-config-operator that causes an OpenShift node to become unresponsive when a container consumes a large amount of memory. An attacker could use this flaw to deny access ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：10 | 回复：0
CVE-2020-25716

A flaw was found in Cloudforms. A role-based privileges escalation flaw where export or import of administrator files is possible. An attacker with a specific group can perform actions restricted only ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：9 | 回复：0
CVE-2021-20259

A flaw was found in the Foreman project. The Proxmox compute resource exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this v ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：12 | 回复：0
CVE-2021-23391

This affects all versions of package calipso. It is possible for a malicious module to overwrite files on an arbitrary file system through the module install functionality.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：10 | 回复：0
CVE-2021-29504

WP-CLI is the command-line interface for WordPress. An improper error handling in HTTPS requests management in WP-CLI version 0.12.0 and later allows remote attackers able to intercept the communicati ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：10 | 回复：0
CVE-2021-32670

Datasette is an open source multi-tool for exploring and publishing data. The `?_trace=1` debugging feature in Datasette does not correctly escape generated HTML, resulting in a (https://owasp.org/www ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：12 | 回复：0
CVE-2021-32671

Flarum is a forum software for building communities. Flarum's translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. This change was made after v0.1.0-beta ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：6 | 回复：0
CVE-2021-3277

Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbitrary files due to improper validation of the rename functionality in custom-includes component, which leads to remote code execut ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：21 | 回复：0
CVE-2021-26078

The number range searcher component in Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before version 8.13.6, and from version 8.14.0 before version 8.16.1 allows remote att ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：8 | 回复：0
CVE-2021-26079

The CardLayoutConfigTable component in Jira Server and Jira Data Center before version 8.5.15, and from version 8.6.0 before version 8.13.7, and from version 8.14.0 before 8.17.0 allows remote attacke ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：12 | 回复：0
CVE-2021-26080

EditworkflowScheme.jspa in Jira Server and Jira Data Center before version 8.5.14, and from version 8.6.0 before version 8.13.6, and from 8.14.0 before 8.16.1 allows remote attackers to inject arbitra ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：14 | 回复：0
CVE-2021-28810

If exploited, this vulnerability allows an attacker to access resources which are not otherwise accessible without proper authentication. Roon Labs has already fixed this vulnerability in the followin ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：9 | 回复：0
CVE-2021-28811

If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. Roon Labs has already fixed this vulnerability in the following versions: Roon Server 2021-05 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：16 | 回复：0
CVE-2021-23392

The package locutus before 2.0.15 are vulnerable to Regular Expression Denial of Service (ReDoS) via the gopher_parsedir function.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：21 | 回复：0
CVE-2021-31738

Adiscon LogAnalyzer 4.1.10 and 4.1.11 allow login.php XSS.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：20 | 回复：0
CVE-2021-33560

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：15 | 回复：0
CVE-2021-22116

RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerabi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：22 | 回复：0
CVE-2021-23169

A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user run ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：10 | 回复：0
CVE-2021-23215

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：14 | 回复：0
CVE-2021-26260

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：15 | 回复：0
CVE-2021-26945

An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：13 | 回复：0
CVE-2021-3564

A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to cr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：15 | 回复：0
CVE-2020-26515

An insufficiently protected credentials issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The remember-me cookie (CB_LOGIN) issued by the application contains the encrypted user&#3 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：16 | 回复：0
CVE-2020-26516

A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Requests sent to the server that trigger actions do not contain a CSRF token and can therefore be entirely predicted allowi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：10 | 回复：0
CVE-2020-26517

A cross-site scripting (XSS) issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. It is possible to perform XSS attacks through using the WebDAV functionality to upload files to a pro ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：12 | 回复：0
CVE-2021-22212

ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 allows ntpkeygen to generate keys with '#' characters. ntpd then either pads, shortens the key, or fails to load these keys e ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：14 | 回复：0
CVE-2021-32106

In ICEcoder 8.0 allows, a reflected XSS vulnerability was identified in the multipe-results.php page due to insufficient sanitization of the _GET variable. As a result, arbitrary Javascript code can g ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：10 | 回复：0
CVE-2021-22548

An attacker can change the pointer to untrusted memory to point to trusted memory region which causes copying trusted memory to trusted memory, if the latter is later copied out, it allows for reading ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：20 | 回复：0