CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-30181

Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in orde ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：28 | 回复：0
CVE-2021-32027

A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated dat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：29 | 回复：0
CVE-2021-32647

Emissary is a P2P based data-driven workflow engine. Affected versions of Emissary are vulnerable to post-authentication Remote Code Execution (RCE). The (https://github.com/NationalSecurityAgency/emi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：14 | 回复：0
CVE-2021-33180

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execut ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：14 | 回复：0
CVE-2021-33181

Server-Side Request Forgery (SSRF) vulnerability in webapi component in Synology Video Station before 2.4.10-1632 allows remote authenticated users to send arbitrary request to intranet resources via ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：17 | 回复：0
CVE-2021-33182

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in PDF Viewer component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote auth ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：19 | 回复：0
CVE-2021-33183

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability container volume management component in Synology Docker before 18.09.0-0515 allows local users to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：25 | 回复：0
CVE-2021-33184

Server-Side request forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.15-3563 allows remote authenticated users to read arbitrary files via unspecified ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：37 | 回复：0
CVE-2021-3412

It was found that all versions of 3Scale developer portal lacked brute force protections. An attacker could use this gap to bypass login controls, and access privileged information, or possibly conduc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：13 | 回复：0
CVE-2021-3495

An incorrect access control flaw was found in the kiali-operator in versions before 1.33.0 and before 1.24.7. This flaw allows an attacker with a basic level of access to the cluster (to deploy a kial ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：27 | 回复：0
CVE-2021-3515

A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：24 | 回复：0
CVE-2021-3516

There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact o ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：36 | 回复：0
CVE-2021-3543

A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descriptor. A local user of a host machine could use this ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：30 | 回复：0
CVE-2020-17541

Libjpeg-turbo all version have a stack-based buffer overflow in the transform component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：25 | 回复：0
CVE-2020-26668

A SQL injection vulnerability was discovered in /core/feeds/custom.php in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to inject a malicious SQL query to the applications via ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：33 | 回复：0
CVE-2020-26669

A stored cross-site scripting (XSS) vulnerability was discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary web scripts or HTML via the page content ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：24 | 回复：0
CVE-2020-26670

A vulnerability has been discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary commands through a crafted request sent to the server via the 'Cre ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：27 | 回复：0
CVE-2020-26693

A stored cross-site scripting (XSS) vulnerability was discovered in pfSense 2.4.5-p1 which allows an authenticated attacker to execute arbitrary web scripts via exploitation of the load_balancer_monit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：37 | 回复：0
CVE-2020-27377

A cross-site scripting (XSS) vulnerability was discovered in the Administrator panel on the 'Setting News' module on CMS Made Simple 2.2.14 which allows an attacker to execute arbitrary web sc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：40 | 回复：0
CVE-2021-31641

An unauthenticated XSS vulnerability exists in several IoT devices from CHIYU Technology, including BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, BF-MINI-W, and SEMAC due to a lack of sa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：40 | 回复：0
CVE-2021-31642

A denial of service condition exists after an integer overflow in several IoT devices from CHIYU Technology, including BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC. The vulnerability can be explor ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：38 | 回复：0
CVE-2021-31643

An XSS vulnerability exists in several IoT devices from CHIYU Technology, including SEMAC, Biosense, BF-630, BF-631, and Webpass due to a lack of sanitization on the component if.cgi - username parame ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：27 | 回复：0
CVE-2021-32651

OneDev is a development operations platform. If the LDAP external authentication mechanism is enabled in OneDev versions 4.4.1 and prior, an attacker can manipulate a user search filter to send forged ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：32 | 回复：0
CVE-2021-32924

Invision Community (aka IPS Community Suite) before 4.6.0 allows eval-based PHP code injection by a moderator because the IPS\cms\modules\front\pages\_builder::previewBlock method interacts unsafely w ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：25 | 回复：0
CVE-2020-22035

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in get_block_row at libavfilter/vf_bm3d.c, which might lead to memory corruption and other potential consequences.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：36 | 回复：0
CVE-2020-22036

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_intra at libavfilter/vf_bwdif.c, which might lead to memory corruption and other potential consequences.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：23 | 回复：0
CVE-2021-32652

Nextcloud Mail is a mail app for the Nextcloud platform. A missing permission check in Nextcloud Mail before 1.4.3 and 1.8.2 allows another authenticated users to access mail metadata of other users. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：28 | 回复：0
CVE-2021-3424

A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 where IDN homograph attacks are possible. A malicious user can register himself with a name already registered and trick admin to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：33 | 回复：0
CVE-2020-22037

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodec_alloc_context3 at options.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：30 | 回复：0
CVE-2020-22038

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_v4l2_m2m_create_context function in v4l2_m2m.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：29 | 回复：0
CVE-2020-22039

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the inavi_add_ientry function.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：24 | 回复：0
CVE-2020-22040

A Denial of Service vulnerability exists in FFmpeg 4.2 idue to a memory leak in the v_frame_alloc function in frame.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：27 | 回复：0
CVE-2020-22041

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_buffersrc_add_frame_flags function in buffersrc.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：28 | 回复：0
CVE-2020-22042

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak is affected by: memory leak in the link_filter_inouts function in libavfilter/graphparser.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：38 | 回复：0
CVE-2020-22043

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak at the fifo_alloc_common function in libavutil/fifo.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：25 | 回复：0
CVE-2021-22123

An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x may allow a remote authenticated attacker to execute arbitrary comman ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：33 | 回复：0
CVE-2021-26111

A missing release of memory after effective lifetime vulnerability in FortiSwitch 6.4.0 to 6.4.6, 6.2.0 to 6.2.6, 6.0.0 to 6.0.6, 3.6.11 and below may allow an attacker on an adjacent network to exhau ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：35 | 回复：0
CVE-2021-31684

A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：29 | 回复：0
CVE-2021-32653

Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server versions prior to 19.0.11, 20.0.10, or 21.0.2 send user IDs to the lookup server even if the user has no fields set ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：35 | 回复：0
CVE-2021-3425

A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile when using the jdbc persistence functionality. Versions shi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：32 | 回复：0