CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2020-22044

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the url_open_dyn_buf_internal function in libavformat/aviobuf.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：36 | 回复：0
CVE-2021-32654

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able to receive write/read privileges on any Federated File Share. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：28 | 回复：0
CVE-2021-32655

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able to convert a Files Drop link to a federated share. This causes ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：34 | 回复：0
CVE-2021-32656

Nextcloud Server is a Nextcloud package that handles data storage. A vulnerability in federated share exists in versions prior to 19.0.11, 20.0.10, and 21.0.2. An attacker can gain access to basic inf ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：27 | 回复：0
CVE-2021-32657

Nextcloud Server is a Nextcloud package that handles data storage. In versions of Nextcloud Server prior to 10.0.11, 20.0.10, and 21.0.2, a malicious user may be able to break the user administration ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：23 | 回复：0
CVE-2021-29090

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in PHP component in Synology Photo Station before 6.8.14-3500 allows remote authenticated use ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：35 | 回复：0
CVE-2021-29091

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：32 | 回复：0
CVE-2021-29089

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synology Photo Station before 6.8.14-3500 allows remote attackers u ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：31 | 回复：0
CVE-2020-10742

A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：28 | 回复：0
CVE-2020-10743

It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacke ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：34 | 回复：0
CVE-2020-6641

Two authorization bypass through user-controlled key vulnerabilities in the Fortinet FortiPresence 2.1.0 administration interface may allow an attacker to gain access to some user data via portal mana ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：33 | 回复：0
CVE-2020-10771

A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests. This flaw allows an attacker to perform a cross-site request ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：29 | 回复：0
CVE-2020-14317

It was found that the issue for security flaw CVE-2019-3805 appeared again in a further version of JBoss Enterprise Application Platform - Continuous Delivery (EAP-CD) introducing regression. An attac ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：36 | 回复：0
CVE-2020-14326

A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the ent ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：25 | 回复：0
CVE-2020-14335

A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy. This flaw allows an attacker to gain control of DHCP records from t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：38 | 回复：0
CVE-2020-14336

A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This flaw allows an attacker to cause a denial of service attack on an Open ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：35 | 回复：0
CVE-2020-14340

A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：36 | 回复：0
CVE-2020-14371

A credential leak vulnerability was found in Red Hat Satellite. This flaw exposes the compute resources credentials through VMs that are running on these resources in Satellite.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：24 | 回复：0
CVE-2020-14380

An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. A potential attacker with proper authentication to the relevant external authentication source (SSO or Open ID) can claim the priv ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：29 | 回复：0
CVE-2020-14388

A flaw was found in the Red Hat 3scale API Management Platform, where member permissions for an API's admin portal were not properly enforced. This flaw allows an authenticated user to bypass norm ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：29 | 回复：0
CVE-2021-23894

Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：28 | 回复：0
CVE-2021-23895

Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：28 | 回复：0
CVE-2021-24012

An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trus ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：32 | 回复：0
CVE-2021-26940

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-33500. Reason: This candidate is a reservation duplicate of CVE-2021-33500. Notes: All CVE users should reference CVE-2021-33500 ins ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：25 | 回复：0
CVE-2021-3520

There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argum ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：44 | 回复：0
CVE-2017-8761

In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：42 | 回复：0
CVE-2018-10195

lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：27 | 回复：0
CVE-2020-35503

A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callbac ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：37 | 回复：0
CVE-2020-35510

A flaw was found in jboss-remoting in versions before 5.0.20.SP1-redhat-00001. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes correspondin ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：31 | 回复：0
CVE-2020-35514

An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：28 | 回复：0
CVE-2021-23896

Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to view the unencrypted password ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：12 | 回复：0
CVE-2021-3538

A flaw was found in github.com/satori/go.uuid in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45. Due to insecure randomness in the g.rand.Rea ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：10 | 回复：0
CVE-2021-3544

Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhos ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：23 | 回复：0
CVE-2021-3545

An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：27 | 回复：0
CVE-2021-3546

An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw occurs while processing the 'VIRTIO_GPU_CM ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：15 | 回复：0
CVE-2019-12067

The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad-cur_cmd' is null.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：25 | 回复：0
CVE-2021-26707

The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：25 | 回复：0
CVE-2021-28675

An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Imag ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：22 | 回复：0
CVE-2021-3522

GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：24 | 回复：0
CVE-2021-3530

A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a cras ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：25 | 回复：0