CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2009-0947

Multiple integer overflows in the (1) cdf_read_property_info and (2) cdf_read_sat functions in file before 5.02.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：22 | 回复：0
CVE-2009-0948

Multiple buffer overflows in the (1) cdf_read_sat, (2) cdf_read_long_sector_chain, and (3) cdf_read_ssat function in file before 5.02.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：19 | 回复：0
CVE-2020-22046

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：22 | 回复：0
CVE-2020-22048

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：26 | 回复：0
CVE-2020-22049

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：19 | 回复：0
CVE-2020-24870

Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：14 | 回复：0
CVE-2020-27661

A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. A malicious guest could use this flaw to crash the QEMU process on th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：34 | 回复：0
CVE-2020-6950

Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：27 | 回复：0
CVE-2021-25287

An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：40 | 回复：0
CVE-2021-25288

An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：19 | 回复：0
CVE-2021-28676

An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：21 | 回复：0
CVE-2021-28677

An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally qu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：13 | 回复：0
CVE-2021-28678

An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：21 | 回复：0
CVE-2021-23012

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, and 13.1.x before 13.1.4, lack of input validation for items used in the system support functionality may allow u ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：15 | 回复：0
CVE-2021-23014

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, and 14.1.x before 14.1.4, BIG-IP Advanced WAF and ASM are missing authorization checks for file uploads to a specific directory within the RES ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：10 | 回复：0
CVE-2021-23015

On BIG-IP 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.0.8 through 13.1.3.6, and all versions of 16.0.x, when running in Appliance Mode, an authenticated user assigned the 'Administrator&#39 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：13 | 回复：0
CVE-2021-23016

On BIG-IP APM versions 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, and all versions of 16.0.x, 12.1.x, and 11.6.x, an attacker may be able to bypass APM's internal restrict ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：14 | 回复：0
CVE-2021-28663

The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. This affects Bifrost r0p0 through r28p0 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：19 | 回复：0
CVE-2021-28664

The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption) because an unprivileged user can achieve read/write access to read-only pages. This affects Bifros ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：19 | 回复：0
CVE-2020-13529

An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing atta ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：18 | 回复：0
CVE-2021-21822

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.3.37598. A specially crafted PDF document can trigger the reuse of previously free memory, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：22 | 回复：0
CVE-2021-31877

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA due to lack of a reference providing provenance. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：26 | 回复：0
CVE-2021-20538

IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a user to obtain sensitive information or perform actions they should not have access to due to incorrect authorization mechanisms. IB ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：7 | 回复：0
CVE-2021-20559

IBM Control Desk 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality po ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：8 | 回复：0
CVE-2021-20577

IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：8 | 回复：0
CVE-2021-29501

Ticketer is a command based ticket system cog (plugin) for the red discord bot. A vulnerability allowing discord users to expose sensitive information has been found in the Ticketer cog. Please upgrad ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：15 | 回复：0
CVE-2020-19199

A Cross Site Request Forgery (CSRF) vulnerability exists in PHPOK 5.2.060 via admin.php?c=adminf=save, which could let a remote malicious user execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：12 | 回复：0
CVE-2021-29502

WarnSystem is a cog (plugin) for the Red discord bot. A vulnerability has been found in the code that allows any user to access sensible informations by setting up a specific template which is not pro ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：6 | 回复：0
CVE-2020-27226

An exploitable SQL injection vulnerability exists in ‘quickFile.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：11 | 回复：0
CVE-2020-27229

A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findPersonID parameter in ‘‘patientslist.do’ page is vulnerable to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：11 | 回复：0
CVE-2020-27230

A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findSector parameter in ‘‘patientslist.do’ page is vulnerable to a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：15 | 回复：0
CVE-2020-27231

A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findDistrict parameter in ‘‘patientslist.do’ page is vulnerable to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：9 | 回复：0
CVE-2020-28588

An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 (commit 631b7 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：11 | 回复：0
CVE-2021-21428

Openapi generator is a java tool which allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. openapi-generator- ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：12 | 回复：0
CVE-2021-29022

In InvoicePlane 1.5.11, the upload feature discloses the full path of the file upload directory.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：15 | 回复：0
CVE-2020-18102

Cross Site Scripting (XSS) in Hotels_Server v1.0 allows remote attackers to execute arbitrary code by injecting crafted commands the data fields in the component /controller/publishHotel.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：14 | 回复：0
CVE-2020-27232

An exploitable SQL injection vulnerability exists in ‘manageServiceStocks.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an auth ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：16 | 回复：0
CVE-2020-28600

An out-of-bounds write vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：14 | 回复：0
CVE-2021-21430

OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Using `File.createTempFile` in JDK will ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：44 | 回复：0
CVE-2021-32053

JPA Server in HAPI FHIR before 5.4.0 allows a user to deny service (e.g., disable access to the database after the attack stops) via history requests. This occurs because of a SELECT COUNT statement t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：14 | 回复：0