CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-21202

Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chro ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：23 | 回复：0
CVE-2021-21203

Use after free in Blink in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：20 | 回复：0
CVE-2021-21204

Use after free in Blink in Google Chrome on OS X prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：13 | 回复：0
CVE-2021-21205

Insufficient policy enforcement in navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：13 | 回复：0
CVE-2021-21206

Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：20 | 回复：0
CVE-2021-21207

Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrom ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：13 | 回复：0
CVE-2021-21208

Insufficient data validation in QR scanner in Google Chrome on iOS prior to 90.0.4430.72 allowed an attacker displaying a QR code to perform domain spoofing via a crafted QR code.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：21 | 回复：0
CVE-2021-21209

Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：17 | 回复：0
CVE-2021-21210

Inappropriate implementation in Network in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially access local UDP ports via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：17 | 回复：0
CVE-2021-21211

Inappropriate implementation in Navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：14 | 回复：0
CVE-2021-21212

Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowed a remote attacker to potentially compromise WiFi connection security via a malicious WAP.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：14 | 回复：0
CVE-2021-21213

Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：13 | 回复：0
CVE-2021-21214

Use after free in Network API in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：22 | 回复：0
CVE-2021-21215

Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：22 | 回复：0
CVE-2021-21216

Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：11 | 回复：0
CVE-2021-21217

Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：14 | 回复：0
CVE-2021-21218

Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：20 | 回复：0
CVE-2021-21219

Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：13 | 回复：0
CVE-2021-21220

Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：19 | 回复：0
CVE-2021-21221

Insufficient validation of untrusted input in Mojo in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTM ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：10 | 回复：0
CVE-2021-21222

Heap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：13 | 回复：0
CVE-2021-21223

Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：11 | 回复：0
CVE-2021-21224

Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：9 | 回复：0
CVE-2021-21225

Out of bounds memory access in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：7 | 回复：0
CVE-2021-21226

Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：11 | 回复：0
CVE-2021-28359

The origin parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions 1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:37 | 阅读：10 | 回复：0
CVE-2021-31996

An issue was discovered in the algorithmica crate through 2021-03-07 for Rust. There is a double free in merge_sort::merge().……

作者：菜鸟教程小白 | 时间：2022-2-5 10:37 | 阅读：9 | 回复：0
CVE-2021-25631

In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denyli ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:37 | 阅读：23 | 回复：0
CVE-2021-28860

In Node.js mixme, prior to v0.5.1, an attacker can add or alter properties of an object via '__proto__' through the mutate() and merge() functions. The polluted attribute will be directly assi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:37 | 阅读：14 | 回复：0
CVE-2021-29369

The gnuplot package prior to version 0.1.0 for Node.js allows code execution via shell metacharacters in Gnuplot commands.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:37 | 阅读：19 | 回复：0
CVE-2021-29238

CODESYS Automation Server before 1.16.0 allows cross-site request forgery (CSRF).……

作者：菜鸟教程小白 | 时间：2022-2-5 10:37 | 阅读：16 | 回复：0
CVE-2021-29239

CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:37 | 阅读：19 | 回复：0
CVE-2021-29241

CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).……

作者：菜鸟教程小白 | 时间：2022-2-5 10:37 | 阅读：22 | 回复：0
CVE-2021-29242

CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remov ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:37 | 阅读：20 | 回复：0
CVE-2020-20218

Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:37 | 阅读：12 | 回复：0
CVE-2020-20247

Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:37 | 阅读：15 | 回复：0
CVE-2021-21264

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. A bypass of CVE-2020-26231 (fixed in 1.0.470/471 and 1.1.1) was discovered that has the same impact as CVE- ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:37 | 阅读：7 | 回复：0
CVE-2020-28945

OX App Suite 7.10.4 and earlier allows XSS via crafted content to reach an undocumented feature, such as !(http://onerror=Function.constructor, in a Notes item.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:37 | 阅读：32 | 回复：0
CVE-2020-35755

An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luci_service Read_ NVRAM Direct Access Information Leak. The luci_service deamon running on port 7777 provides a sub-categ ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:37 | 阅读：10 | 回复：0
CVE-2020-35756

An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luci_service GETPASS Configuration Password Information Leak. The luci_service daemon running on port 7777 does not requir ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:37 | 阅读：23 | 回复：0