CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-2290

Vulnerability in the Oracle Engineering product of Oracle E-Business Suite (component: Change Management). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:37 | 阅读：33 | 回复：0
CVE-2021-2291

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows low p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:37 | 阅读：27 | 回复：0
CVE-2021-2292

Vulnerability in the Oracle Document Management and Collaboration product of Oracle E-Business Suite (component: Document Management). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:37 | 阅读：18 | 回复：0
CVE-2021-2293

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:37 | 阅读：23 | 回复：0
CVE-2021-2294

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:37 | 阅读：23 | 回复：0
CVE-2021-2295

Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily e ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:37 | 阅读：20 | 回复：0
CVE-2021-2296

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:37 | 阅读：10 | 回复：0
CVE-2021-2297

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:37 | 阅读：14 | 回复：0
CVE-2021-2298

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows low privile ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:37 | 阅读：7 | 回复：0
CVE-2021-2299

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:37 | 阅读：11 | 回复：0
CVE-2021-21644

A cross-site request forgery (CSRF) vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：25 | 回复：0
CVE-2021-21645

Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several HTTP endpoints, attackers with Overall/Read permission to enumerate configuration file IDs.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：11 | 回复：0
CVE-2021-21646

Jenkins Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using Script Security Plugin, allowing attackers with Job/Configure permission to execute arbitrary code i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：17 | 回复：0
CVE-2021-21647

Jenkins CloudBees CD Plugin 1.1.21 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Item/Read permission to schedule builds of projects without having Item/ ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：8 | 回复：0
CVE-2020-35979

An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap-based buffer overflow in the function gp_rtp_builder_do_avc() in ietf/rtp_pck_mpeg4.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：24 | 回复：0
CVE-2020-35980

An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a use-after-free in the function gf_isom_box_del() in isomedia/box_funcs.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：21 | 回复：0
CVE-2020-35981

An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function SetupWriters() in isomedia/isom_store.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：19 | 回复：0
CVE-2020-35982

An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function gf_hinter_track_finalize() in media_tools/isom_hinter.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：22 | 回复：0
CVE-2021-30031

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：24 | 回复：0
CVE-2021-30139

In Alpine Linux apk-tools before 2.12.5, the tarball parser allows a buffer overflow and crash.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：39 | 回复：0
CVE-2021-31327

Stored XSS in Remote Clinic v2.0 in /medicines due to Medicine Name Field.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：26 | 回复：0
CVE-2021-31329

Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Chat and Personal Address field on staff/register.php……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：22 | 回复：0
CVE-2020-23907

An issue was discovered in retdec v3.3. In function canSplitFunctionOn() of ir_modifications.cpp, there is a possible out of bounds read due to a heap buffer overflow. The impact is: Deny of Service, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：31 | 回复：0
CVE-2020-23912

An issue was discovered in Bento4 through v1.6.0-637. A NULL pointer dereference exists in the function AP4_StszAtom::GetSampleSize() located in Ap4StszAtom.cpp. It allows an attacker to cause Denial ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：21 | 回复：0
CVE-2020-23914

An issue was discovered in cpp-peglib through v0.1.12. A NULL pointer dereference exists in the peg::AstOptimizer::optimize() located in peglib.h. It allows an attacker to cause Denial of Service.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：16 | 回复：0
CVE-2020-23915

An issue was discovered in cpp-peglib through v0.1.12. peg::resolve_escape_sequence() in peglib.h has a heap-based buffer over-read.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：29 | 回复：0
CVE-2020-23921

An issue was discovered in fast_ber through v0.4. yy::yylex() in asn_compiler.hpp has a heap-based buffer over-read.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：21 | 回复：0
CVE-2020-23922

An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：17 | 回复：0
CVE-2020-23928

An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：11 | 回复：0
CVE-2020-23930

An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function nhmldump_send_header located in write_nhml.c. It allows an attacker to cause Denial of Service.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：15 | 回复：0
CVE-2020-23931

An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：16 | 回复：0
CVE-2020-23932

An issue was discovered in gpac before 1.0.1. A NULL pointer dereference exists in the function dump_isom_sdp located in filedump.c. It allows an attacker to cause Denial of Service.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：21 | 回复：0
CVE-2021-28167

In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. This allows a user to call static met ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：26 | 回复：0
CVE-2020-28973

The ABUS Secvest wireless alarm system FUAA50000 (v3.01.17) fails to properly authenticate some requests to its built-in HTTPS interface. Someone can use this vulnerability to obtain sensitive informa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：17 | 回复：0
CVE-2021-29456

Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on (SSO) for your applications via a web portal. In versions 4.27.4 and earlier, ut ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：27 | 回复：0
CVE-2021-31523

The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has cap_net_raw enabled for the /usr/libexec/xscreensaver/sonar file, which allows local users to gain privileges because this is arguably ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：30 | 回复：0
CVE-2020-36324

Wikimedia Quarry analytics-quarry-web before 2020-12-15 allows Reflected XSS because app.py does not explicitly set the application/json content type.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：21 | 回复：0
CVE-2021-21426

Magento-lts is a long-term support alternative to Magento Community Edition (CE). In magento-lts versions 19.4.12 and prior and 20.0.8 and prior, there is a vulnerability caused by the unsecured deser ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：23 | 回复：0
CVE-2021-21427

Magento-lts is a long-term support alternative to Magento Community Edition (CE). A vulnerability in magento-lts versions before 19.4.13 and 20.0.9 potentially allows an administrator unauthorized acc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：39 | 回复：0
CVE-2020-27568

Insecure File Permissions exist in Aviatrix Controller 5.3.1516. Several world writable files and directories were found in the controller resource. Note: All Aviatrix appliances are fully encrypted. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：42 | 回复：0