CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-26074

Broken Authentication in Atlassian Connect Spring Boot (ACSB) from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：29 | 回复：0
CVE-2021-31414

The unofficial vscode-rpm-spec extension before 0.3.2 for Visual Studio Code allows remote code execution via a crafted workspace configuration.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：28 | 回复：0
CVE-2021-22539

An attacker can place a crafted JSON config file into the project folder pointing to a custom executable. VScode-bazel allows the workspace path to lint *.bzl files to be set via this config file. As ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：32 | 回复：0
CVE-2021-20491

IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based buffer overflow caused by improper bounds checking during the parsing of commands. By issuing such a command with an improper parame ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：19 | 回复：0
CVE-2020-9667

Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker with admin privileges could plant custom binaries and execut ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：22 | 回复：0
CVE-2020-9668

Adobe Genuine Service version 6.6 (and earlier) is affected by an Improper Access control vulnerability when handling symbolic links. An unauthenticated attacker could exploit this to elevate privileg ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：21 | 回复：0
CVE-2020-9681

Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to rewrite the file of the administrator, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：18 | 回复：0
CVE-2021-26830

SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin librar ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：20 | 回复：0
CVE-2021-29443

jose is an npm library providing a number of cryptographic operations. In vulnerable versions AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：21 | 回复：0
CVE-2021-31347

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (writing outside a memory region created by mmap ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：15 | 回复：0
CVE-2021-31348

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (out-of-bounds read after a certain strcspn fail ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：19 | 回复：0
CVE-2021-27394

A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions V7.23.19), Mendix Applications using Mendix 8 (All versions V8.17.0), Mendix Applications using Mendix 8 (V8.1 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：17 | 回复：0
CVE-2021-29444

jose-browser-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) dec ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：23 | 回复：0
CVE-2021-29445

jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) de ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：26 | 回复：0
CVE-2021-29446

jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) de ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：26 | 回复：0
CVE-2021-29451

Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patch ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：4 | 回复：0
CVE-2021-29452

a12n-server is an npm package which aims to provide a simple authentication system. A new HAL-Form was added to allow editing users in version 0.18.0. This feature should only have been accessible to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：22 | 回复：0
CVE-2020-2509

A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：6 | 回复：0
CVE-2020-36195

An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain applicat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：10 | 回复：0
CVE-2021-3492

Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situ ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：13 | 回复：0
CVE-2021-3493

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combinatio ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：32 | 回复：0
CVE-2021-23374

This affects all versions of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：41 | 回复：0
CVE-2021-23375

This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the ch ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：22 | 回复：0
CVE-2021-23376

This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：20 | 回复：0
CVE-2021-23377

This affects all versions of package onion-oled-js. If attacker-controlled user input is given to the scroll function, it is possible for an attacker to execute arbitrary commands. This is due to use ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：20 | 回复：0
CVE-2021-23378

This affects all versions of package picotts. If attacker-controlled user input is given to the say function, it is possible for an attacker to execute arbitrary commands. This is due to use of the ch ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：24 | 回复：0
CVE-2021-23379

This affects all versions of package portkiller. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：28 | 回复：0
CVE-2021-23380

This affects all versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker to exec ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：25 | 回复：0
CVE-2021-23381

This affects all versions of package killing. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec fun ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：11 | 回复：0
CVE-2021-29399

XMB is vulnerable to cross-site scripting (XSS) due to inadequate filtering of BBCode input. This bug affects all versions of XMB. All XMB installations must be updated to versions 1.9.12.03 or 1.9.11 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：17 | 回复：0
CVE-2020-7851

Innorix Web-Based File Transfer Solution versuibs prior to and including 9.2.18.385 contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：26 | 回复：0
CVE-2021-21070

Adobe Robohelp version 2020.0.3 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. An attacker with admin permissions to write to t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：23 | 回复：0
CVE-2021-20989

Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older initiate SSH connections to the Fibaro cloud to provide remote access and remote support capabilities. This connection can b ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：17 | 回复：0
CVE-2021-20990

In Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older an internal management service is accessible on port 8000 and some API endpoints could be accessed without authentication ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：35 | 回复：0
CVE-2021-20991

In Fibaro Home Center 2 and Lite devices with firmware version 4.540 and older an authenticated user can run commands as root user using a command injection vulnerability.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：14 | 回复：0
CVE-2021-20992

In Fibaro Home Center 2 and Lite devices in all versions provide a web based management interface over unencrypted HTTP protocol. Communication between the user and the device can be eavesdropped to h ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：16 | 回复：0
CVE-2021-21981

VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment. Successful exploitation of this issue may allow attackers with local g ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：18 | 回复：0
CVE-2020-28141

The messaging subsystem in the Online Discussion Forum 1.0 is vulnerable to XSS in the message body. An authenticated user can send messages to arbitrary users on the system that include javascript th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：25 | 回复：0
CVE-2021-27027

An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to code execution through maliciously crafted DLL files or information disclosure.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：28 | 回复：0
CVE-2021-27028

A Memory Corruption Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to remote code execution through maliciously crafted DLL files.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：17 | 回复：0