CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-27029

The user may be tricked into opening a malicious FBX file which may exploit a Null Pointer Dereference vulnerability in FBX's Review version 1.5.0 and prior causing the application to crash leadin ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：16 | 回复：0
CVE-2021-27030

A user may be tricked into opening a malicious FBX file which may exploit a Directory Traversal Remote Code Execution vulnerability in FBX’s Review causing it to run arbitrary code on the system.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：8 | 回复：0
CVE-2021-27031

A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in FBX's Review causing the application to reference a memory location controlled by an una ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：28 | 回复：0
CVE-2021-20527

IBM Resilient SOAR V38.0 could allow a privileged user to create create malicious scripts that could be executed as another user. IBM X-Force ID: 198759.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：25 | 回复：0
CVE-2021-29434

Wagtail is a Django content management system. In affected versions of Wagtail, when saving the contents of a rich text field in the admin interface, Wagtail does not apply server-side checks to ensur ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：13 | 回复：0
CVE-2021-29453

matrix-media-repo is an open-source multi-domain media repository for Matrix. Versions 1.2.6 and earlier of matrix-media-repo do not properly handle malicious images which are crafted to be small in f ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：17 | 回复：0
CVE-2021-29455

Grassroot Platform is an application to make it faster, cheaper and easier to persistently organize and mobilize people in low-income communities. Grassroot Platform before master deployment as of 202 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：6 | 回复：0
CVE-2021-29457

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The h ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：16 | 回复：0
CVE-2021-29458

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The ou ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：12 | 回复：0
CVE-2021-31254

Buffer overflow in the tenc_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file, related invalid IV sizes.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：11 | 回复：0
CVE-2021-31255

Buffer overflow in the abst_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：13 | 回复：0
CVE-2021-31256

Memory leak in the stbl_GetSampleInfos function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：15 | 回复：0
CVE-2021-31257

The HintFile function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：18 | 回复：0
CVE-2021-31258

The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：15 | 回复：0
CVE-2021-31259

The gf_isom_cenc_get_default_info_internal function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：20 | 回复：0
CVE-2021-31260

The MergeTrack function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：12 | 回复：0
CVE-2021-31261

The gf_hinter_track_new function in GPAC 1.0.1 allows attackers to read memory via a crafted file in the MP4Box command.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：10 | 回复：0
CVE-2021-31262

The AV1_DuplicateConfig function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：11 | 回复：0
CVE-2021-29279

There is a integer overflow in function filter_core/filter_props.c:gf_props_assign_value in GPAC 1.0.1. In which, the arg const GF_PropertyValue *value,maybe value-value.data.size is a negative number ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：13 | 回复：0
CVE-2021-30014

There is a integer overflow in media_tools/av_parsers.c in the hevc_parse_slice_segment function in GPAC 1.0.1 which results in a crash.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：8 | 回复：0
CVE-2021-30015

There is a Null Pointer Dereference in function filter_core/filter_pck.c:gf_filter_pck_new_alloc_internal in GPAC 1.0.1. The pid comes from function av1dmx_parse_flush_sample, the ctx.opid maybe NULL. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：13 | 回复：0
CVE-2021-30019

In the adts_dmx_process function in filters/reframe_adts.c in GPAC 1.0.1, a crafted file may cause ctx-hdr.frame_size to be smaller than ctx-hdr.hdr_size, resulting in size to be a negative number and ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：13 | 回复：0
CVE-2021-30020

In the function gf_hevc_read_pps_bs_internal function in media_tools/av_parsers.c in GPAC 1.0.1 there is a loop, which with crafted file, pps-num_tile_columns may be larger than sizeof(pps-column_widt ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：27 | 回复：0
CVE-2021-30022

There is a integer overflow in media_tools/av_parsers.c in the gf_avc_read_pps_bs_internal in GPAC 1.0.1. pps_id may be a negative number, so it will not return. However, avc-pps only has 255 unit, so ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：16 | 回复：0
CVE-2021-30199

In filters/reframe_latm.c in GPAC 1.0.1 there is a Null Pointer Dereference, when gf_filter_pck_get_data is called. The first arg pck may be null with a crafted mp4 file,which results in a crash.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：13 | 回复：0
CVE-2020-27240

An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The componentStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injec ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：21 | 回复：0
CVE-2020-27241

An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The serialnumber parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injectio ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：15 | 回复：0
CVE-2021-3497

GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：9 | 回复：0
CVE-2021-3498

GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：10 | 回复：0
CVE-2021-3505

A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algor ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：10 | 回复：0
CVE-2021-20208

A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vuln ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：12 | 回复：0
CVE-2021-27458

If Ethernet communication of the JTEKT Corporation TOYOPUC product series’ (TOYOPUC-PC10 Series: PC10G-CPU TCC-6353: All versions, PC10GE TCC-6464: All versions, PC10P TCC-6372: All versions, PC10P-D ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：18 | 回复：0
CVE-2021-3506

An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain acces ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：14 | 回复：0
CVE-2021-3035

An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlie ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：24 | 回复：0
CVE-2021-3036

An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the API ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：25 | 回复：0
CVE-2021-3037

An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：21 | 回复：0
CVE-2021-3038

A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that result ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：33 | 回复：0
CVE-2021-20023

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：16 | 回复：0
CVE-2021-20453

IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：6 | 回复：0
CVE-2021-25679

** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 an ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：6 | 回复：0