CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-24028

An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift pr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：14 | 回复：0
CVE-2020-36322

An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：7 | 回复：0
CVE-2017-20004

In the standard library in Rust before 1.19.0, there is a synchronization problem in the MutexGuard object. MutexGuards can be used across threads with any types, allowing for memory safety issues thr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：23 | 回复：0
CVE-2018-25008

In the standard library in Rust before 1.29.0, there is weak synchronization in the Arc::get_mut method. This synchronization issue can be lead to memory safety issues through race conditions.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：24 | 回复：0
CVE-2020-36323

In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes af ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：10 | 回复：0
CVE-2021-31162

In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：15 | 回复：0
CVE-2021-28797

A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：5 | 回复：0
CVE-2021-25316

A Insecure Temporary File vulnerability in s390-tools of SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-SP2 allows local attackers to prevent VM live migrations This issue affect ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：7 | 回复：0
CVE-2021-27989

Appspace 6.2.4 is vulnerable to stored cross-site scripting (XSS) in multiple parameters within /medianet/sgcontentset.aspx.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：6 | 回复：0
CVE-2021-22879

Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：12 | 回复：0
CVE-2020-19778

Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote attackers to gain privileges in /index.php by manipulating the parameter user_id in the HTML request.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：17 | 回复：0
CVE-2020-21087

Cross Site Scripting (XSS) in X2Engine X2CRM v6.9 and older allows remote attackers to execute arbitrary code by injecting arbitrary web script or HTML via the New Name field of the Rename a Module to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：17 | 回复：0
CVE-2020-21088

Cross Site Scripting (XSS) in X2engine X2CRM v7.1 and older allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the First Name and Last Name fields in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：22 | 回复：0
CVE-2020-36120

Buffer Overflow in the sixel_encoder_encode_bytes function of Libsixel v1.8.6 allows attackers to cause a Denial of Service (DoS).……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：17 | 回复：0
CVE-2021-26805

Buffer Overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a malicious WAV file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：22 | 回复：0
CVE-2021-26812

Cross Site Scripting (XSS) in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the sessionpriv.php module. This allows attackers to craft a malicious URL, which when clicked on by users, can inj ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：26 | 回复：0
CVE-2021-26827

Buffer Overflow in TP-Link WR2041 v1 firmware for the TL-WR2041+ router allows remote attackers to cause a Denial-of-Service (DoS) by sending an HTTP request with a very long ssid parameter to the /us ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：15 | 回复：0
CVE-2021-26832

Cross Site Scripting (XSS) in the Reset Password page form of Priority Enterprise Management System v8.00 allows attackers to execute javascript on behalf of the victim by sending a malicious URL or d ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：12 | 回复：0
CVE-2021-27113

An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/addRouting route. This could ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：16 | 回复：0
CVE-2021-27114

An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/addassignment route, a very long text entry for the's_ip and s_mac fields could lead to a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：20 | 回复：0
CVE-2021-27288

Cross Site Scripting (XSS) in X2Engine X2CRM v7.1 allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the Comment field in /profile/activity page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：14 | 回复：0
CVE-2021-27815

NULL Pointer Deference in the exif command line tool, when printing out XML formatted EXIF data, in exif v0.6.22 and earlier allows attackers to cause a Denial of Service (DoS) by uploading a maliciou ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：17 | 回复：0
CVE-2021-27990

Appspace 6.2.4 is vulnerable to a broken authentication mechanism where pages such as /medianet/mail.aspx can be called directly and the framework is exposed with layouts, menus and functionalities.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：23 | 回复：0
CVE-2021-28300

NULL Pointer Dereference in the isomedia/track.c module's MergeTrack() function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial-of-Service (DoS) by uploading a maliciou ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：20 | 回复：0
CVE-2021-29338

Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option -ImgDir on a directo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：33 | 回复：0
CVE-2021-31152

Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request forgery (CSRF) vulnerability. An attacker can enable remote access, change passwords, and perform other actions through misconfig ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：6 | 回复：0
CVE-2020-29592

An issue was discovered in Orchard before 1.10. A broken access control issue in Orchard components that use the TinyMCE HTML editor's file upload allows an attacker to upload dangerous executable ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：26 | 回复：0
CVE-2020-29593

An issue was discovered in Orchard before 1.10. The Media Settings Allowed File Types list field allows an attacker to add a XSS payload that will execute when users attempt to upload a disallowed fil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：22 | 回复：0
CVE-2021-25314

A Creation of Temporary File With Insecure Permissions vulnerability in hawk2 of SUSE Linux Enterprise High Availability 12-SP3, SUSE Linux Enterprise High Availability 12-SP5, SUSE Linux Enterprise H ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：23 | 回复：0
CVE-2021-27130

Online Reviewer System 1.0 contains a SQL injection vulnerability through authentication bypass, which may lead to a reverse shell upload.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：15 | 回复：0
CVE-2021-27599

SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Integration Builder Framework), versions - 7.10, 7.30, 7.31, 7.40, 7.50, allows an attacker to access information under certain condi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：13 | 回复：0
CVE-2021-27604

In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Enterprise Service Repository JAVA Mappings), versions - 7.10, 7.20, 7.30, 7 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：17 | 回复：0
CVE-2021-27608

An unquoted service path in SAPSetup, version - 9.0, could lead to privilege escalation during the installation process that is performed when an executable file is registered. This could further lead ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：18 | 回复：0
CVE-2021-27705

Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/qosIndex request. This occurs because the formQOSRu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：22 | 回复：0
CVE-2021-27706

Buffer Overflow in Tenda G1 and G3 routers with firmware version V15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/IPMacBindIndex request. This occurs because ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：26 | 回复：0
CVE-2021-27707

Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/portMappingIndex request. This occurs because the f ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：45 | 回复：0
CVE-2021-28098

An issue was discovered in Forescout CounterACT before 8.1.4. A local privilege escalation vulnerability is present in the logging function. SecureConnector runs with administrative privileges and wri ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：37 | 回复：0
CVE-2021-30493

Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the ChromaBroadcast subkey. These privileged operations consist of file ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：39 | 回复：0
CVE-2021-30494

Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the Razer Chroma SDK subkey. These privileged operations consist of file ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：16 | 回复：0
CVE-2021-27246

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 AC1750 1.0.15 routers. Authentication is not required to exploit this vuln ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：37 | 回复：0