CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-28874

SerenityOS fixed as of c9f25bca048443e317f1994ba9b106f2386688c3 contains a buffer overflow vulnerability in LibTextCode through opening a crafted file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：7 | 回复：0
CVE-2021-30045

SerenityOS 2021-03-27 contains a buffer overflow vulnerability in the EndOfCentralDirectory::read() function.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：13 | 回复：0
CVE-2021-30046

VIGRA Computer Vision Library Version-1-11-1 contains a segmentation fault vulnerability in the impex.hxx read_image_band() function, in which a crafted file can cause a denial of service.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：11 | 回复：0
CVE-2021-28142

CITSmart before 9.1.2.28 mishandles the filtro de autocomplete.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：17 | 回复：0
CVE-2021-28658

In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：14 | 回复：0
CVE-2021-30130

phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：7 | 回复：0
CVE-2020-23533

Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：14 | 回复：0
CVE-2020-36284

Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile app ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：16 | 回复：0
CVE-2020-36285

Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：17 | 回复：0
CVE-2021-26833

Cleartext Storage in a File or on Disk in TimelyBills = 1.7.0 for iOS and versions = 1.21.115 for Android allows attacker who can locally read user's files obtain JWT tokens for user's account ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：13 | 回复：0
CVE-2021-29136

Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when umoci unpack or umoci raw unpack is used.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：5 | 回复：0
CVE-2021-29424

The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass acc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：17 | 回复：0
CVE-2021-30140

LiquidFiles 3.4.15 has stored XSS through the send email functionality when sending a file via email to an administrator. When a file has no extension and contains malicious HTML / JavaScript content ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：16 | 回复：0
CVE-2021-30146

Seafile 7.0.5 (2019) allows Persistent XSS via the share of library functionality.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：14 | 回复：0
CVE-2021-20334

A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass. This is ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：24 | 回复：0
CVE-2021-24026

A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.3 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：9 | 回复：0
CVE-2021-24027

A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device’s external storage to read c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：10 | 回复：0
CVE-2020-36309

ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：5 | 回复：0
CVE-2021-21423

`projen` is a project generation tool that synthesizes project configuration files such as `package.json`, `tsconfig.json`, `.gitignore`, GitHub Workflows, `eslint`, `jest`, and more, from a well-type ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：5 | 回复：0
CVE-2021-28688

The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：18 | 回复：0
CVE-2021-21404

Syncthing is a continuous file synchronization program. In Syncthing before version 1.15.0, the relay server `strelaysrv` can be caused to crash and exit by sending a relay message with a negative len ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：31 | 回复：0
CVE-2021-25692

Sensitive smart card data is logged in default INFO logs by Teradici's PCoIP Connection Manager and Security Gateway prior to version 21.01.3.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：38 | 回复：0
CVE-2020-13418

OpenIAM before 4.2.0.3 allows XSS in the Add New User feature.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：13 | 回复：0
CVE-2020-13419

OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：19 | 回复：0
CVE-2020-13420

OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary code via Groovy Script.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：16 | 回复：0
CVE-2020-13421

OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions, and Password Reset actions.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：21 | 回复：0
CVE-2020-13422

OpenIAM before 4.2.0.3 does not verify if a user has permissions to perform /webconsole/rest/api/* administrative actions.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：21 | 回复：0
CVE-2021-22157

Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.11.1 allows stored XSS.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：14 | 回复：0
CVE-2021-22158

The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is vulnerable to XML external entity (XXE) injection in the Web Console. The vulnerability requires admin user privileges an ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：25 | 回复：0
CVE-2021-27899

The Proofpoint Insider Threat Management Agents (formerly ObserveIT Agent) for MacOS and Linux perform improper validation of the ITM Server's certificate, which enables a remote attacker to inter ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：21 | 回复：0
CVE-2021-27900

The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is missing an authorization check on several pages in the Web Console. This enables a view-only user to change any configura ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：13 | 回复：0
CVE-2020-36310

An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/svm/svm.c allows a set_memory_region_test infinite loop for certain nested page faults, aka CID-e72436bc3a52.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：12 | 回复：0
CVE-2020-36311

An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires u ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：14 | 回复：0
CVE-2020-36312

An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：20 | 回复：0
CVE-2020-36313

An issue was discovered in the Linux kernel before 5.7. The KVM subsystem allows out-of-range access to memslots after a deletion, aka CID-0774a964ef56. This affects arch/s390/kvm/kvm-s390.c, include/ ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：25 | 回复：0
CVE-2021-30178

An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context, aka CID-919f4ebc5987.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：27 | 回复：0
CVE-2021-30147

DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as adding new manager accounts via admin.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：20 | 回复：0
CVE-2020-11191

Out of bound read occurs while processing crafted SDP due to lack of check of null string in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：25 | 回复：0
CVE-2020-11210

Possible memory corruption in RPM region due to improper XPU configuration in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：23 | 回复：0
CVE-2020-11231

Two threads call one or both functions concurrently leading to corruption of pointers and reference counters which in turn can lead to heap corruption in Snapdragon Compute, Snapdragon Connectivity, S ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：20 | 回复：0