CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-20235

There's a flaw in the zeromq server in versions before 4.3.3 in src/decoder_allocators.hpp. The decoder static allocator could have its sized changed, but the buffer would remain the same as it is ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：14 | 回复：0
CVE-2021-20296

A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：16 | 回复：0
CVE-2021-28545

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing support for an integrity check. An unauthenticated attacker ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：19 | 回复：0
CVE-2021-28546

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing support for an integrity check. An unauthenticated attacker ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：15 | 回复：0
CVE-2021-3393

An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft que ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：22 | 回复：0
CVE-2021-22177

Potential DoS was identified in gitlab-shell in GitLab CE/EE version 12.6.0 or above, which allows an attacker to spike the server resource utilization via gitlab-shell command.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：30 | 回复：0
CVE-2021-28163

In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a stat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：23 | 回复：0
CVE-2021-28164

In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF direct ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：22 | 回复：0
CVE-2021-28165

In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：24 | 回复：0
CVE-2020-9146

A memory buffer error vulnerability exists in a component interface of Huawei Smartphone. Local attackers can exploit this vulnerability to cause memory leakage and doS attacks by carefully constructi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：10 | 回复：0
CVE-2020-9147

A memory buffer error vulnerability exists in a component interface of Huawei Smartphone. Local attackers may exploit this vulnerability by carefully constructing attack scenarios to cause out-of-boun ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：16 | 回复：0
CVE-2020-9148

An application bypass mechanism vulnerability exists in a component interface of Huawei Smartphone. Local attackers can exploit this vulnerability to delete user SMS messages.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：13 | 回复：0
CVE-2020-9149

An application error verification vulnerability exists in a component interface of Huawei Smartphone. Local attackers can exploit this vulnerability to modify and delete user SMS messages.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：7 | 回复：0
CVE-2021-20291

A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：9 | 回复：0
CVE-2021-22195

Client side code execution in gitlab-vscode-extension v3.15.0 and earlier allows attacker to execute code on user system……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：17 | 回复：0
CVE-2021-22876

curl 7.1.1 to and including 7.75.0 is vulnerable to an Exposure of Private Personal Information to an Unauthorized Actor by leaking credentials in the HTTP Referer: header. libcurl does not strip off ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：10 | 回复：0
CVE-2021-22890

curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：8 | 回复：0
CVE-2021-25924

In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Request Forgery due to missing CSRF protection at the `/go/api/config/backup` endpoint. An attacker can trick a victim to click on a mal ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：8 | 回复：0
CVE-2021-3447

A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：11 | 回复：0
CVE-2020-19613

Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function in ImagesService.java in sunkaifei FlyCMS version 20190503.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：21 | 回复：0
CVE-2020-19616

Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post header field to /post/editing.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：12 | 回复：0
CVE-2020-19617

Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the nickname field to /settings/profile.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：19 | 回复：0
CVE-2021-20078

Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote attacker to remote ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：24 | 回复：0
CVE-2021-21982

VMware Carbon Black Cloud Workload appliance 1.0.0 and 1.01 has an authentication bypass vulnerability that may allow a malicious actor with network access to the administrative interface of the VMwar ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：27 | 回复：0
CVE-2021-26072

The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind Server-Side ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：9 | 回复：0
CVE-2021-26580

A potential security vulnerability has been identified in HPE iLO Amplifier Pack. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). HPE has provided the following soft ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：10 | 回复：0
CVE-2021-26581

A potential security vulnerability has been identified in HPE Superdome Flex server. A denial of service attack can be remotely exploited leaving hung connections to the BMC web interface. The monarch ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：25 | 回复：0
CVE-2021-26718

KIS for macOS in some use cases was vulnerable to AV bypass that potentially allowed an attacker to disable anti-virus protection.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：11 | 回复：0
CVE-2021-27653

Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to unintended data exposure.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：11 | 回复：0
CVE-2020-19618

Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post content field to /post/editing.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：13 | 回复：0
CVE-2020-19619

Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the signature field to /settings/profile.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：10 | 回复：0
CVE-2021-28969

eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort_by parameter to the email search feature. According to the vendor, the issu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：8 | 回复：0
CVE-2021-28970

eMPS 9.0.1.923211 on the Central Management of FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the job_id parameter to the email search feature. Accordin ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：11 | 回复：0
CVE-2021-29421

models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：17 | 回复：0
CVE-2021-28047

Cross-Site Scripting (XSS) in Administrative Reports in Devolutions Remote Desktop Manager before 2021.1 allows remote authenticated users to inject arbitrary web script or HTML via multiple input fie ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：14 | 回复：0
CVE-2021-21416

django-registration is a user registration package for Django. The django-registration package provides tools for implementing user-account registration flows in the Django web framework. In django-re ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：15 | 回复：0
CVE-2021-21420

vscode-stripe is an extension for Visual Studio Code. A vulnerability in Stripe for Visual Studio Code extension exists when it loads an untrusted source-code repository containing malicious settings. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：18 | 回复：0
CVE-2021-21421

node-etsy-client is a NodeJs Etsy ReST API Client. Applications that are using node-etsy-client and reporting client error to the end user will offer api key value too This is fixed in node-etsy-clien ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：13 | 回复：0
CVE-2021-23921

An issue was discovered in Devolutions Server before 2020.3. There is broken access control on Password List entry elements.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：12 | 回复：0
CVE-2021-23922

An issue was discovered in Devolutions Remote Desktop Manager before 2020.2.12. There is a cross-site scripting (XSS) vulnerability in webviews.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：12 | 回复：0