CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-25372

An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：16 | 回复：0
CVE-2021-21332

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the pa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：27 | 回复：0
CVE-2021-21333

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the no ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：29 | 回复：0
CVE-2021-22172

Improper authorization in GitLab 12.8+ allows a guest user in a private project to view tag data that should be inaccessible on the releases page……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：30 | 回复：0
CVE-2021-22180

An issue has been discovered in GitLab affecting all versions starting from 13.4. Improper access control allows unauthorized users to access details on analytic pages.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：29 | 回复：0
CVE-2021-22184

An information disclosure issue in GitLab starting from version 12.8 allowed a user with access to the server logs to see sensitive information that wasn't properly redacted.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：27 | 回复：0
CVE-2021-22194

In all versions of GitLab, marshalled session keys were being stored in Redis.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：27 | 回复：0
CVE-2020-25578

In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 several file systems were not properly initializing the d_ ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：27 | 回复：0
CVE-2020-25579

In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 msdosfs(5) was failing to zero-fill a pair of padding fiel ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：36 | 回复：0
CVE-2020-25580

In FreeBSD 12.2-STABLE before r369346, 11.4-STABLE before r369345, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 a regression in the login.access(5) rule processor has the effect of causing rules ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：38 | 回复：0
CVE-2020-25581

In FreeBSD 12.2-STABLE before r369312, 11.4-STABLE before r369313, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 due to a race condition in the jail_remove(2) implementation, it may fail to kill s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：46 | 回复：0
CVE-2020-25582

In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before r369335, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 when a process, such as jexec(8) or killall(1), calls jail_attach(2) to enter a jai ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：40 | 回复：0
CVE-2020-7461

In FreeBSD 12.1-STABLE before r365010, 11.4-STABLE before r365011, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, dhclient(8) fails to handle certain malformed input rela ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：26 | 回复：0
CVE-2020-7462

In 11.4-PRERELEASE before r360733 and 11.3-RELEASE before p13, improper mbuf handling in the kernel causes a use-after-free bug by sending IPv6 Hop-by-Hop options over the loopback interface. The use- ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：42 | 回复：0
CVE-2020-7464

In FreeBSD 12.2-STABLE before r365730, 11.4-STABLE before r365738, 12.1-RELEASE before p10, 11.4-RELEASE before p4, and 11.3-RELEASE before p14, a programming error in the ure(4) device driver caused ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：79 | 回复：0
CVE-2020-7467

In FreeBSD 12.2-STABLE before r365767, 11.4-STABLE before r365769, 12.1-RELEASE before p10, 11.4-RELEASE before p4 and 11.3-RELEASE before p14 a number of AMD virtualization instructions operate on ho ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：42 | 回复：0
CVE-2020-7468

In FreeBSD 12.2-STABLE before r365772, 11.4-STABLE before r365773, 12.1-RELEASE before p10, 11.4-RELEASE before p4 and 11.3-RELEASE before p14 a ftpd(8) bug in the implementation of the file system sa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：36 | 回复：0
CVE-2021-21389

BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：56 | 回复：0
CVE-2021-21411

OAuth2-Proxy is an open source reverse proxy that provides authentication with Google, Github or other providers. The `--gitlab-group` flag for group-based authorization in the GitLab provider stopped ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：32 | 回复：0
CVE-2021-20206

An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：34 | 回复：0
CVE-2021-21372

Nimble is a package manager for the Nim programming language. In Nim release version before versions 1.2.10 and 1.4.4, Nimble doCmd is used in different places and can be leveraged to execute arbitrar ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：33 | 回复：0
CVE-2021-21373

Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, nimble refresh fetches a list of Nimble packages over HTTPS by default. In case ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：58 | 回复：0
CVE-2021-21374

Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, nimble refresh fetches a list of Nimble packages over HTTPS without full verific ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：40 | 回复：0
CVE-2021-21396

wire-server is an open-source back end for Wire, a secure collaboration platform. In wire-server from version 2021-02-16 and before version 2021-03-02, the client metadata of all users was exposed in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：38 | 回复：0
CVE-2021-29264

An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negati ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：63 | 回复：0
CVE-2021-29265

An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：58 | 回复：0
CVE-2021-3341

A path traversal vulnerability in the DxWebEngine component of DH2i DxEnterprise and DxOdyssey for Windows, version 19.5 through 20.x before 20.0.219.0, allows an attacker to read any file on the host ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：59 | 回复：0
CVE-2021-26303

PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the user-profile.php Full Name field.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：34 | 回复：0
CVE-2021-26304

PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the add-expense.php Item parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：35 | 回复：0
CVE-2021-26305

An issue was discovered in Deserializer::read_vec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, violat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：54 | 回复：0
CVE-2021-26306

An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It has unsound transmute calls within as_string() methods.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：73 | 回复：0
CVE-2021-26307

An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It allows __cpuid_count() calls even if the processor does not support the CPUID instruction, which is unsound and causes a determ ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：45 | 回复：0
CVE-2021-26308

An issue was discovered in the marc crate before 2.0.0 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated memory, violating soundness.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：37 | 回复：0
CVE-2021-3336

DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding ce ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：40 | 回复：0
CVE-2019-25014

A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0. If a particular HTTP GET request is made to the pilot API endpoint, it is po ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：45 | 回复：0
CVE-2021-3298

Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：46 | 回复：0
CVE-2020-28401

An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access WIP details about jobs he should not have access to.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：40 | 回复：0
CVE-2020-28402

An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access Launcher Configuration Panel.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：52 | 回复：0
CVE-2020-28403

A Cross-Site Request Forgery (CSRF) vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an attacker to change the privileges of any user of the application. This can be u ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：44 | 回复：0
CVE-2020-28404

An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access the Billing page without the appropriate privileges.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：54 | 回复：0