CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2019-10128

A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for EnterpriseDB-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the A ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：46 | 回复：0
CVE-2019-10151

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：39 | 回复：0
CVE-2019-10196

A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Den ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：43 | 回复：0
CVE-2019-10200

A flaw was discovered in OpenShift Container Platform 4 where, by default, users with access to create pods also have the ability to schedule workloads on master nodes. Pods with permission to access ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：35 | 回复：0
CVE-2019-10225

A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：37 | 回复：0
CVE-2019-14828

A vulnerability was found in Moodle affecting 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where users with the capability to create courses were assigned as a teacher in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：34 | 回复：0
CVE-2019-14829

A vulnerability was found in Moodle affection 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions where activity creation capabilities were not correctly respected when selecting ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：35 | 回复：0
CVE-2019-14830

A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where the mobile launch endpoint contained an open redirect in some circumstances, which ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：31 | 回复：0
CVE-2019-14831

A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where forum subscribe link contained an open redirect if forced subscription mode was ena ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：43 | 回复：0
CVE-2021-21267

Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector). In before version 2.0.0, email address validation is vulnerable to a denial-of-service attac ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：29 | 回复：0
CVE-2021-28950

An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：31 | 回复：0
CVE-2021-28951

An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concur ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：40 | 回复：0
CVE-2021-28117

libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor http://) based on the content of ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：44 | 回复：0
CVE-2021-28952

An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：37 | 回复：0
CVE-2020-27170

An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spect ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：35 | 回复：0
CVE-2020-27171

An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：31 | 回复：0
CVE-2021-28953

The unofficial C/C++ Advanced Lint extension before 1.9.0 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted repository.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：36 | 回复：0
CVE-2021-28954

In Chris Walz bit before 1.0.5 on Windows, attackers can run arbitrary code via a .exe file in a crafted repository.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：26 | 回复：0
CVE-2021-28957

An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction at ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：45 | 回复：0
CVE-2021-28961

applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：35 | 回复：0
CVE-2021-23360

This affects the package killport before 1.0.2. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：38 | 回复：0
CVE-2020-13963

SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related authentication algorithm, is public. The key for admin is hardcoded in the installation code ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：25 | 回复：0
CVE-2021-26069

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to download temporary files and enumerate project keys via an Information Disclosure vulnerability in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：29 | 回复：0
CVE-2021-26070

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-linked resources via a Broken Authentication vulnerability in the `make ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：30 | 回复：0
CVE-2021-28955

git-bug before 0.7.2 has an Uncontrolled Search Path Element. It will execute git.bat from the current directory in certain PATH situations (most often seen on Windows).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：19 | 回复：0
CVE-2021-28956

** UNSUPPORTED WHEN ASSIGNED ** The unofficial vscode-sass-lint (aka Sass Lint) extension through 1.0.7 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafte ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：26 | 回复：0
CVE-2021-28963

Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：24 | 回复：0
CVE-2021-21437

Agents are able to see linked Config Items without permissions, which are defined in General Catalog. This issue affects: OTRSCIsInCustomerFrontend 7.0.15 and prior versions, ITSMConfigurationManageme ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：24 | 回复：0
CVE-2021-21438

Agents are able to see linked FAQ articles without permissions (defined in FAQ Category). This issue affects: FAQ version 6.0.29 and prior versions, OTRS version 7.0.24 and prior versions.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：26 | 回复：0
CVE-2021-28964

A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：24 | 回复：0
CVE-2020-28501

This affects the package es6-crawler-detect before 3.1.3. No limitation of user agent string length supplied to regex operators.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：24 | 回复：0
CVE-2021-26295

Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：39 | 回复：0
CVE-2021-27962

Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：34 | 回复：0
CVE-2021-28146

The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any auth ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：31 | 回复：0
CVE-2021-27308

A cross-site scripting (XSS) vulnerability in the admin login panel in 4images version 1.8 allows remote attackers to inject JavaScript via the redirect parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：32 | 回复：0
CVE-2021-28147

The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication se ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：19 | 回复：0
CVE-2021-28148

One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：26 | 回复：0
CVE-2021-28968

An issue was discovered in PunBB before 1.4.6. An XSS vulnerability in the BBcode tag allows (with authentication) injecting arbitrary JavaScript into any forum message.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：34 | 回复：0
CVE-2020-4882

IBM Planning Analytics 2.0 could be vulnerable to a Server-Side Request Forgery (SSRF) attack by constucting URLs from user-controlled data . This could enable attackers to make arbitrary requests to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：31 | 回复：0
CVE-2021-27593

When a user opens manipulated Graphics Interchange Format (.GIF) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：25 | 回复：0