CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2020-29443

ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：34 | 回复：0
CVE-2020-35239

A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The CsrfProtectionMiddleware component allows method override parameters to bypass CSRF checks by changing the HTTP request method to an ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：21 | 回复：0
CVE-2020-35263

EgavilanMedia User Registration Login System 1.0 is affected by SQL injection to the admin panel, which may allow arbitrary code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：24 | 回复：0
CVE-2020-35270

Student Result Management System In PHP With Source Code is affected by SQL injection. An attacker can able to access of Admin Panel and manage every account of Result.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：22 | 回复：0
CVE-2020-35309

Bakeshop Online Ordering System in PHP/MySQLi 1.0 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML in admin dashboard - Categories.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：22 | 回复：0
CVE-2020-35310

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none NOTE: This is disputed by the vendor; We have no records of contact with the original reporter, and have not been able to reproduce any ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：18 | 回复：0
CVE-2020-35513

A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if bo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：14 | 回复：0
CVE-2020-35576

A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metachar ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：19 | 回复：0
CVE-2020-35753

The job posting recommendation form in Persis Human Resource Management Portal (Versions 17.2.00 through 17.2.35 and 19.0.00 through 19.0.20), when the Recommend job posting function is enabled, allow ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：13 | 回复：0
CVE-2020-35843

FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0x956e.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：24 | 回复：0
CVE-2020-35844

FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0xbe9c4.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：13 | 回复：0
CVE-2020-35845

FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0x96cf.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：12 | 回复：0
CVE-2020-35853

4images Image Gallery Management System 1.7.11 is affected by cross-site scripting (XSS) in the Image URL. This vulnerability can result in an attacker to inject the XSS payload into the IMAGE URL. Ea ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：14 | 回复：0
CVE-2020-35854

Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Body parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：30 | 回复：0
CVE-2020-36011

A cross-site scripting (XSS) issue in Add Patient Form in QDOCS Smart Hospital Management System 3.1 allows a remote attacker to inject arbitrary code via the Name, Guardian Name, Email, Address, Rema ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：12 | 回复：0
CVE-2020-36199

TinyCheck before commits 9fd360d and ea53de8 was vulnerable to command injection due to insufficient checks of input parameters in several places.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：12 | 回复：0
CVE-2020-36200

TinyCheck before commits 9fd360d and ea53de8 allowed an authenticated attacker to send an HTTP GET request to the crafted URLs.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：22 | 回复：0
CVE-2020-36201

An issue was discovered in certain Xerox WorkCentre products. They do not properly encrypt passwords. This affects 3655, 3655i, 58XX, 58XXi 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi 78XX, 78XXi, 7970, 797 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：14 | 回复：0
CVE-2020-36202

An issue was discovered in the async-h1 crate before 2.3.0 for Rust. Request smuggling can occur when used behind a reverse proxy.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：19 | 回复：0
CVE-2020-36203

An issue was discovered in the reffers crate through 2020-12-01 for Rust. ARefss can contain a !Send,!Sync object, leading to a data race and memory corruption.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：13 | 回复：0
CVE-2020-36204

An issue was discovered in the im crate through 2020-11-09 for Rust. Because TreeFocus does not have bounds on its Send trait or Sync trait, a data race can occur.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：21 | 回复：0
CVE-2020-36205

An issue was discovered in the xcb crate through 2020-12-10 for Rust. base::Error does not have soundness. Because of the public ptr field, a use-after-free or double-free can occur.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：16 | 回复：0
CVE-2020-36206

An issue was discovered in the rusb crate before 0.7.0 for Rust. Because of a lack of Send and Sync bounds, a data race and memory corruption can occur.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：11 | 回复：0
CVE-2020-36207

An issue was discovered in the aovec crate through 2020-12-10 for Rust. Because AovecT does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：20 | 回复：0
CVE-2020-36208

An issue was discovered in the conquer-once crate before 0.3.2 for Rust. Thread crossing can occur for a non-Send but Sync type, leading to memory corruption.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：30 | 回复：0
CVE-2020-36209

An issue was discovered in the late-static crate before 0.4.0 for Rust. Because Sync is implemented for LateStatic with T: Send, a data race can occur.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：10 | 回复：0
CVE-2020-36210

An issue was discovered in the autorand crate before 0.2.3 for Rust. Because of impl Random on arrays, uninitialized memory can be dropped when a panic occurs, leading to memory corruption.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：21 | 回复：0
CVE-2020-36211

An issue was discovered in the gfwx crate before 0.3.0 for Rust. Because ImageChunkMut does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：25 | 回复：0
CVE-2020-36212

An issue was discovered in the abi_stable crate before 0.9.1 for Rust. DrainFilter lacks soundness because of a double drop.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：26 | 回复：0
CVE-2020-36213

An issue was discovered in the abi_stable crate before 0.9.1 for Rust. A retain call can create an invalid UTF-8 string, violating soundness.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：15 | 回复：0
CVE-2020-36214

An issue was discovered in the multiqueue2 crate before 0.1.7 for Rust. Because a non-Send type can be sent to a different thread, a data race can occur.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：34 | 回复：0
CVE-2020-36215

An issue was discovered in the hashconsing crate before 1.1.0 for Rust. Because HConsed does not have bounds on its Send trait or Sync trait, memory corruption can occur.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：25 | 回复：0
CVE-2020-36216

An issue was discovered in InputR in the eventio crate before 0.5.1 for Rust. Because a non-Send type can be sent to a different thread, a data race and memory corruption can occur.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：25 | 回复：0
CVE-2020-36217

An issue was discovered in the may_queue crate through 2020-11-10 for Rust. Because Queue does not have bounds on its Send trait or Sync trait, memory corruption can occur.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：12 | 回复：0
CVE-2020-36218

An issue was discovered in the buttplug crate before 1.0.4 for Rust. ButtplugFutureStateShared does not properly consider (!Send|!Sync) objects, leading to a data race.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：18 | 回复：0
CVE-2020-36219

An issue was discovered in the atomic-option crate through 2020-10-31 for Rust. Because AtomicOptionT implements Sync unconditionally, a data race can occur.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：25 | 回复：0
CVE-2020-36220

An issue was discovered in the va-ts crate before 0.0.4 for Rust. Because DemuxerT omits a required T: Send bound, a data race and memory corruption can occur.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：16 | 回复：0
CVE-2020-36221

An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssue ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：10 | 回复：0
CVE-2020-36222

A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：13 | 回复：0
CVE-2020-36223

A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：18 | 回复：0