CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2020-36224

A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：29 | 回复：0
CVE-2020-36225

A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：17 | 回复：0
CVE-2020-36226

A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch-bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：18 | 回复：0
CVE-2020-36227

A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：20 | 回复：0
CVE-2020-36228

An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：11 | 回复：0
CVE-2020-36229

A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：19 | 回复：0
CVE-2020-36230

A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：21 | 回复：0
CVE-2020-5429

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：9 | 回复：0
CVE-2020-5430

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：13 | 回复：0
CVE-2020-5431

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：41 | 回复：0
CVE-2020-5432

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：19 | 回复：0
CVE-2020-5433

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：21 | 回复：0
CVE-2020-5434

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：17 | 回复：0
CVE-2020-5435

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：19 | 回复：0
CVE-2020-5436

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：24 | 回复：0
CVE-2020-5437

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：15 | 回复：0
CVE-2020-5438

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：17 | 回复：0
CVE-2020-5439

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：15 | 回复：0
CVE-2020-5440

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：22 | 回复：0
CVE-2021-26560

Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：32 | 回复：0
CVE-2021-26561

Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_ ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：40 | 回复：0
CVE-2021-26562

Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTT ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：25 | 回复：0
CVE-2021-26563

Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：22 | 回复：0
CVE-2021-26564

Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：28 | 回复：0
CVE-2021-26565

Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive informatio ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：19 | 回复：0
CVE-2021-26566

Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary command ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：40 | 回复：0
CVE-2021-26567

Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：27 | 回复：0
CVE-2021-27799

ean_leading_zeroes in backend/upcean.c in Zint Barcode Generator 2.9.1 has a stack-based buffer overflow that is reachable from the C API through an application that includes the Zint Barcode Generato ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：22 | 回复：0
CVE-2020-27618

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：15 | 回复：0
CVE-2020-36079

** DISPUTED ** Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. The attacker must navigate to the uploader plugin, check the elFinder box, a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：30 | 回复：0
CVE-2021-27198

An issue was discovered in Visualware MyConnection Server before v11.1a. Unauthenticated Remote Code Execution can occur via Arbitrary File Upload in the web service when using a myspeed/sf?filename= ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：29 | 回复：0
CVE-2021-27803

A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potent ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：31 | 回复：0
CVE-2019-25020

An issue was discovered in Scytl sVote 2.1. Because the sdm-ws-rest API does not require authentication, an attacker can retrieve the administrative configuration by sending a POST request to the /sdm ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：19 | 回复：0
CVE-2019-25021

An issue was discovered in Scytl sVote 2.1. Due to the implementation of the database manager, an attacker can access the OrientDB by providing admin as the admin password. A different password cannot ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：29 | 回复：0
CVE-2019-25022

An issue was discovered in Scytl sVote 2.1. An attacker can inject code that gets executed by creating an election-event and injecting a payload over an event alias, because the application calls Runt ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：28 | 回复：0
CVE-2019-25023

An issue was discovered in Scytl sVote 2.1. Because the IP address from an X-Forwarded-For header (which can be manipulated client-side) is used for the internal application logs, an attacker can inje ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：37 | 回复：0
CVE-2020-28243

An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by an ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：28 | 回复：0
CVE-2020-28972

In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：27 | 回复：0
CVE-2020-35662

In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：31 | 回复：0
CVE-2021-25281

An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the maste ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：41 | 回复：0