CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-3407

A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potential consequences.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：38 | 回复：0
CVE-2021-3410

A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：44 | 回复：0
CVE-2021-20656

Exposure of information through directory listing in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain the information inside the system, such as directories a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：49 | 回复：0
CVE-2021-20657

Improper access control vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain and/or alter the setting information without the access privilege vi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：43 | 回复：0
CVE-2021-20658

SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：25 | 回复：0
CVE-2021-20659

SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：29 | 回复：0
CVE-2021-20660

Cross-site scripting vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to inject an arbitrary script via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：37 | 回复：0
CVE-2021-20661

Directory traversal vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：25 | 回复：0
CVE-2021-20662

Missing authentication for critical function in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to alter the setting information without the access privileges via unspecified vector ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：35 | 回复：0
CVE-2020-12702

Weak encryption in the Quick Pairing mode in the eWeLink mobile application (Android application V4.9.2 and earlier, iOS application V4.9.1 and earlier) allows physically proximate attackers to eavesd ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：36 | 回复：0
CVE-2021-27645

The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：35 | 回复：0
CVE-2021-3355

A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：47 | 回复：0
CVE-2020-28599

A stack-based buffer overflow vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacke ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：33 | 回复：0
CVE-2020-7846

Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads to a file download and execution via access to crafted web pag ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：40 | 回复：0
CVE-2021-21616

Jenkins Active Choices Plugin 2.5.2 and earlier does not escape reference parameter values, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：33 | 回复：0
CVE-2021-21617

A cross-site request forgery (CSRF) vulnerability in Jenkins Configuration Slicing Plugin 1.51 and earlier allows attackers to apply different slice configurations.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：36 | 回复：0
CVE-2021-21618

Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by at ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：40 | 回复：0
CVE-2021-21619

Jenkins Claim Plugin 2.18.1 and earlier does not escape the user display name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers who are able to control the displ ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：42 | 回复：0
CVE-2021-21620

A cross-site request forgery (CSRF) vulnerability in Jenkins Claim Plugin 2.18.1 and earlier allows attackers to change claims.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：39 | 回复：0
CVE-2021-21621

Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the About user (basic authentication details only) information, which can include the session ID of ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：27 | 回复：0
CVE-2020-24983

An issue was discovered in Quadbase EspressReports ES 7 Update 9. An unauthenticated attacker can create a malicious HTML file that houses a POST request made to the DashboardBuilder within the target ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：45 | 回复：0
CVE-2020-24984

An issue was discovered in Quadbase EspressReports ES 7 Update 9. It allows CSRF, whereby an attacker may be able to trick an authenticated admin level user into uploading malicious files to the web s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：49 | 回复：0
CVE-2021-28143

/jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated command injection via ping, ping6, or traceroute (under System Tools).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：58 | 回复：0
CVE-2021-28153

An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：60 | 回复：0
CVE-2021-28154

** DISPUTED ** Camunda Modeler (aka camunda-modeler) through 4.6.0 allows arbitrary file access. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, w ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：29 | 回复：0
CVE-2020-36278

Leptonica before 1.80.0 allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：35 | 回复：0
CVE-2020-36279

Leptonica before 1.80.0 allows a heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：32 | 回复：0
CVE-2020-36280

Leptonica before 1.80.0 allows a heap-based buffer over-read in pixReadFromTiffStream, related to tiffio.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：45 | 回复：0
CVE-2020-36281

Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in colorquant1.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：49 | 回复：0
CVE-2020-36282

JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 is vulnerable to unsafe deserialization that can result in code execution via crafted StreamMessage data.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：73 | 回复：0
CVE-2021-20674

Untrusted search path vulnerability in Installer of MagicConnect Client program distributed before 2021 March 1 allows an attacker to gain privileges and via a Trojan horse DLL in an unspecified direc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：45 | 回复：0
CVE-2021-26569

Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web re ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：44 | 回复：0
CVE-2021-27646

Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：53 | 回复：0
CVE-2021-27647

Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：54 | 回复：0
CVE-2021-28305

An issue was discovered in the diesel crate before 1.4.6 for Rust. There is a use-after-free in the SQLite backend because the semantics of sqlite3_column_name are not followed.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：59 | 回复：0
CVE-2021-28306

An issue was discovered in the fltk crate before 0.15.3 for Rust. There is a NULL pointer dereference during attempted use of a multi label type if the image is nonexistent.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：42 | 回复：0
CVE-2021-28307

An issue was discovered in the fltk crate before 0.15.3 for Rust. There is a NULL pointer dereference during attempted use of a non-raster image for a window icon.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：68 | 回复：0
CVE-2021-28308

An issue was discovered in the fltk crate before 0.15.3 for Rust. There is an out-of bounds read because the pixmap constructor lacks pixmap input validation.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：49 | 回复：0
CVE-2021-23354

The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string /\%(?:$(+)$|(\d*)\$)?(*)(\*|\d+)?(\.)?(\*|\d+)??()/g in lib/printf.js. The vulnera ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：54 | 回复：0
CVE-2021-28302

A stack overflow in pupnp before version 1.14.5 can cause the denial of service through the Parser_parseDocument() function. ixmlNode_free() will release a child node recursively, which will consume s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：44 | 回复：0