CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2020-4831

IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 189965.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：48 | 回复：0
CVE-2021-21366

xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespac ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：54 | 回复：0
CVE-2021-21367

Switchboard Bluetooth Plug for elementary OS from version 2.3.0 and before version version 2.3.5 has an incorrect authorization vulnerability. When the Bluetooth plug is running (in discoverable mode) ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：66 | 回复：0
CVE-2021-21368

msgpack5 is a msgpack v5 implementation for node.js and the browser. In msgpack5 before versions 3.6.1, 4.5.1, and 5.2.1 there is a Prototype Poisoning vulnerability. When msgpack5 decodes a map conta ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：67 | 回复：0
CVE-2021-21379

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform, the `{{wikimacrocontent}}` executes the content with th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：52 | 回复：0
CVE-2021-20231

A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：73 | 回复：0
CVE-2021-20232

A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：47 | 回复：0
CVE-2021-21056

Adobe Framemaker version 2020.0.1 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：62 | 回复：0
CVE-2021-21067

Adobe Photoshop versions 21.2.5 (and earlier) and 22.2 (and earlier) are affected by an Out-of-bounds Write vulnerability in the CoolType library. An unauthenticated attacker could leverage this vulne ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：66 | 回复：0
CVE-2021-21068

Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a file handling vulnerability that could allow an attacker to cause arbitrary file overwriting. Exploitation of this i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：65 | 回复：0
CVE-2021-21069

Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a local privilege escalation vulnerability that could allow an attacker to call functions against the installer to per ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：47 | 回复：0
CVE-2021-21071

Adobe Animate version 21.0.3 (and earlier) is affected by a Memory Corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：49 | 回复：0
CVE-2021-21072

Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：62 | 回复：0
CVE-2021-21073

Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：68 | 回复：0
CVE-2021-21074

Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：48 | 回复：0
CVE-2021-21075

Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：51 | 回复：0
CVE-2021-21076

Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：61 | 回复：0
CVE-2021-21077

Adobe Animate version 21.0.3 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：46 | 回复：0
CVE-2021-21078

Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by an Unquoted Service Path vulnerability in CCXProcess that could allow an attacker to achieve arbitrary code execution ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：56 | 回复：0
CVE-2021-21079

Adobe Connect version 11.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious JavaScript content that ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：45 | 回复：0
CVE-2021-21080

Adobe Connect version 11.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious JavaScript content that ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：49 | 回复：0
CVE-2021-21082

Adobe Photoshop versions 21.2.5 (and earlier) and 22.2 (and earlier) are affected by a Memory Corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：41 | 回复：0
CVE-2021-21085

Adobe Connect version 11.0.7 (and earlier) is affected by an Input Validation vulnerability in the export feature. An attacker could exploit this vulnerability by injecting a payload into an online ev ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：42 | 回复：0
CVE-2021-21726

Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges ca ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：53 | 回复：0
CVE-2021-21518

Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x con ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：67 | 回复：0
CVE-2021-27290

ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial o ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：52 | 回复：0
CVE-2021-28092

The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service (ReDoS). If an attacker provides a malicious string, is-svg will ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：62 | 回复：0
CVE-2021-28161

In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：52 | 回复：0
CVE-2021-28162

In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：57 | 回复：0
CVE-2021-20017

A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a 'nobody' user. This vulnerability impacts SMA100 version 1 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：58 | 回复：0
CVE-2021-20018

A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlie ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：57 | 回复：0
CVE-2020-35682

Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：59 | 回复：0
CVE-2021-28361

An issue was discovered in Storage Performance Development Kit (SPDK) before 20.01.01. If a PDU is sent to the iSCSI target with a zero length (but data is expected), the iSCSI target can crash with a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：43 | 回复：0
CVE-2021-28373

The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch fo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：63 | 回复：0
CVE-2021-28374

The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：45 | 回复：0
CVE-2021-28375

An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：48 | 回复：0
CVE-2021-28378

Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：40 | 回复：0
CVE-2021-28379

web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：42 | 回复：0
CVE-2021-27576

If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. This issue was addressed in Apache OpenMeetings 6.0.0……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：51 | 回复：0
CVE-2020-35358

DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On changing a password, both sessions using the changed password and old sessions in any other browser or d ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：54 | 回复：0