CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-25176

An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：27 | 回复：0
CVE-2021-25177

An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Confusion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, pote ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：24 | 回复：0
CVE-2021-25178

An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A stack-based buffer overflow vulnerability exists when the recover operation is run with malformed .DXF and .DWG files. Th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：23 | 回复：0
CVE-2020-28473

The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：34 | 回复：0
CVE-2020-28476

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-23336. Reason: This candidate is a reservation duplicate of CVE-2021-23336. Notes: All CVE users should reference CVE-2021-23336 ins ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：31 | 回复：0
CVE-2020-7343

Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：36 | 回复：0
CVE-2020-36192

An issue was discovered in the Source Integration plugin before 2.4.1 for MantisBT. An attacker can gain access to the Summary field of private Issues (either marked as Private, or part of a private P ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：32 | 回复：0
CVE-2020-36193

Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：31 | 回复：0
CVE-2020-29450

Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the avatar upload fe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：38 | 回复：0
CVE-2021-20619

Cross-site scripting vulnerability in GROWI (v4.2 Series) versions prior to v4.2.3 allows remote attackers to inject an arbitrary script via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：44 | 回复：0
CVE-2021-3177

Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrus ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：31 | 回复：0
CVE-2021-3178

** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：41 | 回复：0
CVE-2021-22850

HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：33 | 回复：0
CVE-2021-22851

HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (document management page) to obtain database schema and data.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：26 | 回复：0
CVE-2021-22852

HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (online registration) to obtain database schema and data.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：24 | 回复：0
CVE-2020-28472

This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSh ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：37 | 回复：0
CVE-2020-28477

This affects all versions of package immer.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：41 | 回复：0
CVE-2020-28478

This affects the package gsap before 3.6.0.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：39 | 回复：0
CVE-2020-20950

Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher's oracle ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：23 | 回复：0
CVE-2020-23522

Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：30 | 回复：0
CVE-2020-23342

A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：25 | 回复：0
CVE-2020-35128

Mautic before 3.2.4 is affected by stored XSS. An attacker with permission to manage companies, an application feature, could attack other users, including administrators. For example, by loading an e ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：26 | 回复：0
CVE-2020-35129

Mautic before 3.2.4 is affected by stored XSS. An attacker with access to Social Monitoring, an application feature, could attack other users, including administrators. For example, an attacker could ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：26 | 回复：0
CVE-2020-28479

The package jointjs before 3.3.0 are vulnerable to Denial of Service (DoS) via the unsetByPath function.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：27 | 回复：0
CVE-2020-28480

The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath (https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath). The path used the access the objec ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：22 | 回复：0
CVE-2020-28481

The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：33 | 回复：0
CVE-2020-28482

This affects the package fastify-csrf before 3.0.0. 1. The generated cookie used insecure defaults, and did not have the httpOnly flag on: cookieOpts: { path: '/', sameSite: true } 2. The CSRF ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：27 | 回复：0
CVE-2021-3181

rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields ( ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：34 | 回复：0
CVE-2021-3182

** UNSUPPORTED WHEN ASSIGNED ** D-Link DCS-5220 devices have a buffer overflow. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：26 | 回复：0
CVE-2021-3183

Files.com Fat Client 3.3.6 allows authentication bypass because the client continues to have access after a logout and a removal of a login profile.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：41 | 回复：0
CVE-2020-27733

Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：28 | 回复：0
CVE-2020-4871

IBM Planning Analytics 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 190834.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：22 | 回复：0
CVE-2020-4873

IBM Planning Analytics 2.0 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. IBM X-Force ID: 190836.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：46 | 回复：0
CVE-2020-4881

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the lack of server hostname verification for SSL/TLS communication. By sending a specially-crafted r ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：35 | 回复：0
CVE-2021-22498

XML External Entity Injection vulnerability in Micro Focus Application Lifecycle Management (Previously known as Quality Center) product. The vulnerability affects versions 12.x, 12.60 Patch 5 and ear ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：23 | 回复：0
CVE-2021-25323

The default setting of MISP 2.4.136 did not enable the requirements (aka require_password_confirmation) to provide the previous password when changing a password.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：22 | 回复：0
CVE-2021-25324

MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：36 | 回复：0
CVE-2021-25325

MISP 2.4.136 has XSS via galaxy cluster element values to app/View/GalaxyElements/ajax/index.ctp. Reference types could contain javascript: URLs.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：26 | 回复：0
CVE-2021-3184

MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global_menu.ctp user homepage favourite button.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：28 | 回复：0
CVE-2020-27270

SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communication protocol of the insulin pump AnyDana-i,AnyDana-A mobile apps doesnt use adequate measures to protect encryption keys in trans ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：43 | 回复：0