CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-26911

core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：15 | 回复：0
CVE-2021-27367

Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Directory Traversal.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：20 | 回复：0
CVE-2021-3396

OpenNMS Meridian 2016, 2017, 2018 before 2018.1.25, 2019 before 2019.1.16, and 2020 before 2020.1.5, Horizon 1.2 through 27.0.4, and Newts 1.5.3 has Incorrect Access Control, which allows local and re ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：18 | 回复：0
CVE-2020-36245

GramAddict through 1.2.3 allows remote attackers to execute arbitrary code because of use of UIAutomator2 and ATX-Agent. The attacker must be able to reach TCP port 7912, e.g., by being on the same Wi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：27 | 回复：0
CVE-2021-26720

avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：44 | 回复：0
CVE-2021-27374

VertiGIS WebOffice 10.7 SP1 before patch20210202 and 10.8 SP1 before patch20210207 allows attackers to achieve Zugriff auf Inhalte der WebOffice Applikation.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：17 | 回复：0
CVE-2020-8625

BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is n ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：20 | 回复：0
CVE-2021-27097

The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：18 | 回复：0
CVE-2021-27138

The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：20 | 回复：0
CVE-2020-12878

Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/pyt ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：11 | 回复：0
CVE-2020-9306

Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a Use of Hard-coded Credentials issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user acc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：15 | 回复：0
CVE-2021-27375

Traefik before 2.4.5 allows the loading of IFRAME elements from other domains.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：18 | 回复：0
CVE-2021-27124

SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0 allows an authenticated patient user to dump the database credentials via a SQL injection attack.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：22 | 回复：0
CVE-2021-27376

An issue was discovered in the nb-connect crate before 1.0.3 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::So ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：13 | 回复：0
CVE-2021-27377

An issue was discovered in the yottadb crate before 1.2.0 for Rust. For some memory-allocation patterns, ydb_subscript_next_st and ydb_subscript_prev_st have a use-after-free.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：9 | 回复：0
CVE-2021-27378

An issue was discovered in the rand_core crate before 0.6.2 for Rust. Because read_u32_into and read_u64_into mishandle certain buffer-length checks, a random number generator may be seeded with too l ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：18 | 回复：0
CVE-2020-29664

A command injection issue in dji_sys in DJI Mavic 2 Remote Controller before firmware version 01.00.0510 allows for code execution via a malicious firmware upgrade packet.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：19 | 回复：0
CVE-2020-35577

In Endalia Selection Portal before 4.205.0, an Insecure Direct Object Reference (IDOR) allows any authenticated user to download every file uploaded to the platform by changing the value of the file i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：18 | 回复：0
CVE-2019-18255

HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through section objects. This may allow privilege escalation.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：14 | 回复：0
CVE-2020-28490

The package async-git before 1.13.2 are vulnerable to Command Injection via shell meta-characters (back-ticks). For example: git.reset('atouch HACKEDb')……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：29 | 回复：0
CVE-2020-28496

This affects the package three before 0.125.0. This can happen when handling rgb or hsl colors. PoC: var three = require('three') function build_blank (n) { var ret = rgb( for (var i = 0; i n ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：18 | 回复：0
CVE-2020-4933

IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the inte ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：22 | 回复：0
CVE-2021-20354

IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：25 | 回复：0
CVE-2021-20443

IBM Maximo for Civil Infrastructure 7.6.2 includes executable functionality (such as a library) from a source that is outside of the intended control sphere. IBM X-Force ID: 196619.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：12 | 回复：0
CVE-2021-20444

IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionali ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：21 | 回复：0
CVE-2021-20445

IBM Maximo for Civil Infrastructure 7.6.2 could allow a user to obtain sensitive information due to insecure storeage of authentication credentials. IBM X-Force ID: 196621.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：22 | 回复：0
CVE-2021-21176

Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：34 | 回复：0
CVE-2021-21177

Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：41 | 回复：0
CVE-2021-21178

Inappropriate implementation in Compositing in Google Chrome on Linux and Windows prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：42 | 回复：0
CVE-2021-21179

Use after free in Network Internals in Google Chrome on Linux prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：43 | 回复：0
CVE-2021-21180

Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：44 | 回复：0
CVE-2021-21181

Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：82 | 回复：0
CVE-2021-21182

Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：88 | 回复：0
CVE-2021-21183

Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：95 | 回复：0
CVE-2021-21184

Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：93 | 回复：0
CVE-2021-21185

Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72 allowed an attacker who convinced a user to install a malicious extension to obtain sensitive information via a cra ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：87 | 回复：0
CVE-2021-21186

Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a crafte ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：83 | 回复：0
CVE-2021-21187

Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：80 | 回复：0
CVE-2021-21188

Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：77 | 回复：0
CVE-2021-21189

Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：92 | 回复：0