CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-21190

Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：109 | 回复：0
CVE-2021-21369

Hyperledger Besu is an open-source, MainNet compatible, Ethereum client written in Java. In Besu before version 1.5.1 there is a denial-of-service vulnerability involving the HTTP JSON-RPC API service ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：88 | 回复：0
CVE-2020-27225

In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue ac ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：84 | 回复：0
CVE-2021-20244

A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：93 | 回复：0
CVE-2021-20245

A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The hig ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：83 | 回复：0
CVE-2021-20246

A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：90 | 回复：0
CVE-2021-21295

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers clients. In Netty (io.netty:netty-codec-http2) ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：97 | 回复：0
CVE-2021-23352

This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image(), .svg() or .dot() functions are called, is e ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：81 | 回复：0
CVE-2021-23353

This affects the package jspdf before 2.3.1. ReDoS is possible via the addImage function.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：98 | 回复：0
CVE-2020-28952

An issue was discovered on Athom Homey and Homey Pro devices before 5.0.0. ZigBee hub devices should generate a unique Standard Network Key that is then exchanged with all enrolled devices so that all ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：87 | 回复：0
CVE-2020-35521

A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：80 | 回复：0
CVE-2020-35522

In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：85 | 回复：0
CVE-2020-35523

An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：84 | 回复：0
CVE-2020-35524

A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：77 | 回复：0
CVE-2021-20255

A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. Th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：82 | 回复：0
CVE-2021-21300

Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：78 | 回复：0
CVE-2021-3411

A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state. The highest threat from this vulnerabilit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：104 | 回复：0
CVE-2021-23273

The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a v ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：73 | 回复：0
CVE-2021-28115

The OUGC Feedback plugin before 1.8.23 for MyBB allows XSS via the comment field of feedback during an edit operation.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：75 | 回复：0
CVE-2021-28116

Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for rem ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：75 | 回复：0
CVE-2021-28119

Twinkle Tray (aka twinkle-tray) through 1.13.3 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：69 | 回复：0
CVE-2020-29238

An integer buffer overflow in the Nginx webserver of ExpressVPN Router version 1 allows remote attackers to obtain sensitive information when the server running as reverse proxy via specially crafted ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：72 | 回复：0
CVE-2021-3310

Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbolic Link Following on SMB and AFP shares. This can lead to code execution and information disclosure (by reading local files).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：87 | 回复：0
CVE-2020-13936

An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This appli ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：70 | 回复：0
CVE-2020-13959

The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：69 | 回复：0
CVE-2021-20667

Stored cross-site scripting vulnerability due to inadequate CSP (Content Security Policy) configuration in GROWI versions v4.2.2 and earlier allows remote authenticated attackers to inject an arbitrar ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：81 | 回复：0
CVE-2021-20668

Path traversal vulnerability in GROWI versions v4.2.2 and earlier allows an attacker with administrator rights to read an arbitrary path via a specially crafted URL.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：71 | 回复：0
CVE-2021-20669

Path traversal vulnerability in GROWI versions v4.2.2 and earlier allows an attacker with administrator rights to read and/or delete an arbitrary path via a specially crafted URL.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：72 | 回复：0
CVE-2021-20670

Improper access control vulnerability in GROWI versions v4.2.2 and earlier allows a remote unauthenticated attacker to read the user's personal information and/or server's internal information ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：79 | 回复：0
CVE-2021-20671

Invalid file validation on the upload feature in GROWI versions v4.2.2 allows a remote attacker with administrative privilege to overwrite the files on the server, which may lead to arbitrary code exe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：89 | 回复：0
CVE-2021-20672

Reflected cross-site scripting vulnerability due to insufficient verification of URL query parameters in GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote attackers to inject an arbitra ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：94 | 回复：0
CVE-2021-20673

Stored cross-site scripting vulnerability in Admin Page of GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote authenticated attackers to inject an arbitrary script via unspecified vector ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：95 | 回复：0
CVE-2021-28007

Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in register.php through the name parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：59 | 回复：0
CVE-2020-23721

An issue was discovered in FUEL CMS V1.4.7. An attacker can use a XSS payload and bypass a filter via /fuelCM/fuel/pages/edit/1?lang=english.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：65 | 回复：0
CVE-2020-23722

An issue was discovered in FUEL CMS 1.4.7. There is a escalation of privilege vulnerability to obtain super admin privilege via the id and fuel_id parameters.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：92 | 回复：0
CVE-2020-24791

FUEL CMS 1.4.8 allows SQL injection via the 'fuel_replace_id' parameter in pages/replace/1. Exploiting this issue could allow an attacker to compromise the application, access or modify data, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：61 | 回复：0
CVE-2020-28705

FUEL CMS 1.4.13 contains a cross-site request forgery (CSRF) vulnerability that can delete a page via a post ID to /pages/delete/3.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：81 | 回复：0
CVE-2021-3224

A stored cross-site scripting (XSS) vulnerability in cszcms 1.2.9 exists in /admin/pages/new via the content parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：80 | 回复：0
CVE-2020-35752

Baby Care System 1.0 is affected by a cross-site scripting (XSS) vulnerability in the Edit Page tab through the Post title parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：86 | 回复：0
CVE-2020-4717

A vulnerability exists in IBM SPSS Modeler Subscription Installer that allows a user with create symbolic link permission to write arbitrary file in another protected path during product installation. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：86 | 回复：0