CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-27584

When a user opens manipulated PhotoShop Document (.PSD) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unava ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：39 | 回复：0
CVE-2021-27585

When a user opens manipulated Computer Graphics Metafile (.CGM) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporari ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：50 | 回复：0
CVE-2021-27586

When a user opens manipulated Interchange File Format (.IFF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：55 | 回复：0
CVE-2021-27587

When a user opens manipulated Jupiter Tessellation (.JT) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unav ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：52 | 回复：0
CVE-2021-27588

When a user opens manipulated HPGL format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user un ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：28 | 回复：0
CVE-2021-27589

When a user opens manipulated Scalable Vector Graphics (.SVG) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：36 | 回复：0
CVE-2021-27590

When a user opens manipulated Tag Image File Format (.TIFF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily u ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：36 | 回复：0
CVE-2021-27591

When a user opens manipulated Portable Document Format (.PDF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：30 | 回复：0
CVE-2021-27592

When a user opens manipulated Universal 3D (.U3D) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user unti ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：48 | 回复：0
CVE-2020-35451

There is a race condition in OozieSharelibCLI in Apache Oozie before version 5.2.1 which allows a malicious attacker to replace the files in Oozie's sharelib during it's creation.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：45 | 回复：0
CVE-2020-8356

An internal product security audit of LXCO, prior to version 1.2.2, discovered that optional passwords, if specified, for the Syslog and SMTP forwarders are written to an internal LXCO log file in cle ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：38 | 回复：0
CVE-2020-8357

A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.200.2042, that could allow configuration files to be written to non-standard locations.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：54 | 回复：0
CVE-2021-3417

An internal product security audit of LXCO, prior to version 1.2.2, discovered that credentials for Lenovo XClarity Administrator (LXCA), if added as a Resource Manager, are encoded then written to an ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：39 | 回复：0
CVE-2020-28150

I-Net Software Clear Reports 20.10.136 web application accepts a user-controlled input that specifies a link to an external site, and uses the user supplied data in a Redirect.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：49 | 回复：0
CVE-2021-20241

A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The high ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：42 | 回复：0
CVE-2021-20243

A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. T ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：38 | 回复：0
CVE-2021-20253

A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an attacker to elevate the privilege from a low privileged user to the awx user from outside ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：24 | 回复：0
CVE-2021-20262

A flaw was found in Keycloak 12.0.0 where re-authentication does not occur while updating the password. This flaw allows an attacker to take over an account if they can obtain temporary, physical acce ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：33 | 回复：0
CVE-2021-20263

A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file wr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：26 | 回复：0
CVE-2021-20268

An out-of-bounds access flaw was found in the Linux kernel's implementation of the eBPF code verifier in the way a user running the eBPF script calls dev_map_init_map or sock_map_alloc. This flaw ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：39 | 回复：0
CVE-2021-21159

Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：35 | 回复：0
CVE-2021-21160

Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：29 | 回复：0
CVE-2021-21161

Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：36 | 回复：0
CVE-2021-21162

Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：41 | 回复：0
CVE-2021-21163

Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page and a malicious server.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：57 | 回复：0
CVE-2021-21164

Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：32 | 回复：0
CVE-2021-21165

Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：46 | 回复：0
CVE-2021-21166

Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：35 | 回复：0
CVE-2021-21167

Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：32 | 回复：0
CVE-2021-21168

Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：34 | 回复：0
CVE-2021-21169

Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：49 | 回复：0
CVE-2021-21170

Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted H ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：39 | 回复：0
CVE-2021-21171

Incorrect security UI in TabStrip and Navigation in Google Chrome on Android prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：49 | 回复：0
CVE-2021-21172

Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：34 | 回复：0
CVE-2021-21173

Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：41 | 回复：0
CVE-2021-21174

Inappropriate implementation in Referrer in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：45 | 回复：0
CVE-2021-21175

Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：48 | 回复：0
CVE-2021-1147

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary comma ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：49 | 回复：0
CVE-2021-1148

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary comma ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：54 | 回复：0
CVE-2021-1149

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary comma ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:43 | 阅读：38 | 回复：0