CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-25347

Hijacking vulnerability in Samsung Email application version prior to SMR Feb-2021 Release 1 allows attackers to intercept when the provider is executed.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：41 | 回复：0
CVE-2021-25348

Improper permission grant check in Samsung Internet prior to version 13.0.1.60 allows access to files in internal storage without authorized STORAGE permission.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：54 | 回复：0
CVE-2021-3403

In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：57 | 回复：0
CVE-2021-3404

In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a cr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：67 | 回复：0
CVE-2019-18630

On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, portions of the drive containing executable co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：56 | 回复：0
CVE-2021-27314

SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：50 | 回复：0
CVE-2019-18351

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-18790. Reason: This candidate is a duplicate of CVE-2019-18790. Notes: All CVE users should reference CVE-2019-18790 instead of this ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：62 | 回复：0
CVE-2021-27963

SonLogger before 6.4.1 is affected by user creation with any user permissions profile (e.g., SuperAdmin). An anonymous user can send a POST request to /User/saveUser without any authentication or sess ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：77 | 回复：0
CVE-2021-27964

SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Config/SaveUploadedHotspotLogoFile without any authentication or session header. Th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：53 | 回复：0
CVE-2021-27965

The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center before 2.0.98.0 has a buffer overflow that allows privilege escalation via a crafted 0x80102040, 0x80102044, 0x80102050, or 0x80102054 IOC ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：63 | 回复：0
CVE-2020-36255

An issue was discovered in IdentityModel (aka ScottBrady.IdentityModel) before 1.3.0. The Branca implementation allows an attacker to modify and forge authentication tokens.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：53 | 回复：0
CVE-2020-5148

SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：33 | 回复：0
CVE-2019-25025

The activerecord-session_store (aka Active Record Session Store) component through 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed ses ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：34 | 回复：0
CVE-2020-29658

Zoho ManageEngine Application Control Plus before 100523 has an insecure SSL configuration setting for Nginx, leading to Privilege Escalation.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：35 | 回复：0
CVE-2021-25313

A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rancher allows remote attackers to execute JavaScript via malicious links. This issue af ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：42 | 回复：0
CVE-2021-28027

An issue was discovered in the bam crate before 0.1.3 for Rust. There is an integer underflow and out-of-bounds write during the loading of a bgzip block.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：39 | 回复：0
CVE-2021-28028

An issue was discovered in the toodee crate before 0.3.0 for Rust. Row insertion can cause a double free upon an iterator panic.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：50 | 回复：0
CVE-2021-28029

An issue was discovered in the toodee crate before 0.3.0 for Rust. The row-insertion feature allows attackers to read the contents of uninitialized memory locations.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：39 | 回复：0
CVE-2021-28030

An issue was discovered in the truetype crate before 0.30.1 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation within Tape::take_bytes.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：42 | 回复：0
CVE-2021-28031

An issue was discovered in the scratchpad crate before 1.3.1 for Rust. The move_elements function can have a double-free upon a panic in a user-provided f function.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：43 | 回复：0
CVE-2021-28032

An issue was discovered in the nano_arena crate before 0.5.2 for Rust. There is an aliasing violation in split_at because two mutable references can exist for the same element, if BorrowIdx behaves in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：36 | 回复：0
CVE-2021-28033

An issue was discovered in the byte_struct crate before 0.6.1 for Rust. There can be a drop of uninitialized memory if a certain deserialization method panics.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：41 | 回复：0
CVE-2021-28034

An issue was discovered in the stack_dst crate before 0.6.1 for Rust. Because of the push_inner behavior, a double free can occur upon a val.clone() panic.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：35 | 回复：0
CVE-2021-28035

An issue was discovered in the stack_dst crate before 0.6.1 for Rust. Because of the push_inner behavior, a drop of uninitialized memory can occur upon a val.clone() panic.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：50 | 回复：0
CVE-2021-28036

An issue was discovered in the quinn crate before 0.7.0 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::SocketA ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：60 | 回复：0
CVE-2021-28037

An issue was discovered in the internment crate before 0.4.2 for Rust. There is a data race that can cause memory corruption because of the unconditional implementation of Sync for InternT.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：57 | 回复：0
CVE-2021-20663

Cross-site scripting vulnerability in in Role authority setting screen of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：49 | 回复：0
CVE-2021-20664

Cross-site scripting vulnerability in in Asset registration screen of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Ser ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：46 | 回复：0
CVE-2021-20665

Cross-site scripting vulnerability in in Add asset screen of Contents field of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advan ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：49 | 回复：0
CVE-2021-27907

Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：54 | 回复：0
CVE-2021-28026

jpeg-xl v0.3.2 is affected by a heap buffer overflow in /lib/jxl/coeff_order.cc ReadPermutation. When decoding a malicous jxl file using djxl, an attacker can trigger arbitrary code execution or a den ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：48 | 回复：0
CVE-2020-29134

The TOTVS Fluig platform allows path traversal through the parameter file = .. / encoded in base64. This affects all versions Fluig Lake 1.7.0, Fluig 1.6.5 and Fluig 1.6.4……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：33 | 回复：0
CVE-2021-26960

A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based man ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：44 | 回复：0
CVE-2021-26961

A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based man ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：50 | 回复：0
CVE-2021-26962

A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remot ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：46 | 回复：0
CVE-2020-28050

Zoho ManageEngine Desktop Central before build 10.0.647 allows a single authentication secret from multiple agents to communicate with the server.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：58 | 回复：0
CVE-2020-29032

Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authenticated attacker to execute malicious code on server. This issue affects: Secomea GateManag ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：65 | 回复：0
CVE-2020-35594

Zoho ManageEngine ADManager Plus before 7066 allows XSS.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：51 | 回复：0
CVE-2021-21725

A ZTE product has an information leak vulnerability. An attacker with higher authority can go beyond their authority to access files in other directories by performing specific operations, resulting i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：54 | 回复：0
CVE-2021-26963

A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remot ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:42 | 阅读：56 | 回复：0