CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2020-15938

When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the FortiGate in version below 6.2.5 and below 6.4.2 on port 80/443, it is not redirected to the transparent proxy policy for process ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：46 | 回复：0
CVE-2021-22128

An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：61 | 回复：0
CVE-2021-23126

An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function within the process of generating the 2FA secret.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：47 | 回复：0
CVE-2021-23127

An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：44 | 回复：0
CVE-2021-23128

An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core shipped but unused randval implementation within FOF (FOFEncryptRandval) used an potential insecure implemetation. That has now been r ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：52 | 回复：0
CVE-2021-23129

An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of messages showed to users that could lead to xss issues.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：53 | 回复：0
CVE-2021-23130

An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of feed fields could lead to xss issues.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：46 | 回复：0
CVE-2021-23131

An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input validation within the template manager.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：49 | 回复：0
CVE-2021-23132

An issue was discovered in Joomla! 3.0.0 through 3.9.24. com_media allowed paths that are not intended for image uploads……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：40 | 回复：0
CVE-2021-26027

An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL checks could allow unauthorized change of the category for an article.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：48 | 回复：0
CVE-2021-26028

An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an specifilcy crafted zip package could write files outside of the intended path.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：46 | 回复：0
CVE-2021-26029

An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate filtering of form contents could allow to overwrite the author field.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：41 | 回复：0
CVE-2021-27217

An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message receive ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：53 | 回复：0
CVE-2020-4856

IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potent ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：74 | 回复：0
CVE-2020-4857

IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potent ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：47 | 回复：0
CVE-2020-4863

IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potent ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：43 | 回复：0
CVE-2020-4866

IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially l ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：56 | 回复：0
CVE-2020-4975

IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially l ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：54 | 回复：0
CVE-2021-20340

IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially l ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：68 | 回复：0
CVE-2021-20350

IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially l ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：52 | 回复：0
CVE-2021-20351

IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially l ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：52 | 回复：0
CVE-2020-28601

A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：55 | 回复：0
CVE-2020-28636

A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh-tw ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：53 | 回复：0
CVE-2020-35628

A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh-in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：57 | 回复：0
CVE-2020-35636

A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh-volume() OOB read. A specially craft ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：60 | 回复：0
CVE-2020-8298

fs-path node module before 0.0.25 is vulnerable to command injection by way of user-supplied inputs via the `copy`, `copySync`, `remove`, and `removeSync` methods.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：58 | 回复：0
CVE-2021-24031

In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output fi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：64 | 回复：0
CVE-2021-24032

Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：50 | 回复：0
CVE-2021-25331

Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen in specific condition.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：37 | 回复：0
CVE-2021-25332

Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to contacts information over the lockscreen in specific condition.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：34 | 回复：0
CVE-2021-25333

Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen via scanning specific QR code.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：42 | 回复：0
CVE-2021-25334

Improper input check in wallpaper service in Samsung mobile devices prior to SMR Feb-2021 Release 1 allows untrusted application to cause permanent denial of service.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：37 | 回复：0
CVE-2021-25335

Improper lockscreen status check in cocktailbar service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows unauthenticated users to access hidden notification contents over the lockscree ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：51 | 回复：0
CVE-2021-25336

Improper access control in NotificationManagerService in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to acquire notification access via sending a crafted malic ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：47 | 回复：0
CVE-2021-25337

Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：60 | 回复：0
CVE-2021-25338

Improper memory access control in RKP in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to write certain part of RKP EL2 memory region.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：65 | 回复：0
CVE-2021-25339

Improper address validation in HArx in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to corrupt EL2 memory.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：50 | 回复：0
CVE-2021-26293

An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow directory traversal to create new files (such as an executable file under the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：67 | 回复：0
CVE-2021-26988

Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 and 9.8 are susceptible to a vulnerability which could allow unauthorized tenant users to discover information related to convertin ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：58 | 回复：0
CVE-2021-26989

Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P9 and 9.8 are susceptible to a vulnerability which could allow a remote authenticated attacker to cause a Denial of Service (DoS) on ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:41 | 阅读：54 | 回复：0