CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2020-14343

A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：35 | 回复：0
CVE-2021-21444

SAP Business Objects BI Platform, versions - 410, 420, 430, allows multiple X-Frame-Options headers entries in the response headers, which may not be predictably treated by all user agents. This could ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：36 | 回复：0
CVE-2021-21472

SAP Software Provisioning Manager 1.0 (SAP NetWeaver Master Data Management Server 7.1) does not have an option to set password during its installation, this allows an authenticated attacker to perfor ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：59 | 回复：0
CVE-2021-21474

SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who manages to obtain an MD5-digest signed SAML Assertion issued for an SAP HANA instance might be able to tamp ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：42 | 回复：0
CVE-2021-21475

Under specific circumstances SAP Master Data Management, versions - 710, 710.750, allows an unauthorized attacker to exploit insufficient validation of path information provided by users, thus charact ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：37 | 回复：0
CVE-2021-21476

SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1 allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：39 | 回复：0
CVE-2021-21477

SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certain users with required privileges to edit drools rules, an authenticated attacker with this privilege will be able to inject malic ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：19 | 回复：0
CVE-2021-21478

SAP Web Dynpro ABAP allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：22 | 回复：0
CVE-2021-21479

In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：24 | 回复：0
CVE-2020-26191

Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain a privilege escalation vulnerability. A user with ISI_PRIV_JOB_ENGINE may use the PermissionRepair job to grant themselves the highest level of ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：27 | 回复：0
CVE-2020-26192

Dell EMC PowerScale OneFS versions 8.2.0 - 9.1.0 contain a privilege escalation vulnerability. A non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH may potentially exploit this vu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：28 | 回复：0
CVE-2020-26193

Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain an improper input validation vulnerability. A user with the ISI_PRIV_CLUSTER privilege may exploit this vulnerability, leading to the execution ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：27 | 回复：0
CVE-2020-26194

Dell EMC PowerScale OneFS versions 8.1.2 and 8.2.2 contain an Incorrect Permission Assignment for a Critical Resource vulnerability. This may allow a non-admin user with either ISI_PRIV_LOGIN_CONSOLE ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：29 | 回复：0
CVE-2020-26195

Dell EMC PowerScale OneFS versions 8.1.2 – 9.1.0 contain an issue where the OneFS SMB directory auto-create may erroneously create a directory for a user. A remote unauthenticated attacker may take a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：22 | 回复：0
CVE-2020-26196

Dell EMC PowerScale OneFS versions 8.1.0-9.1.0 contain a Backup/Restore Privilege implementation issue. A user with the BackupAdmin role may potentially exploit this vulnerability resulting in the abi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：26 | 回复：0
CVE-2020-35125

A cross-site scripting (XSS) vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mautic (a different attack method than CVE-2020-351 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：29 | 回复：0
CVE-2021-21502

Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a use of SSH key past account expiration vulnerability. A user on the network with the ISI_PRIV_AUTH_SSH RBAC privilege that has an expired accoun ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：21 | 回复：0
CVE-2021-26951

An issue was discovered in the calamine crate before 0.17.0 for Rust. It allows attackers to overwrite heap-memory locations because Vec::set_len is used without proper memory claiming, and this unini ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：45 | 回复：0
CVE-2021-26952

An issue was discovered in the ms3d crate before 0.1.3 for Rust. It might allow attackers to obtain sensitive information from uninitialized memory locations via IoReader::read.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：34 | 回复：0
CVE-2021-26953

An issue was discovered in the postscript crate before 0.14.0 for Rust. It might allow attackers to obtain sensitive information from uninitialized memory locations via a user-provided Read implementa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：30 | 回复：0
CVE-2021-26954

An issue was discovered in the qwutils crate before 0.3.1 for Rust. When a Clone panic occurs, insert_slice_clone can perform a double drop.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：42 | 回复：0
CVE-2021-26955

An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because xcb::xproto::GetAtomNameReply::name() calls std::str::from_utf8_unchecked() on unvalidated by ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：35 | 回复：0
CVE-2021-26956

An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because bytes from an X server can be interpreted as any data type returned by xcb::xproto::GetProper ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：30 | 回复：0
CVE-2021-26957

An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because there is an out-of-bounds read in xcb::xproto::change_property(), as demonstrated by a format ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：23 | 回复：0
CVE-2021-26958

An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because transmutation to the wrong type can happen after xcb::base::cast_event uses std::mem::transmu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：19 | 回复：0
CVE-2021-26959

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-21299. Reason: This candidate is a duplicate of CVE-2021-21299. Notes: All CVE users should reference CVE-2021-21299 instead of this ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：23 | 回复：0
CVE-2020-28870

In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/form_personalization/json_fp.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：26 | 回复：0
CVE-2020-28871

Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：28 | 回复：0
CVE-2020-36244

The daemon in GENIVI diagnostic log and trace (DLT), is vulnerable to a heap-based buffer overflow that could allow an attacker to remotely execute arbitrary code on the DLT-Daemon (versions prior to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：27 | 回复：0
CVE-2021-20654

Wekan, open source kanban board system, between version 3.12 and 4.11, is vulnerable to multiple stored cross-site scripting. This is named 'Fieldbleed' in the vendor's site.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：33 | 回复：0
CVE-2021-23878

Clear text storage of sensitive Information in memory vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local user to view ENS settings and cred ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：34 | 回复：0
CVE-2021-23880

Improper Access Control in attribute in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows authenticated local administrator user to perform an uninstallation of th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：38 | 回复：0
CVE-2021-23882

Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows local administrators to prevent the installation of some ENS files by pl ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：45 | 回复：0
CVE-2021-23883

A Null Pointer Dereference vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local administrator to cause Windows to crash via a specific system ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：40 | 回复：0
CVE-2021-23873

Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file deletion as the SYSTEM user potentially ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：29 | 回复：0
CVE-2021-23874

Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：29 | 回复：0
CVE-2021-23876

Bypass Remote Procedure call in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file modification as the SYSTEM user potentially ca ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：36 | 回复：0
CVE-2021-23881

A stored cross site scripting vulnerability in ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 February 2021 Update allows an ENS ePO administrator to add a script to a policy event wh ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：40 | 回复：0
CVE-2020-29171

Cross-site scripting (XSS) vulnerability in admin/wp-security-blacklist-menu.php in the Tips and Tricks HQ All In One WP Security Firewall (all-in-one-wp-security-and-firewall) plugin before 4.4.6 fo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：27 | 回复：0
CVE-2020-24837

An integer underflow has been found in the latest version of ZCFees. The variables 'currPeriodIdx' and 'lastPeriodExecIdx' are both unsigned integers, and the result of the minus opera ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：35 | 回复：0