CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-3025

Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injection via the Downloads REST API (the sortDir parameter in a sortBy=popular action to the GETindex() method in applications/downloa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：56 | 回复：0
CVE-2020-28468

This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code exe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：59 | 回复：0
CVE-2020-7784

This affects all versions of package ts-process-promises. The injection point is located in line 45 in main entry of package in lib/process-promises.js. The vulnerability is demonstrated with the foll ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：69 | 回复：0
CVE-2020-7794

This affects all versions of package buns. The injection point is located in line 678 in index file lib/index.js in the exported function install(requestedModule).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：48 | 回复：0
CVE-2020-4606

IBM Security Verify Privilege Manager 10.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A local attacker could exploit this vulnerability to expose sensitiv ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：61 | 回复：0
CVE-2020-4663

IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the int ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：64 | 回复：0
CVE-2020-4664

IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the int ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：48 | 回复：0
CVE-2020-4666

IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the int ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：52 | 回复：0
CVE-2020-4667

IBM Engineering Requirements Quality Assistant On-Premises could allow an authenticated user to obtain sensitive information due to improper input validation. IBM X-Force ID: 186282.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：73 | 回复：0
CVE-2021-1057

NVIDIA Virtual GPU Manager NVIDIA vGPU manager contains a vulnerability in the vGPU plugin in which it allows guests to allocate some resources for which the guest is not authorized, which may lead to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：52 | 回复：0
CVE-2021-1058

NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and vGPU plugin, in which an input data size is not validated, which may lead to tampering of data or denial of service. T ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：52 | 回复：0
CVE-2021-1059

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input index is not validated, which may lead to integer overflow, which in turn may cause tampering of data, information di ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：59 | 回复：0
CVE-2021-1060

NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and vGPU plugin, in which an input index is not validated, which may lead to tampering of data or denial of service. This ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：56 | 回复：0
CVE-2021-1061

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which a race condition may cause the vGPU plugin to continue using a previously validated resource that has since changed, which may ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：61 | 回复：0
CVE-2021-1062

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input data length is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：57 | 回复：0
CVE-2021-1063

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input offset is not validated, which may lead to a buffer overread, which in turn may cause tampering of data, information ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：55 | 回复：0
CVE-2021-1064

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which it obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer, which m ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：54 | 回复：0
CVE-2021-1065

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which input data is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：63 | 回复：0
CVE-2021-1066

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which input data is not validated, which may lead to unexpected consumption of resources, which in turn may lead to denial of servic ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：59 | 回复：0
CVE-2021-3111

The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/dashboard/express/entries/view/ URI.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：54 | 回复：0
CVE-2020-27260

Innokas Yhtymä Oy Vital Signs Monitor VC150 prior to Version 1.7.15 HL7 v2.x injection vulnerabilities exist in the affected products that allow physically proximate attackers with a connected barcod ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：66 | 回复：0
CVE-2020-27262

Innokas Yhtymä Oy Vital Signs Monitor VC150 prior to Version 1.7.15 A stored cross-site scripting (XSS) vulnerability exists in the affected products that allow an attacker to inject arbitrary web sc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：61 | 回复：0
CVE-2020-5804

Marvell QConvergeConsole GUI = 5.5.0.74 is affected by a path traversal vulnerability. The deleteEventLogFile method of the GWTTestServiceImpl class lacks proper validation of a user-supplied path pri ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：39 | 回复：0
CVE-2020-5805

In Marvell QConvergeConsole GUI = 5.5.0.74, credentials are stored in cleartext in tomcat-users.xml. OS-level users on the QCC host who are not authorized to use QCC may use the plaintext credentials ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：51 | 回复：0
CVE-2020-8584

Element OS versions prior to 1.8P1 and 12.2 are susceptible to a vulnerability that could allow an unauthenticated remote attacker to perform arbitrary code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：47 | 回复：0
CVE-2020-35131

Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON dat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：59 | 回复：0
CVE-2020-17502

Barco TransForm N before 3.8 allows Command Injection (issue 2 of 4). The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：63 | 回复：0
CVE-2020-17503

The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authenticat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：45 | 回复：0
CVE-2020-17504

The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authenticat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：61 | 回复：0
CVE-2020-25678

A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：58 | 回复：0
CVE-2020-26664

A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：49 | 回复：0
CVE-2020-28208

An email address enumeration vulnerability exists in the password reset function of Rocket.Chat through 3.9.1.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：68 | 回复：0
CVE-2020-16012

Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：46 | 回复：0
CVE-2020-16013

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：40 | 回复：0
CVE-2020-16014

Use after free in PPAPI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：44 | 回复：0
CVE-2020-16015

Insufficient data validation in WASM in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：42 | 回复：0
CVE-2020-16016

Inappropriate implementation in base in Google Chrome prior to 86.0.4240.193 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HT ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：50 | 回复：0
CVE-2020-16017

Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：38 | 回复：0
CVE-2020-16018

Use after free in payments in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：43 | 回复：0
CVE-2020-16019

Inappropriate implementation in filesystem in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to bypass noexec restrictions via a mali ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：51 | 回复：0