CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2020-8806

Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigger consensus failure and double spending. A valid chain could be incorrectly rejected because timestamp requirements on block heade ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：74 | 回复：0
CVE-2020-8807

In Electric Coin Company Zcashd before 2.1.1-1, the time offset between messages could be leveraged to obtain sensitive information about the relationship between a suspected victim's address and ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：68 | 回复：0
CVE-2021-20623

Video Insight VMS versions prior to 7.8 allows a remote attacker to execute arbitrary code with the system user privilege by sending a specially crafted request.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：56 | 回复：0
CVE-2021-20652

Cross-site request forgery (CSRF) vulnerability in Name Directory 1.17.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：50 | 回复：0
CVE-2021-26708

A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The rac ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：54 | 回复：0
CVE-2021-26710

A cross-site scripting (XSS) issue in the login panel in Redwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to inject JavaScript via the signIn.do urll parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：49 | 回复：0
CVE-2021-26711

A frame-injection issue in the online help in Redwood Report2Web 4.3.4.5 allows remote attackers to render an external resource inside a frame via the help/Online_Help/NetHelp/default.htm turl paramet ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：68 | 回复：0
CVE-2021-3311

An issue was discovered in October through build 471. It reactivates an old session ID (which had been invalid after a logout) once a new login occurs. NOTE: this violates the intended Auth/Manager.ph ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：49 | 回复：0
CVE-2021-3333

Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). When outputting SQL statements for debugging, a maliciously crafted query can trigger an XSS attack. This attack only succeeds if t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：69 | 回复：0
CVE-2020-4832

IBM PowerHA 7.2 could allow a local attacker to obtain sensitive information from temporary directories after a discovery failure occurs. IBM X-Force ID: 189969.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：51 | 回复：0
CVE-2020-18737

An issue was discovered in Typora 0.9.67. There is an XSS vulnerability that causes Remote Code Execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：37 | 回复：0
CVE-2021-3258

Question2Answer Q2A Ultimate SEO Version 1.3 is affected by cross-site scripting (XSS), which may lead to arbitrary remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：64 | 回复：0
CVE-2021-3382

Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allows remote attackers to cause a denial of service (crash) via vectors related to a file path.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：45 | 回复：0
CVE-2021-26722

LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because of mishandling of the No results found for message in the search bar.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：40 | 回复：0
CVE-2020-10234

The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 13.2 allows an unprivileged user to send an IOCTL to the device driver. If the user provides a NULL entry for the dwIoControlCode p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：48 | 回复：0
CVE-2020-18750

Buffer overflow in pdf2json 0.69 allows local users to execute arbitrary code by converting a crafted PDF file.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：65 | 回复：0
CVE-2020-9014

In Epson iProjection v2.30, the driver file (EMP_NSAU.sys) allows local users to cause a denial of service (BSOD) via crafted input to the virtual audio device driver with IOCTL 0x9C402402, 0x9C402406 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：54 | 回复：0
CVE-2020-10375

An issue was discovered in New Media Smarty before 9.10. Passwords are stored in the database in an obfuscated format that can be easily reversed. The file data.mdb contains these obfuscated passwords ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：57 | 回复：0
CVE-2020-10552

An issue was discovered in Psyprax before 3.2.2. The Firebird database is accessible with the default user sysdba and password masterke after installation. This allows any user to access it and read a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：52 | 回复：0
CVE-2020-10553

An issue was discovered in Psyprax before 3.2.2. The file %PROGRAMDATA%\Psyprax32\PPScreen.ini contains a hash for the lockscreen (aka screensaver) of the application. If that entry is removed, the lo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：53 | 回复：0
CVE-2020-10554

An issue was discovered in Psyprax beforee 3.2.2. Passwords used to encrypt the data are stored in the database in an obfuscated format, which can be easily reverted. For example, the password AAAAAAA ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：68 | 回复：0
CVE-2020-10857

Zulip Desktop before 5.0.0 improperly uses shell.openExternal and shell.openItem with untrusted content, leading to remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：65 | 回复：0
CVE-2020-10858

Zulip Desktop before 5.0.0 allows attackers to perform recording via the webcam and microphone due to a missing permission request handler.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：64 | 回复：0
CVE-2020-12122

In Max Secure Max Spyware Detector 1.0.0.044, the driver file (MaxProc64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：66 | 回复：0
CVE-2020-9453

In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IO ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：64 | 回复：0
CVE-2021-1072

NVIDIA GeForce Experience, all versions prior to 3.21, contains a vulnerability in GameStream (rxdiag.dll) where an arbitrary file deletion due to improper handling of log files may lead to denial of ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：66 | 回复：0
CVE-2021-21303

Helm is open-source software which is essentially The Kubernetes Package Manager. Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. In Helm from version 3 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：55 | 回复：0
CVE-2021-3229

Denial of service in ASUSWRT ASUS RT-AX3000 firmware versions 3.0.0.4.384_10177 and earlier versions allows an attacker to disrupt the use of device setup services via continuous login error.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：37 | 回复：0
CVE-2020-11836

OPPO Android Phone with MTK chipset and Android 8.1/9/10/11 versions have an information leak vulnerability. The “adb shell getprop ro.vendor.aee.enforcing” or “adb shell getprop ro.vendor.aee.enfo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：50 | 回复：0
CVE-2020-14312

A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts querie ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：59 | 回复：0
CVE-2020-5812

Nessus AMI versions 8.12.0 and earlier were found to either not validate, or incorrectly validate, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (M ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：49 | 回复：0
CVE-2021-20176

A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：54 | 回复：0
CVE-2021-22301

Mate 30 10.0.0.203(C00E201R7P2) have a buffer overflow vulnerability. After obtaining the root permission, an attacker can exploit the vulnerability to cause buffer overflow.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：58 | 回复：0
CVE-2021-22307

There is a weak algorithm vulnerability in Mate 3010.0.0.203(C00E201R7P2). The protection is insufficient for the modules that should be protected. Local attackers can exploit this vulnerability to af ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：64 | 回复：0
CVE-2021-22300

There is an information leak vulnerability in eCNS280_TD versions V100R005C00 and V100R005C10. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allow ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：63 | 回复：0
CVE-2021-22303

There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). There is a lack of muti-thread protection when a function is called. Attackers can exploit this vulnerability by perfo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：59 | 回复：0
CVE-2021-22306

There is an out-of-bound read vulnerability in Mate 30 10.0.0.182(C00E180R6P2). A module does not verify the some input when dealing with messages. Attackers can exploit this vulnerability by sending ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：67 | 回复：0
CVE-2021-22499

Persistent Cross-Site scripting vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow persistent XSS attack.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：84 | 回复：0
CVE-2020-9118

There is an insufficient integrity check vulnerability in Huawei Sound X Product. The system does not check certain software package's integrity sufficiently. Successful exploit could allow an att ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：60 | 回复：0
CVE-2020-9205

There has a CSV injection vulnerability in ManageOne 8.0.1. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：53 | 回复：0