CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2020-36165

An issue was discovered in Veritas Desktop and Laptop Option (DLO) before 9.4. On start-up, it loads the OpenSSL library from /ReleaseX64/ssl. This library attempts to load the /ReleaseX64/ssl/openssl ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：63 | 回复：0
CVE-2020-36166

An issue was discovered in Veritas InfoScale 7.x through 7.4.2 on Windows, Storage Foundation through 6.1 on Windows, Storage Foundation HA through 6.1 on Windows, and InfoScale Operations Manager (ak ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：56 | 回复：0
CVE-2020-36167

An issue was discovered in the server in Veritas Backup Exec through 16.2, 20.6 before hotfix 298543, and 21.1 before hotfix 657517. On start-up, it loads the OpenSSL library from the Installation fol ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：72 | 回复：0
CVE-2020-36168

An issue was discovered in Veritas Resiliency Platform 3.4 and 3.5. It leverages OpenSSL on Windows systems when using the Managed Host addon. On start-up, it loads the OpenSSL library. This library m ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：70 | 回复：0
CVE-2020-36169

An issue was discovered in Veritas NetBackup through 8.3.0.1 and OpsCenter through 8.3.0.1. Processes using OpenSSL attempt to load and execute libraries from paths that do not exist by default on the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：85 | 回复：0
CVE-2021-21235

kamadak-exif is an exif parsing library written in pure Rust. In kamadak-exif version 0.5.2, there is an infinite loop in parsing crafted PNG files. Specifically, reader::read_from_container can cause ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：57 | 回复：0
CVE-2020-26759

clickhouse-driver before 0.1.5 allows a malicious clickhouse server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, due to a buffer overflow.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：94 | 回复：0
CVE-2020-4336

IBM WebSphere eXtreme Scale 8.6.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer head ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：65 | 回复：0
CVE-2020-10655

The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteWindowMouse API. The vulnerability allows an ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：83 | 回复：0
CVE-2020-10656

The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteWindowMouseWithChunksV2 API. The vulnerabilit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：81 | 回复：0
CVE-2020-10657

The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM web console's ImportAlertRules feature. The vulnerability allows a remo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：63 | 回复：0
CVE-2020-10658

The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteImage API. The vulnerability allows an anonym ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：88 | 回复：0
CVE-2020-36170

The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidden name=timestamp fields in forms.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：58 | 回复：0
CVE-2020-8884

rcdsvc in the Proofpoint Insider Threat Management Windows Agent (formerly ObserveIT Windows Agent) before 7.9 allows remote authenticated users to execute arbitrary code as SYSTEM because of improper ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：72 | 回复：0
CVE-2012-10001

The Limit Login Attempts plugin before 1.7.1 for WordPress does not clear auth cookies upon a lockout, which might make it easier for remote attackers to conduct brute-force authentication attempts.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：78 | 回复：0
CVE-2020-13544

An exploitable sign extension vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021’s TextMaker application. A specially crafted document can cause the documen ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：76 | 回复：0
CVE-2020-13545

An exploitable signed conversion vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021’s TextMaker application. A specially crafted document can cause the docu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：69 | 回复：0
CVE-2020-27285

The default configuration of Crimson 3.1 (Build versions prior to 3119.001) allows a user to be able to read and modify the database without authentication.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：73 | 回复：0
CVE-2020-36171

The Elementor Website Builder plugin before 3.0.14 for WordPress does not properly restrict SVG uploads.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：59 | 回复：0
CVE-2020-36172

The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：55 | 回复：0
CVE-2020-36173

The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：50 | 回复：0
CVE-2020-36174

The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：73 | 回复：0
CVE-2020-36175

The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：69 | 回复：0
CVE-2020-36176

The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：74 | 回复：0
CVE-2020-8160

MendixSSO = 2.1.1 contains endpoints that make use of the openid handler, which is suffering from a Cross-Site Scripting vulnerability via the URL path. This is caused by the reflection of user-suppli ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：66 | 回复：0
CVE-2020-27279

A NULL pointer deference vulnerability has been identified in the protocol converter. An attacker could send a specially crafted packet that could reboot the device running Crimson 3.1 (Build versions ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：79 | 回复：0
CVE-2020-27283

An attacker could send a specially crafted message to Crimson 3.1 (Build versions prior to 3119.001) that could leak arbitrary memory locations.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：78 | 回复：0
CVE-2020-36177

RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：84 | 回复：0
CVE-2019-16954

SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in a Help Request ticket.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：93 | 回复：0
CVE-2019-16962

Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a modified Report Name in a New Custom Report.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：87 | 回复：0
CVE-2020-5102

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：64 | 回复：0
CVE-2020-5103

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：53 | 回复：0
CVE-2020-5104

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：67 | 回复：0
CVE-2021-21236

CairoSVG is a Python (pypi) package. CairoSVG is an SVG converter based on Cairo. In CairoSVG before version 2.5.1, there is a regular expression denial of service (REDoS) vulnerability. When processi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：71 | 回复：0
CVE-2020-5105

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：65 | 回复：0
CVE-2020-5106

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：57 | 回复：0
CVE-2020-5107

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：64 | 回复：0
CVE-2020-5108

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：66 | 回复：0
CVE-2020-5109

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：65 | 回复：0
CVE-2020-5110

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：53 | 回复：0