CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2020-36183

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：48 | 回复：0
CVE-2020-24900

The default installation of Krpano Panorama Viewer version =1.20.8 is prone to Reflected XSS due to insecure XML load in file /viewer/krpano.html, parameter xml.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：62 | 回复：0
CVE-2020-24901

The default installation of Krpano Panorama Viewer version =1.20.8 is vulnerable to Reflected XSS due to insecure remote js load in file viewer/krpano.html, parameter plugin.url.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：61 | 回复：0
CVE-2020-24902

Quixplorer =2.4.1 is vulnerable to reflected cross-site scripting (XSS) caused by improper validation of user supplied input. A remote attacker could exploit this vulnerability using a specially craft ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：68 | 回复：0
CVE-2020-24903

Cute Editor for ASP.NET 6.4 is vulnerable to reflected cross-site scripting (XSS) caused by improper validation of user supplied input. A remote attacker could exploit this vulnerability using a speci ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：71 | 回复：0
CVE-2020-26768

Formstone =1.4.16 is vulnerable to a Reflected Cross-Site Scripting (XSS) vulnerability caused by improper validation of user supplied input in the upload-target.php and upload-chunked.php files. A re ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：65 | 回复：0
CVE-2020-26971

Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firefox 84, Thunderbird 78.6, and Firefox E ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：55 | 回复：0
CVE-2020-26972

The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former must ensure that they are not attempting to use a dead actor they have a reference to. Such a check wa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：59 | 回复：0
CVE-2020-26973

Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox 84, Thunderbird 7 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：61 | 回复：0
CVE-2020-26974

When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potent ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：71 | 回复：0
CVE-2020-26975

When a malicious application installed on the user's device broadcast an Intent to Firefox for Android, arbitrary headers could have been specified, leading to attacks such as abusing ambient auth ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：83 | 回复：0
CVE-2020-26976

When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe n ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：72 | 回复：0
CVE-2020-26977

By attempting to connect a website using an unresponsive port, an attacker could have controlled the content of a tab while the URL bar displayed the original domain. *Note: This issue only affects Fi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：66 | 回复：0
CVE-2020-26978

Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：85 | 回复：0
CVE-2020-26979

When a user typed a URL in the address bar or the search bar and quickly hit the enter key, a website could sometimes capture that event and then redirect the user before navigation occurred to the de ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：77 | 回复：0
CVE-2020-35111

When an extension with the proxy permission registered to receive all_urls, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：62 | 回复：0
CVE-2020-35112

If a user downloaded a file lacking an extension on Windows, and then Open-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an exe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：64 | 回复：0
CVE-2020-35113

Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：66 | 回复：0
CVE-2020-35114

Mozilla developers reported memory safety bugs present in Firefox 83. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been explo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：82 | 回复：0
CVE-2021-3029

** UNSUPPORTED WHEN ASSIGNED ** EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has an OS Command Injection vulnerability via shell metacharacters and an IFS manipulation. The parameter file on ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：78 | 回复：0
CVE-2020-26773

Restaurant Reservation System 1.0 suffers from an authenticated SQL injection vulnerability, which allows a remote, authenticated attacker to execute arbitrary SQL commands via the date parameter in i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：72 | 回复：0
CVE-2021-25763

In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：69 | 回复：0
CVE-2021-25765

In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload was possible.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：71 | 回复：0
CVE-2021-25766

In JetBrains YouTrack before 2020.4.4701, improper resource access checks were made.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：58 | 回复：0
CVE-2021-25767

In JetBrains YouTrack before 2020.6.1767, an issue's existence could be disclosed via YouTrack command execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：84 | 回复：0
CVE-2021-25768

In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperly.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：76 | 回复：0
CVE-2021-25769

In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn't able to access attachments.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：65 | 回复：0
CVE-2021-25770

In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：68 | 回复：0
CVE-2021-25771

In JetBrains YouTrack before 2020.6.1099, project information could be potentially disclosed.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：55 | 回复：0
CVE-2021-25772

In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible via server integration.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：62 | 回复：0
CVE-2021-25773

JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several pages.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：63 | 回复：0
CVE-2021-25774

In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：70 | 回复：0
CVE-2021-25775

In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for any other users.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：86 | 回复：0
CVE-2021-25776

In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：80 | 回复：0
CVE-2021-25777

In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：75 | 回复：0
CVE-2021-25778

In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：63 | 回复：0
CVE-2020-17516

Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internode_encryption setting, allows both encrypted and une ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：55 | 回复：0
CVE-2020-17523

Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：75 | 回复：0
CVE-2020-25853

The function CheckMic() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, _rt_md5_ ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：71 | 回复：0
CVE-2020-25854

The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, rt ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：67 | 回复：0