漏洞 - 第483页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-44790

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:40 | 阅读：89 | 回复：0
CVE漏洞

CVE-2021-44224

A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:40 | 阅读：61 | 回复：0
CVE漏洞

CVE-2021-41561

Improper Input Validation vulnerability in Parquet-MR of Apache Parquet allows an attacker to DoS by malicious Parquet files. This issue affects Apache Parquet-MR version 1.9.0 and later versions.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:40 | 阅读：65 | 回复：0
CVE漏洞

CVE-2021-44858

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=editundo= followed by action=mcrundo and action=mcrrestore to view priv ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:40 | 阅读：86 | 回复：0
CVE漏洞

CVE-2021-44554

Thinfinity VirtualUI before 3.0 allows a malicious actor to enumerate users registered in the OS (Windows) through the /changePassword URI. By accessing the vector, an attacker can determine if a user ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:40 | 阅读：61 | 回复：0
CVE漏洞

CVE-2021-44263

Gurock TestRail before 7.2.4 mishandles HTML escaping.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:40 | 阅读：64 | 回复：0
CVE漏洞

CVE-2021-42913

The SyncThru Web Service on Samsung SCX-6x55X printers allows an attacker to gain access to a list of SMB users and cleartext passwords by reading the HTML source code. Authentication is not required.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:40 | 阅读：70 | 回复：0
CVE漏洞

CVE-2021-44732

Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:40 | 阅读：61 | 回复：0
CVE漏洞

CVE-2021-44164

Chain Sea ai chatbot system’s file upload function has insufficient filtering for special characters in URLs, which allows a remote attacker to by-pass file type validation, upload malicious script a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:40 | 阅读：56 | 回复：0
CVE漏洞

CVE-2021-44163

Chain Sea ai chatbot backend has improper filtering of special characters in URL parameters, which allows a remote attacker to perform JavaScript injection for XSS (reflected Cross-site scripting) att ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:40 | 阅读：88 | 回复：0
CVE漏洞

CVE-2021-44162

Chain Sea ai chatbot system’s specific file download function has path traversal vulnerability. The function has improper filtering of special characters in URL parameters, which allows a remote atta ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:40 | 阅读：70 | 回复：0
CVE漏洞

CVE-2021-44159

4MOSAn GCB Doctor’s file upload function has improper user privilege control. A remote attacker can upload arbitrary files including webshell files without authentication and execute arbitrary code i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:40 | 阅读：73 | 回复：0
CVE漏洞

CVE-2021-4136

vim is vulnerable to Heap-based Buffer Overflow……

作者：菜鸟教程小白 | 时间：2022-2-5 12:40 | 阅读：65 | 回复：0
CVE漏洞

CVE-2021-45041

SuiteCRM before 7.12.2 and 8.x before 8.0.1 allows authenticated SQL injection via the Tooltips action in the Project module, involving resource_id and start_date.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:40 | 阅读：59 | 回复：0
CVE漏洞

CVE-2021-43083

Apache PLC4X - PLC4C (Only the C language implementation was effected) was vulnerable to an unsigned integer underflow flaw inside the tcp transport. Users should update to 0.9.1, which addresses this ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:40 | 阅读：59 | 回复：0
CVE漏洞

CVE-2021-45105

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Threa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:40 | 阅读：68 | 回复：0
CVE漏洞

CVE-2021-4131

livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)……

作者：菜鸟教程小白 | 时间：2022-2-5 12:40 | 阅读：69 | 回复：0
CVE漏洞

CVE-2021-4130

snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)……

作者：菜鸟教程小白 | 时间：2022-2-5 12:40 | 阅读：64 | 回复：0
CVE漏洞

CVE-2021-41500

Incomplete string comparison vulnerability exits in cvxopt.org cvxop = 1.2.6 in APIs (cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve), which allows attacke ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:40 | 阅读：68 | 回复：0
CVE漏洞

CVE-2021-41499

Buffer Overflow Vulnerability exists in ajaxsoundstudio.com n Pyo 1.03 in the Server_debug function, which allows remote attackers to conduct DoS attacks by deliberately passing on an overlong audio ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:40 | 阅读：56 | 回复：0
CVE漏洞

CVE-2021-41498

Buffer overflow in ajaxsoundstudio.com Pyo lt and 1.03 in the Server_jack_init function. which allows attackers to conduct Denial of Service attacks by arbitrary constructing a overlong server name.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:40 | 阅读：55 | 回复：0
CVE漏洞

CVE-2021-41497

Null pointer reference in CMS_Conservative_increment_obj in RaRe-Technologies bounter version 1.01 and 1.10, allows attackers to conduct Denial of Service attacks by inputting a huge width of hash buc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:40 | 阅读：67 | 回复：0
CVE漏洞

CVE-2021-41496

Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative value ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:40 | 阅读：51 | 回复：0
CVE漏洞

CVE-2021-41495

Null Pointer Dereference vulnerability exists in numpy.sort in NumPy lt and 1.19 in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:40 | 阅读：51 | 回复：0
CVE漏洞

CVE-2021-23814

This affects the package unisharp/laravel-filemanager from 0.0.0. The upload() function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:40 | 阅读：44 | 回复：0
CVE漏洞

CVE-2021-23803

This affects the package latte/latte before 2.10.6. There is a way to bypass allowFunctions that will affect the security of the application. When the template is set to allow/disallow the use of cert ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:40 | 阅读：50 | 回复：0
CVE漏洞

CVE-2021-23797

All versions of package http-server-node are vulnerable to Directory Traversal via use of --path-as-is.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:40 | 阅读：56 | 回复：0
CVE漏洞

CVE-2021-23450

All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:40 | 阅读：46 | 回复：0
CVE漏洞

CVE-2021-43840

message_bus is a messaging bus for Ruby processes and web clients. In versions prior to 3.3.7 users who deployed message bus with diagnostics features enabled (default off) are vulnerable to a path tr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:40 | 阅读：72 | 回复：0
CVE漏洞

CVE-2021-43838

jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. In versions prior to 4.5.1 users are vulnerable to a regular expression denial-of-service (ReDoS) attack. If att ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:40 | 阅读：44 | 回复：0
CVE漏洞

CVE-2021-34141

An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor stat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:40 | 阅读：56 | 回复：0
CVE漏洞

CVE-2021-33430

A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_NewFromDescr_int function of ctors.c when specifying arrays of large dimensions (over 32) from Python code, which could let a malic ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:40 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-4011

A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The highest threat from this vulnerability is to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:40 | 阅读：37 | 回复：0
CVE漏洞

CVE-2021-4010

A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:40 | 阅读：53 | 回复：0
CVE漏洞

CVE-2021-4009

A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The highest threat from this vulner ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:40 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-4008

A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The highest threat from this vulnerabili ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:40 | 阅读：43 | 回复：0
CVE漏洞

CVE-2021-40853

TCMAN GIM does not perform an authorization check when trying to access determined resources. A remote attacker could exploit this vulnerability to access URL that require privileges without having th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:40 | 阅读：61 | 回复：0
CVE漏洞

CVE-2021-40852

TCMAN GIM is affected by an open redirect vulnerability. This vulnerability allows the redirection of user navigation to pages controlled by the attacker. The exploitation of this vulnerability might ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:40 | 阅读：67 | 回复：0
CVE漏洞

CVE-2021-40851

TCMAN GIM is vulnerable to a lack of authorization in all available webservice methods listed in /PC/WebService.asmx. The exploitation of this vulnerability might allow a remote attacker to obtain inf ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:40 | 阅读：77 | 回复：0
CVE漏洞

CVE-2021-40850

TCMAN GIM is vulnerable to a SQL injection vulnerability inside several available webservice methods in /PC/WebService.asmx.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:40 | 阅读：63 | 回复：0