漏洞 - 第502页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2019-5640

Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the inspect element browser fea ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-43560

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calenda ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-43559

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The delete related badge functionality did not include the necessary token check ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-43558

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-43016

Adobe InCopy version 16.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-43015

Adobe InCopy version 16.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious GIF file, potentially resulting in arbitrary code execution in the cont ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-42738

Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious MXF file, potentially resulting in arbitrary code execution in the con ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-42737

Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the con ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-42733

Adobe Prelude version 10.1 (and earlier) is affected by an improper input validation vulnerability in the XDCAMSAM directory. An unauthenticated attacker could leverage this vulnerability to execute a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-42727

Acrobat RoboHelp Server versions 2020.0.1 (and earlier) are affected by a Path traversal vulnerability. The authenticated attacker can send an HTTP POST request which will place a malicious .jsp file ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：45 | 回复：0
CVE漏洞

CVE-2021-40775

Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in arbitrary code execution in the con ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-40774

Adobe Prelude version 10.1 (and earlier) is affected by a null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：50 | 回复：0
CVE漏洞

CVE-2021-40773

Adobe Prelude version 10.1 (and earlier) is affected by a null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：42 | 回复：0
CVE漏洞

CVE-2021-40772

Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the con ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：42 | 回复：0
CVE漏洞

CVE-2021-40771

Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the con ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：46 | 回复：0
CVE漏洞

CVE-2021-40770

Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the con ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：42 | 回复：0
CVE漏洞

CVE-2021-3943

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A remote code execution risk when restoring backup files was identified.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-3935

When PgBouncer is configured to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verifi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-26614

ius_get.cgi in IpTime C200 camera allows remote code execution. A remote attacker may send a crafted parameters to the exposed vulnerable web service interface which invokes the arbitrary shell comman ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：47 | 回复：0
CVE漏洞

CVE-2020-7882

Using the parameter of getPFXFolderList function, attackers can see the information of authorization certification and delete the files. It occurs because the parameter contains path traversal charact ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：49 | 回复：0
CVE漏洞

CVE-2021-43582

A Use-After-Free Remote Vulnerability exists when reading a DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DWG files. The issue result ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：48 | 回复：0
CVE漏洞

CVE-2021-43581

An Out-of-Bounds Read vulnerability exists when reading a U3D file using Open Design Alliance PRC SDK before 2022.11. The specific issue exists within the parsing of U3D files. Incorrect use of the Li ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-43557

The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri without verification. The $request_uri is the full original request URI without normalization. This makes it possible to construct ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-38378

OX App Suite 7.10.5 allows Information Exposure because a caching mechanism can caused a Modified By response to show a person's name.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-38377

OX App Suite through 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within truncated e-mail, because there is a predictable UUID with HTML transformation results.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-38376

OX App Suite through 7.10.5 has Incorrect Access Control for retrieval of session information via the rampup action of the login API call.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-38375

OX App Suite through 7.10.5 allows XSS via the alt attribute of an IMG element in a truncated e-mail message.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-38374

OX App Suite through through 7.10.5 allows XSS via a crafted snippet that has an app loader reference within an app loader URL.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-38146

The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/downlo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-33495

OX App Suite 7.10.5 allows XSS via an OX Chat system message.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-33494

OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing rendering.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-33493

The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-33492

OX App Suite 7.10.5 allows XSS via an OX Chat room name.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-33491

OX App Suite through 7.10.5 allows Directory Traversal via ../ in an OOXML or ODF ZIP archive, because of the mishandling of relative paths in mail addresses in conjunction with auto-configuration DNS ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-33490

OX App Suite through 7.10.5 allows XSS via a crafted snippet in a shared mail signature.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-33489

OX App Suite through 7.10.5 allows XSS via JavaScript code in a shared XCF file.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-33488

chat in OX App Suite 7.10.5 has Improper Input Validation. A user can be redirected to a rogue OX Chat server via a development-related hook.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-44079

In the wazuh-slack active response script in Wazuh 4.2.x before 4.2.5, untrusted user agents are passed to a curl command line, potentially resulting in remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：73 | 回复：0
CVE漏洞

CVE-2021-28710

certain VT-d IOMMUs may not work in shared page table mode For efficiency reasons, address translation control structures (page tables) may (and, on suitable hardware, by default will) be shared betwe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-34400

NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to information from unscrubbed memory, which may le ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:37 | 阅读：26 | 回复：0