漏洞 - 第508页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-29328

OpenSource Moddable v10.5.0 was discovered to contain buffer over-read in the fxDebugThrow function at /moddable/xs/sources/xsDebug.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：42 | 回复：0
CVE漏洞

CVE-2021-29327

OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fx_ArrayBuffer function at /moddable/xs/sources/xsDataView.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-29326

OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fxIDToString function at /moddable/xs/sources/xsSymbol.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-29325

OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fx_String_prototype_repeat function at /moddable/xs/sources/xsString.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-29324

OpenSource Moddable v10.5.0 was discovered to contain a stack overflow via the component /moddable/xs/sources/xsScript.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-29323

OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow via the component /modules/network/wifi/esp/modwifi.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：37 | 回复：0
CVE漏洞

CVE-2021-22030

In versions of Greenplum database prior to 5.28.14 and 6.17.0, certain statements execution led to the storage of sensitive(credential) information in the logs of the database. A malicious user with a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：48 | 回复：0
CVE漏洞

CVE-2021-22028

In versions of Greenplum database prior to 5.28.6 and 6.14.0, greenplum database contains a file path traversal vulnerability leading to information disclosure from the file system. A malicious user c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-43409

The “WPO365 | LOGIN” WordPress plugin (up to and including version 15.3) by wpo365.com is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XS ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-43408

The Duplicate Post WordPress plugin up to and including version 1.1.9 is vulnerable to SQL Injection. SQL injection vulnerabilities occur when client supplied data is included within an SQL Query inse ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-42363

The Preview E-Mails for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the search_order parameter found in the ~/views/form.php file which allows attackers to inject ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-39353

The Easy Registration Forms WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the ajax_add_form function found in the ~/includes/class-form.php file whic ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-36003

Adobe Audition version 14.2 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to dis ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-33850

There is a Cross-Site Scripting vulnerability in Microsoft Clarity version 0.3. The XSS payload executes whenever the user changes the clarity configuration in Microsoft Clarity version 0.3. The paylo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-22053

Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view te ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-37592

Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a crafted TCP/IP stack that can send a certain sequence of segments.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-3920

grav-plugin-admin is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-41436

An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：37 | 回复：0
CVE漏洞

CVE-2021-41435

A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：69 | 回复：0
CVE漏洞

CVE-2021-3973

vim is vulnerable to Heap-based Buffer Overflow……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-3968

vim is vulnerable to Heap-based Buffer Overflow……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-3963

kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-3961

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-3957

kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-3950

django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-3976

kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-3974

vim is vulnerable to Use After Free……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-41532

In Apache Ozone before 1.2.0, Recon HTTP endpoints provide access to OM, SCM and Datanode metadata. Due to a bug, any unauthenticated user can access the data from these endpoints.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-39236

In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-39235

In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same bloc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：41 | 回复：0
CVE漏洞

CVE-2021-39234

In Apache Ozone versions prior to 1.2.0, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：45 | 回复：0
CVE漏洞

CVE-2021-39233

In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-39232

In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-39231

In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-36372

In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-42338

4MOSAn GCB Doctor’s login page has improper validation of Cookie, which allows an unauthenticated remote attacker to bypass authentication by code injection in cookie, and arbitrarily manipulate the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-44033

In Ionic Identity Vault before 5.0.5, the protection mechanism for invalid unlock attempts can be bypassed.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-44026

Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-44025

Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment's filename extension when displaying a MIME type warning message.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：47 | 回复：0
CVE漏洞

CVE-2021-41278

Functions SDK for EdgeX is meant to provide all the plumbing necessary for developers to get started in processing/transforming/exporting data out of the EdgeX IoT platform. In affected versions broke ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:36 | 阅读：42 | 回复：0