漏洞 - 第696页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-3246

A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-32668

TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When error ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-32667

TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When _Page ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：10 | 回复：0
CVE漏洞

CVE-2020-35427

SQL injection vulnerability in PHPGurukul Employee Record Management System 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-27517

Foxit PDF SDK For Web through 7.5.0 allows XSS. There is arbitrary JavaScript code execution in the browser if a victim uploads a malicious PDF document containing embedded JavaScript code that abuses ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-27338

Faraday Edge before 3.7 allows XSS via the network/create/ page and its network name parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-22235

Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：14 | 回复：0
CVE漏洞

CVE-2020-15660

Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-32463

An incorrect permission assignment denial-of-service vulnerability in Trend Micro Apex One, Apex One as a Service (SaaS), Worry-Free Business Security 10.0 SP1 and Worry-Free Servgices could allow a l ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-27021

A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-26095

The combination of various cryptographic issues in the session management of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6, including the encryption construction of the session cookie, may all ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-24022

A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and FortiManager CLI 6.4.5 and below, 6.2.7 and below, 6.0.x may allow an authenticated, local attacker to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-22125

An instance of improper neutralization of special elements in the sniffer module of FortiSandbox before 3.2.2 may allow an authenticated administrator to execute commands on the underlying system' ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：21 | 回复：0
CVE漏洞

CVE-2020-7866

When using XPLATFORM 9.2.2.270 or earlier versions ActiveX component, arbitrary commands can be executed due to improper input validation……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-36980

Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-36979

Unicorn Engine 1.0.2 has an out-of-bounds write in tb_flush_armeb (called from cpu_arm_exec_armeb and tcg_cpu_exec_armeb).……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-36978

QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in Pl_ASCII85Decoder::write (called from Pl_AES_PDF::flush and Pl_AES_PDF::finish) when a certain downstream write fails ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-36977

matio (aka MAT File I/O Library) 1.5.20 and 1.5.21 has a heap-based buffer overflow in H5MM_memcpy (called from H5MM_malloc and H5C_load_entry), related to use of HDF5 1.12.0.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-36976

libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-35054

Minecraft before 1.17.1, when online-mode=false is configured, allows path traversal for deletion of arbitrary JSON files.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：11 | 回复：0
CVE漏洞

CVE-2020-36431

Unicorn Engine 1.0.2 has an out-of-bounds write in helper_wfe_arm.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：10 | 回复：0
CVE漏洞

CVE-2020-36430

libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：9 | 回复：0
CVE漏洞

CVE-2020-36429

Variant_encodeJson in open62541 1.x before 1.0.4 has an out-of-bounds write for a large recursion depth.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：9 | 回复：0
CVE漏洞

CVE-2020-36428

matio (aka MAT File I/O Library) 1.5.18 through 1.5.21 has a heap-based buffer overflow in ReadInt32DataDouble (called from ReadInt32Data and Mat_VarRead4).……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：25 | 回复：0
CVE漏洞

CVE-2019-25051

objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list).……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：24 | 回复：0
CVE漏洞

CVE-2019-25050

netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-26083

Export HTML Report in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to inject arbitr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-26082

The XML Export in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-26081

REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to enumerate usernames via ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-32774

DataDump is a MediaWiki extension that provides dumps of wikis. Prior to commit 67a82b76e186925330b89ace9c5fd893a300830b, DataDump had no protection against CSRF attacks so requests to generate or del ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：5 | 回复：0
CVE漏洞

CVE-2021-32773

Racket is a general-purpose programming language and an ecosystem for language-oriented programming. In versions prior to 8.2, code evaluated using the Racket sandbox could cause system modules to inc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：18 | 回复：0
CVE漏洞

CVE-2020-5349

Dell EMC Networking S4100 and S5200 Series Switches manufactured prior to February 2020 contain a hardcoded credential vulnerability. A remote unauthenticated malicious user could exploit this vulnera ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：14 | 回复：0
CVE漏洞

CVE-2020-5323

Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain an injection vulnerability. A remote authenticated malicious user ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：27 | 回复：0
CVE漏洞

CVE-2020-5322

Dell EMC OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain a command injection vulnerability. A remote authenticated malicious user with high privileges could potentially exploit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：11 | 回复：0
CVE漏洞

CVE-2020-5321

Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain an improper input validation vulnerability. A remote authenticate ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：5 | 回复：0
CVE漏洞

CVE-2020-5320

Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain a SQL injection vulnerability. A remote authenticated malicious u ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：11 | 回复：0
CVE漏洞

CVE-2020-5315

Dell EMC Repository Manager (DRM) version 3.2 contains a plain-text password storage vulnerability. Proxy server user password is stored in a plain text in a local database. A local authenticated mali ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-33594

An address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted a malicious URL, it appears like a legitimate one on the address bar, while th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-38539

Certain NETGEAR devices are affected by privilege escalation. This affects D8500 before 1.0.3.44, R6400v2 before 1.0.2.66, R6700 before 1.0.2.6, R6700v3 before 1.0.2.66, R6900 before 1.0.2.4, R6900P b ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-38538

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.68, R8900 before 1.0.4.26, R9000 before 1.0.4.26, RAX120 before 1.0.0.78, RBK20 before 2.3.5. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:28 | 阅读：46 | 回复：0