漏洞 - 第712页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-3566

Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By crafting a legitimate ffconcat file that references an image, followed by a file the trigge ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：54 | 回复：0
CVE漏洞

CVE-2021-37632

SuperMartijn642's Config Lib is a library used by a number of mods for the game Minecraft. The versions of SuperMartijn642's Config Lib between 1.0.4 and 1.0.8 are affected by a vulnerability ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：47 | 回复：0
CVE漏洞

CVE-2021-37156

Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user's account, but the intended behavior is for those sessions to be terminated. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-35327

A vulnerability in TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to start the Telnet service, then login with the default credentials via a crafted POST request.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-35326

A vulnerability in TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows attackers to download the configuration file via sending a crafted HTTP request.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-35325

A stack overflow in the checkLoginUser function of TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to cause a denial of service (DOS).……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-35324

A vulnerability in the Form_Login function of TOTOLINK A720R A720R_Firmware V4.1.5cu.470_B20200911 allows attackers to bypass authentication.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-34639

Authenticated File Upload in WordPress Download Manager = 3.1.24 allows authenticated (Author+) users to upload files with a double extension, e.g. payload.php.png which is executable in some configur ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：37 | 回复：0
CVE漏洞

CVE-2021-34638

Authenticated Directory Traversal in WordPress Download Manager = 3.1.24 allows authenticated (Contributor+) users to obtain sensitive configuration file information, as well as allowing Author+ users ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：42 | 回复：0
CVE漏洞

CVE-2021-34634

The Nifty Newsletters WordPress plugin is vulnerable to Cross-Site Request Forgery via the sola_nl_wp_head function found in the ~/sola-newsletters.php file which allows attackers to inject arbitrary ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：58 | 回复：0
CVE漏洞

CVE-2021-34633

The Youtube Feeder WordPress plugin is vulnerable to Cross-Site Request Forgery via the printAdminPage function found in the ~/youtube-feeder.php file which allows attackers to inject arbitrary web sc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-32003

Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secom ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：57 | 回复：0
CVE漏洞

CVE-2021-32002

Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configuration of the SiteManager. This issue aff ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-28216

BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：39 | 回复：0
CVE漏洞

CVE-2021-26605

An improper input validation vulnerability in the service of ezPDFReader allows attacker to execute arbitrary command. This issue occurred when the ezPDF launcher received and executed crafted input v ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：52 | 回复：0
CVE漏洞

CVE-2021-26586

A potential security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely ex ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-22928

A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management W ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-22927

A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-22926

libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with the command line tool).When libcurl is buil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-22925

curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：45 | 回复：0
CVE漏洞

CVE-2021-22924

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-22923

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to ea ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-22922

When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to g ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-22920

A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-22919

A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：37 | 回复：0
CVE漏洞

CVE-2021-22517

A potential unauthorized privilege escalation vulnerability has been identified in Micro Focus Data Protector. The vulnerability affects versions 10.10, 10.20, 10.30, 10.40, 10.50, 10.60, 10.70, 10.80 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-22234

An issue has been discovered in GitLab CE/EE affecting all versions starting with 13.11, 13.12 and 14.0. A specially crafted design image allowed attackers to read arbitrary files on the server.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：50 | 回复：0
CVE漏洞

CVE-2021-21893

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.0.0.49893. A specially crafted PDF document can trigger the reuse of previously freed memory, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-21870

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.4.37651. A specially crafted PDF document can trigger the reuse of previously free memory, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-21831

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.3.37598. A specially crafted PDF document can trigger the reuse of previously freed memory, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：44 | 回复：0
CVE漏洞

CVE-2021-21805

An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary OS command executi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-21792

An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet (IRP) ca ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：61 | 回复：0
CVE漏洞

CVE-2021-21791

An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet (IRP) ca ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：45 | 回复：0
CVE漏洞

CVE-2021-21790

An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet (IRP) ca ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：44 | 回复：0
CVE漏洞

CVE-2021-21785

An information disclosure vulnerability exists in the IOCTL 0x9c40a148 handling of IOBit Advanced SystemCare Ultimate 14.2.0.220. A specially crafted I/O request packet (IRP) can lead to a disclosure ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：39 | 回复：0
CVE漏洞

CVE-2021-20592

Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and G ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：51 | 回复：0
CVE漏洞

CVE-2021-20116

A reflected cross-site scripting vulnerability exists in TCExam = 14.8.4. The paths provided in the f, d, and dir parameters in tce_select_mediafile.php were not properly validated and could cause ref ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：56 | 回复：0
CVE漏洞

CVE-2021-20115

A reflected cross-site scripting vulnerability exists in TCExam = 14.8.3. The paths provided in the f, d, and dir parameters in tce_filemanager.php were not properly validated and could cause reflecte ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：53 | 回复：0
CVE漏洞

CVE-2021-1630

XML external entity (XXE) vulnerability affecting certain versions of a Mule runtime component that may affect CloudHub, GovCloud, Runtime Fabric, Pivotal Cloud Foundry, Private Cloud Edition, and on- ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：52 | 回复：0
CVE漏洞

CVE-2020-7863

A vulnerability in File Transfer Solution of Raonwiz could allow arbitrary command execution as the result of viewing a specially-crafted web page. This vulnerability is due to insufficient validation ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：41 | 回复：0