漏洞 - 第730页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-36367

PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a la ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-33214

In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-32753

EdgeX Foundry is an open source project for building a common open framework for internet-of-things edge computing. A vulnerability exists in the Edinburgh, Fuji, Geneva, and Hanoi versions of the sof ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-26106

An improper neutralization of special elements used in an OS Command vulnerability in FortiAP's console 6.4.1 through 6.4.5 and 6.2.4 through 6.2.5 may allow an authenticated attacker to execute u ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-26100

A missing cryptographic step in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an unauthenticated attacker who intercepts the encrypted messages to manipulate them in such a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-24020

A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to tamper with signed UR ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-24007

Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow a non-authenticated attacker to execute unauthorized code or commands via speci ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-22129

Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated attacker with regular webmail access to trig ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：17 | 回复：0
CVE漏洞

CVE-2020-29014

A concurrent execution using shared resource with improper synchronization ('race condition') in the command shell of FortiSandbox before 3.2.2 may allow an authenticated attacker to bring the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-33795

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 produce incorrect PDF document signatures because the certificate name, document owner, and signature author are mishandled.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-33792

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write via a crafted /Size key in the Trailer dictionary.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：5 | 回复：0
CVE漏洞

CVE-2021-3541

A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-29730

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete info ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-29712

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：5 | 回复：0
CVE漏洞

CVE-2020-21333

Cross Site Scripting (XSS) vulnerability in PublicCMS 4.0 to get an admin cookie when the Administrator reviews submit case.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：10 | 回复：0
CVE漏洞

CVE-2020-22535

Incorrect Access Control vulnerability in PbootCMS 2.0.6 via the list parameter in the update function in upgradecontroller.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-33012

Rockwell Automation MicroLogix 1100, all versions, allows a remote, unauthenticated attacker sending specially crafted commands to cause the PLC to fault when the controller is switched to RUN mode, w ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-27039

A maliciously crafted TIFF file in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be forced to read and write beyond allocated boundaries when parsing the TIFF file. This vulnerability can be ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-27038

A Type Confusion vulnerability in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can occur when processing a maliciously crafted PDF file. An attacker can leverage this to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-27037

A maliciously crafted PNG, PDF or DWF file in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be used to attempt to free an object that has already been freed while parsing them. This vulnerab ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-27036

A maliciously crafted PCX, PICT, RCL or TIFF file in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be used to write beyond the allocated buffer while parsing PCX, PDF, PICT, RCL or TIFF file ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-27035

A maliciously crafted TIFF, PICT, TGA, or DWF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA or DWF fil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-27034

A heap-based buffer overflow could occur while parsing PICT, PCX, RCL or TIFF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011. This vulnerability can be exploited to execute arbitrary cod ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-27033

A Double Free vulnerability allows remote attackers to execute arbitrary code on PDF files within affected installations of Autodesk Design Review. User interaction is required to exploit this vulnera ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-32752

Ether Logs is a package that allows one to check one's logs in the Craft 3 utilities section. A vulnerability was found in versions prior to 3.0.4 that allowed authenticated admin users to access ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-32742

Vapor is a web framework for Swift. In versions 4.47.1 and prior, bug in the `Data.init(base32Encoded:)` function opens up the potential for exposing server memory and/or crashing the server (Denial o ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-30201

An XML External Entity (XXE) issue exists in Kaseya VSA before 9.5.6.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-30121

Local file inclusion exists in Kaseya VSA before 9.5.6.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-30120

Kaseya VSA through 9.5.7 allows attackers to bypass the 2FA requirement.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-30119

Cross Site Scripting (XSS) exists in Kaseya VSA before 9.5.7.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-30118

Kaseya VSA before 9.5.5 allows remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-30117

SQL injection exists in Kaseya VSA before 9.5.6.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-30116

Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-23405

This affects the package pimcore/pimcore before 10.0.7. This issue exists due to the absence of check on the storeId parameter in the method collectionsActionGet and groupsActionGet method within the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：10 | 回复：0
CVE漏洞

CVE-2012-2659

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：6 | 回复：0
CVE漏洞

CVE-2012-1609

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：5 | 回复：0
CVE漏洞

CVE-2012-0832

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：19 | 回复：0
CVE漏洞

CVE-2012-0816

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-36155

LengthPrefixedMessageReader in gRPC Swift 1.1.0 and earlier allocates buffers of arbitrary length, which allows remote attackers to cause uncontrolled resource consumption and deny service.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-36154

HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier allows remote attackers to deny service via the delivery of many small messages within a single HTTP/2 frame, leading to Uncontrolled Recursio ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：16 | 回复：0