漏洞 - 第761页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-24359

The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.11 did not properly check that a user requesting a password reset was the legitimate user, allowing an attacker to send an arbitr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:49 | 阅读：19 | 回复：0
CVE漏洞

CVE-2020-10666

The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code execution via a URL variable to an AMI command.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-33790

The RebornCore library before 4.7.3 allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of reborncore.common.network.ExtendedPacketBuffer. An at ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-33564

An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. Th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-31703

Frontier ichris through 5.18 allows users to upload malicious executable files that might later be downloaded and run by any client user.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-31702

Frontier ichris through 5.18 mishandles making a DNS request for the hostname in the HTTP Host header, as demonstrated by submitting 127.0.0.1 multiple times for DoS.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-30461

A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61. When the recheck option is used, the user-supplied SPOOLDIR value (which might contain PHP code) is injected int ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：37 | 回复：0
CVE漏洞

CVE-2021-32635

Singularity is an open source container platform. In verions 3.7.2 and 3.7.3, Dde to incorrect use of a default URL, `singularity` action commands (`run`/`shell`/`exec`) specifying a container using a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-32621

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 12.6.7 and 12.10.3, a user without Script or Programming right is able to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-32620

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 11.10.13, 12.6.7, and 12.10.2, a user disabled on a wiki using email verif ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-32619

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. In Deno versions 1.5.0 to 1.10.1, modules that are dynamically imported through `import()` or `new Worker` might have ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-32616

1CDN is open-source file sharing software. In 1CDN before commit f88a2730fa50fc2c2aeab09011f6f142fd90ec25, there is a basic cross-site scripting vulnerability that allows an attacker to inject /script ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-29507

GENIVI Diagnostic Log and Trace (DLT) provides a log and trace interface. In versions of GENIVI DLT between 2.10.0 and 2.18.6, a configuration file containing the special characters could cause a vuln ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-29505

XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-29492

Envoy is a cloud-native edge/middle/service proxy. Envoy does not decode escaped slash sequences `%2F` and `%5C` in HTTP URL paths in versions 1.18.2 and before. A remote attacker may craft a path wit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：21 | 回复：0
CVE漏洞

CVE-2020-36375

Stack overflow vulnerability in parse_equality Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：31 | 回复：0
CVE漏洞

CVE-2020-36374

Stack overflow vulnerability in parse_comparison Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：6 | 回复：0
CVE漏洞

CVE-2020-36373

Stack overflow vulnerability in parse_shifts Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：10 | 回复：0
CVE漏洞

CVE-2020-36372

Stack overflow vulnerability in parse_plus_minus Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：9 | 回复：0
CVE漏洞

CVE-2020-36371

Stack overflow vulnerability in parse_mul_div_rem Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：20 | 回复：0
CVE漏洞

CVE-2020-36370

Stack overflow vulnerability in parse_unary Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：22 | 回复：0
CVE漏洞

CVE-2020-36369

Stack overflow vulnerability in parse_statement_list Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：21 | 回复：0
CVE漏洞

CVE-2020-36368

Stack overflow vulnerability in parse_statement Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：17 | 回复：0
CVE漏洞

CVE-2020-36367

Stack overflow vulnerability in parse_block Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：34 | 回复：0
CVE漏洞

CVE-2020-36366

Stack overflow vulnerability in parse_value Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：46 | 回复：0
CVE漏洞

CVE-2020-18395

A NULL-pointer deference issue was discovered in GNU_gama::set() in ellipsoid.h in Gama 2.04 which can lead to a denial of service (DOS) via segment faults caused by crafted inputs.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：15 | 回复：0
CVE漏洞

CVE-2020-18392

Stack overflow vulnerability in parse_array Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-33587

The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-22519

Execute arbitrary code vulnerability in Micro Focus SiteScope product, affecting versions 11.40,11.41 , 2018.05(11.50), 2018.08(11.51), 2018.11(11.60), 2019.02(11.70), 2019.05(11.80), 2019.08(11.90), ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：7 | 回复：0
CVE漏洞

CVE-2020-26642

A cross-site scripting (XSS) vulnerability has been discovered in the login page of SeaCMS version 11 which allows an attacker to inject arbitrary web script or HTML.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：7 | 回复：0
CVE漏洞

CVE-2020-26641

A Cross Site Request Forgery (CSRF) vulnerability was discovered in iCMS 7.0.16 which can allow an attacker to execute arbitrary web scripts.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-20267

A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impers ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-33623

The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-32646

Roomer is a discord bot cog (extension) which provides automatic voice channel generation as well as private voice and text channels. A vulnerability has been discovered allowing discord users to get ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-32642

radsecproxy is a generic RADIUS proxy that supports both UDP and TLS (RadSec) RADIUS transports. Missing input validation in radsecproxy's `naptr-eduroam.sh` and `radsec-dynsrv.sh` scripts can lea ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-32637

Authelia is a a single sign-on multi-factor portal for web apps. This affects uses who are using nginx ngx_http_auth_request_module with Authelia, it allows a malicious individual who crafts a malform ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：19 | 回复：0
CVE漏洞

CVE-2013-4536

An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially re ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：18 | 回复：0
CVE漏洞

CVE-2020-15782

A vulnerability has been identified in SIMATIC Drive Controller family (All versions V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP O ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-3514

When using a sync_repl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-29629

In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before r369859, 11.4-STABLE before r369866, 13.0-RELEASE before p1, 12.2-RELEASE before p7, and 11.4-RELEASE before p10, missing message ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:48 | 阅读：12 | 回复：0