漏洞 - 第768页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2020-10729

A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since n ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：11 | 回复：0
CVE漏洞

CVE-2020-10716

A flaw was found in Red Hat Satellite's Job Invocation, where the User Input entry was not properly restricted to the view. This flaw allows a malicious Satellite user to scan through the Job Invo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：11 | 回复：0
CVE漏洞

CVE-2020-10709

A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application. Ansible Tower uses the token to provide authentication. This flaw allows an attacker to obtain a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：13 | 回复：0
CVE漏洞

CVE-2020-10701

A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：15 | 回复：0
CVE漏洞

CVE-2020-10698

A flaw was found in Ansible Tower when running jobs. This flaw allows an attacker to access the stdout of the executed jobs which are run from other organizations. Some sensible data can be disclosed. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：18 | 回复：0
CVE漏洞

CVE-2020-10697

A flaw was found in Ansible Tower when running Openshift. Tower runs a memcached, which is accessed via TCP. An attacker can take advantage of writing a playbook polluting this cache, causing a denial ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：11 | 回复：0
CVE漏洞

CVE-2020-10688

A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-32643

Http4s is a Scala interface for HTTP services. `StaticFile.fromUrl` can leak the presence of a directory on a server when the `URL` scheme is not `file://`, and the URL points to a fetchable resource ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：32 | 回复：0
CVE漏洞

CVE-2020-22031

A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_w3fdif.c in filter16_complex_low, which might lead to memory corruption and other potential consequences.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：16 | 回复：0
CVE漏洞

CVE-2020-22030

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/af_afade.c in crossfade_samples_fltp, which might lead to memory corruption and other potential consequences.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：16 | 回复：0
CVE漏洞

CVE-2020-22029

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_colorconstancy.c: in slice_get_derivative, which crossfade_samples_fltp, which might lead to memory corruption and oth ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-32645

Tenancy multi-tenant is an open source multi-domain controller for the Laravel web framework. In some situations, it is possible to have open redirects where users can be redirected from your site to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-27490

Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior are vulnerable to an out-of-bounds read, which may allow an ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-27496

Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior lack proper validation of user-supplied data when parsing PR ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-27494

Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior lack proper validation of user-supplied data when parsing ST ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-27492

When opening a specially crafted 3DXML file, the application containing Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-27488

Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior lack proper validation of user-supplied data when parsing CA ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：37 | 回复：0
CVE漏洞

CVE-2020-18230

Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter $cfg_switchshow of component /admin/web_config.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：28 | 回复：0
CVE漏洞

CVE-2020-18229

Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter $cfg_copyright of component /admin/web_config.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-22118

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-31808

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy). A client sends ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：17 | 回复：0
CVE漏洞

CVE-2020-27832

A flaw was found in Red Hat Quay, where it has a persistent Cross-site Scripting (XSS) vulnerability when displaying a repository's notification. This flaw allows an attacker to trick a user into ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-33200

kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-31806

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range r ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-31535

LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-31525

net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-31155

Failure to normalize the umask in please before 0.4 allows a local attacker to gain full root privileges if they are allowed to execute at least one command.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-31154

pleaseedit in please before 0.4 uses predictable temporary filenames in /tmp and the target directory. This allows a local attacker to gain full root privileges by staging a symlink attack.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-31153

please before 0.4 allows a local unprivileged attacker to gain knowledge about the existence of files or directories in privileged locations via the search_path function, the --check option, or the -d ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-30465

runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-22411

There is an out-of-bounds write vulnerability in some Huawei products. The code of a module have a bad judgment logic. Attackers can exploit this vulnerability by performing multiple abnormal activiti ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-22364

There is a denial of service vulnerability in the versions 10.1.0.126(C00E125R5P3) of HUAWEI Mate 30 and 10.1.0.152(C00E136R7P2) of HUAWEI Mate 30 (5G) . A module does not verify certain parameters su ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-22362

There is an out of bounds write vulnerability in some Huawei products. An attacker can exploit this vulnerability by sending crafted data in the packet to the target device. Due to insufficient valida ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-22360

There is a resource management error vulnerability in the verisions V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 of USG9500. An authentication attacker needs to perform specific operations ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-22359

There is a denial of service vulnerability in the verisions V200R005C00SPC500 of S5700 and V200R005C00SPC500 of S6700. An attacker could exploit this vulnerability by sending specific message to a tar ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-22358

There is an insufficient input validation vulnerability in FusionCompute 8.0.0. Due to the input validation is insufficient, an attacker can exploit this vulnerability to upload any files to the devic ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：17 | 回复：0
CVE漏洞

CVE-2008-2544

Mounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-28662

An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly oc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-28652

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-28651

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a smal ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:47 | 阅读：5 | 回复：0