漏洞 - 第776页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-29252

RSA Archer before 6.9 SP1 P1 (6.9.1.1) contains a stored XSS vulnerability. A remote authenticated malicious Archer user with access to modify link name fields could potentially exploit this vulnerabi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-31924

Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not allow user presence (touch) o ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-33575

The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-33574

The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-33570

Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG element in any PostgreSQL database table. This can result in reading local files via vectors involving XMLHttpRequest and open of a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：34 | 回复：0
CVE漏洞

CVE-2016-20011

libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-20209

A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-status CGI handler when no action files are configured.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：41 | 回复：0
CVE漏洞

CVE-2020-25672

A memory leak vulnerability was found in Linux kernel in llcp_sock_connect……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：30 | 回复：0
CVE漏洞

CVE-2020-20453

FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aaccoder, which allows a remote malicious user to cause a Denial of Service……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：39 | 回复：0
CVE漏洞

CVE-2021-32640

ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a ws server. The vulnerabi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-27562

In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-25946

Prototype pollution vulnerability in `nconf-toml` versions 0.0.1 through 0.0.2 allows an attacker to cause a denial of service and may lead to remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-25944

Prototype pollution vulnerability in 'deep-defaults' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-25935

In OpenNMS Horizon, versions opennms-17.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0- ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-25934

In OpenNMS Horizon, versions opennms-18.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0- ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：40 | 回复：0
CVE漏洞

CVE-2020-20451

Denial of Service issue in FFmpeg 4.2 due to resource management errors via fftools/cmdutils.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：12 | 回复：0
CVE漏洞

CVE-2020-20450

FFmpeg 4.2 is affected by null pointer dereference passed as argument to libavformat/aviobuf.c, which could cause a Denial of Service.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：18 | 回复：0
CVE漏洞

CVE-2020-20448

FFmpeg 4.1.3 is affected by a Divide By Zero issue via libavcodec/ratecontrol.c, which allows a remote malicious user to cause a Denial of Service.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：28 | 回复：0
CVE漏洞

CVE-2020-20446

FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a Denial of Service.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：21 | 回复：0
CVE漏洞

CVE-2020-20445

FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, which allows a remote malicious user to cause a Denial of Service.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-3320

Type Confusion in 802154 ACK Frames Handling. Zephyr versions = v2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advis ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-32638

Github's CodeQL action is provided to run CodeQL-based code scanning on non-GitHub CI/CD systems and requires a GitHub access token to connect to a GitHub repository. The runner and its documentat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-29708

IBM Spectrum Scale 5.1.0.1 could allow a local with access to the GUI pod container to obtain sensitive cryptographic keys that could allow them to elevate their privileges. IBM X-Force ID: 200883.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-29695

IBM Host firmware for LC-class Systems could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request that would allow them to delete arbit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-23937

A DNS proxy and possible amplification attack vulnerability in WebClientInfo of Apache Wicket allows an attacker to trigger arbitrary DNS lookups from the server when the X-Forwarded-For header is not ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-21660

Jenkins Markdown Formatter Plugin 0.1.0 and earlier does not sanitize crafted link target URLs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the ability ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-21659

Jenkins URLTrigger Plugin 0.48 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-21658

Jenkins Nuget Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-21657

Jenkins Filesystem Trigger Plugin 0.40 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：22 | 回复：0
CVE漏洞

CVE-2020-4839

IBM Host firmware for LC-class Systems is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A remote privileged attacker could exploit this vulnerability and cause a den ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：21 | 回复：0
CVE漏洞

CVE-2020-13603

Integer Overflow in memory allocating functions. Zephyr versions = 1.14.2, = 2.4.0 contain Integer Overflow or Wraparound (CWE-190). For more information, see https://github.com/zephyrproject-rtos/zep ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：17 | 回复：0
CVE漏洞

CVE-2020-13602

Remote Denial of Service in LwM2M do_write_op_tlv. Zephyr versions = 1.14.2, = 2.2.0 contain Improper Input Validation (CWE-20), Loop with Unreachable Exit Condition ('Infinite Loop') (CWE-835 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：18 | 回复：0
CVE漏洞

CVE-2020-13601

Possible read out of bounds in dns read. Zephyr versions = 1.14.2, = 2.3.0 contain Out-of-bounds Read (CWE-125). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisor ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：17 | 回复：0
CVE漏洞

CVE-2020-13600

Malformed SPI in response for eswifi can corrupt kernel memory. Zephyr versions = 1.14.2, = 2.3.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproje ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：19 | 回复：0
CVE漏洞

CVE-2020-13599

Security problem with settings and littlefs. Zephyr versions = 1.14.2, = 2.3.0 contain Incorrect Default Permissions (CWE-276). For more information, see https://github.com/zephyrproject-rtos/zephyr/s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：19 | 回复：0
CVE漏洞

CVE-2020-13598

FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat. Zephyr versions = v1.14.2, = v2.3.0 contain Stack-based Buffer Overflow (CWE-121). For more information, see https://gi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：31 | 回复：0
CVE漏洞

CVE-2020-10072

Improper Handling of Insufficient Permissions or Privileges in zephyr. Zephyr versions = v1.14.2, = v2.2.0 contain Improper Handling of Insufficient Permissions or Privileges (CWE-280). For more infor ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：25 | 回复：0
CVE漏洞

CVE-2020-10069

Zephyr Bluetooth unchecked packet data results in denial of service. Zephyr versions = v1.14.2, = v2.2.0 contain Improper Handling of Parameters (CWE-233). For more information, see https://github.com ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：41 | 回复：0
CVE漏洞

CVE-2020-10066

Incorrect Error Handling in Bluetooth HCI core. Zephyr versions = v1.14.2, = v2.2.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：47 | 回复：0
CVE漏洞

CVE-2020-10065

Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions = v1.14.2, = v2.2.0 contain Improper Handling of Length Parameter Inconsistency (CWE-130). For more information, see https://github.com/z ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：30 | 回复：0