漏洞 - 第780页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-26997

E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover information via ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-3013

ripgrep before 13 on Windows allows attackers to trigger execution of arbitrary programs from the current working directory via the -z/--search-zip or --pre flag.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-34540

Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-33205

Western Digital EdgeRover before 0.25 has an escalation of privileges vulnerability where a low privileged user could load malicious content into directories with higher privileges, because of how Nod ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-26829

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-26828

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：5 | 回复：0
CVE漏洞

CVE-2021-28814

An improper access control vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows remote attackers to compromise the security of the software. This issue affects: ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-28805

Inclusion of sensitive information in the source code has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read application data. This is ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-28801

An out-of-bounds read vulnerability has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read sensitive information on the system. This i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-24035

A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite Wha ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-25684

It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-25683

It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-25682

It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-23393

This affects the package Flask-Unchained before 0.9.0. When using the the _validate_redirect_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-26199

An issue was discovered in JerryScript 2.4.0. There is a heap-use-after-free in ecma_bytecode_ref in ecma-helpers.c file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-26198

An issue was discovered in JerryScript 2.4.0. There is a SEVG in ecma_deref_bigint in ecma-helpers.c file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-26197

An issue was discovered in JerryScript 2.4.0. There is a SEGV in main_print_unhandled_exception in main-utils.c file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-26195

An issue was discovered in JerryScript 2.4.0. There is a heap-buffer-overflow in lexer_parse_number in js-lexer.c file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：5 | 回复：0
CVE漏洞

CVE-2021-26194

An issue was discovered in JerryScript 2.4.0. There is a heap-use-after-free in ecma_is_lexical_environment in the ecma-helpers.c file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：9 | 回复：0
CVE漏洞

CVE-2020-23323

There is a heap-buffer-overflow at re-parser.c in re_parse_char_escape in JerryScript 2.2.0.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：12 | 回复：0
CVE漏洞

CVE-2020-23322

There is an Assertion in 'context_p-token.type == LEXER_RIGHT_BRACE || context_p-token.type == LEXER_ASSIGN || context_p-token.type == LEXER_COMMA' in parser_parse_object_initializer in JerryS ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：13 | 回复：0
CVE漏洞

CVE-2020-23321

There is a heap-buffer-overflow at lit-strings.c:431 in lit_read_code_unit_from_utf8 in JerryScript 2.2.0.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：9 | 回复：0
CVE漏洞

CVE-2020-23320

There is an Assertion in 'context_p-next_scanner_info_p-type == SCANNER_TYPE_FUNCTION' in parser_parse_function_arguments in JerryScript 2.2.0.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：9 | 回复：0
CVE漏洞

CVE-2020-23319

There is an Assertion in '(flags CBC_STACK_ADJUST_SHIFT) = CBC_STACK_ADJUST_BASE || (CBC_STACK_ADJUST_BASE - (flags CBC_STACK_ADJUST_SHIFT)) = context_p-stack_depth' in parser_emit_cbc_backw ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：5 | 回复：0
CVE漏洞

CVE-2020-23314

There is an Assertion 'block_found' failed at js-parser-statm.c:2003 parser_parse_try_statement_end in JerryScript 2.2.0.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：5 | 回复：0
CVE漏洞

CVE-2020-23313

There is an Assertion 'scope_stack_p context_p-scope_stack_p' failed at js-scanner-util.c:2510 in scanner_literal_is_created in JerryScript 2.2.0……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：11 | 回复：0
CVE漏洞

CVE-2020-23312

There is an Assertion 'context.status_flags PARSER_SCANNING_SUCCESSFUL' failed at js-parser.c:2185 in parser_parse_source in JerryScript 2.2.0.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：13 | 回复：0
CVE漏洞

CVE-2020-23311

There is an Assertion 'context_p-token.type == LEXER_RIGHT_BRACE || context_p-token.type == LEXER_ASSIGN || context_p-token.type == LEXER_COMMA' failed at js-parser-expr.c:3230 in parser_parse ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：9 | 回复：0
CVE漏洞

CVE-2020-23310

There is an Assertion 'context_p-next_scanner_info_p-type == SCANNER_TYPE_FUNCTION' failed at js-parser-statm.c:733 in parser_parse_function_statement in JerryScript 2.2.0.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：11 | 回复：0
CVE漏洞

CVE-2020-23309

There is an Assertion 'context_p-stack_depth == context_p-context_stack_depth' failed at js-parser-statm.c:2756 in parser_parse_statements in JerryScript 2.2.0.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：7 | 回复：0
CVE漏洞

CVE-2020-23308

There is an Assertion 'context_p-stack_top_uint8 == LEXER_EXPRESSION_START' at js-parser-expr.c:3565 in parser_parse_expression in JerryScript 2.2.0.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：6 | 回复：0
CVE漏洞

CVE-2020-23306

There is a stack-overflow at ecma-regexp-object.c:535 in ecma_regexp_match in JerryScript 2.2.0.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：15 | 回复：0
CVE漏洞

CVE-2020-23303

There is a heap-buffer-overflow at jmem-poolman.c:165 in jmem_pools_collect_empty in JerryScript 2.2.0.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：13 | 回复：0
CVE漏洞

CVE-2020-23302

There is a heap-use-after-free at ecma-helpers-string.c:772 in ecma_ref_ecma_string in JerryScript 2.2.0……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-31840

A vulnerability in the preloading mechanism of specific dynamic link libraries in McAfee Agent for Windows prior to 5.7.3 could allow an authenticated, local attacker to perform a DLL preloading attac ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-31839

Improper privilege management vulnerability in McAfee Agent for Windows prior to 5.7.3 allows a local user to modify event information in the MA event folder. This allows a local user to either add fa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-20329

Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-34557

XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-34546

An unauthenticated attacker with physical access to a computer with NetSetMan Pro before 5.0 installed, that has the pre-logon profile switch button within the Windows logon screen enabled, is able to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-33031

In LabCup before v2_next_18022, it is possible to use the save API to perform unauthorized actions for users without access to user management in order to, after successful exploitation, gain access t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:46 | 阅读：23 | 回复：0