漏洞 - 第804页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-22137

In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-22136

In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background poll ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-22135

Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. The sugg ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-29623

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A read of uninitialized memory was found in Exiv2 versions v0.27.3 and earli ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-32921

An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-32920

Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-32919

An issue was discovered in Prosody before 0.11.9. The undocumented dialback_without_dialback option in mod_dialback enables an experimental feature for server-to-server authentication. It does not cor ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-32918

An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service (DoS) attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-32917

An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use o ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-21424

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling dep ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-20535

IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-20221

An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-20181

A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating thei ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-3528

A flaw was found in noobaa-operator in versions before 5.7.0, where internal RPC AuthTokens between the noobaa operator and the noobaa core are leaked into log files. An attacker with access to the lo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-20025

SonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default username and a password that is used at initial setup. An attacker could exploit this transitional/temp ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：11 | 回复：0
CVE漏洞

CVE-2020-28063

A file upload issue exists in all versions of ArticleCMS which allows malicious users to getshell.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：10 | 回复：0
CVE漏洞

CVE-2020-27830

A vulnerability was found in Linux Kernel where in the spk_ttyio_receive_buf2() function, it would dereference spk_ttyio_synth without checking whether it is NULL or not, and may lead to a NULL-ptr de ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：15 | 回复：0
CVE漏洞

CVE-2020-27823

A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：9 | 回复：0
CVE漏洞

CVE-2020-25713

A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：11 | 回复：0
CVE漏洞

CVE-2020-21342

Insecure permissions issue in zzcms 201910 via the reset any user password in /one/getpassword.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：7 | 回复：0
CVE漏洞

CVE-2020-20092

File Upload vulnerability exists in ArticleCMS 1.0 via the image upload feature at /admin by changing the Content-Type to image/jpeg and placing PHP code after the JPEG data, which could let a remote ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-25693

An attacker may cause a Denial of Service (DoS) in multiple versions of Teradici PCoIP Agent via a null pointer dereference.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-20999

In WeidmÃ¼ller u-controls and IoT-Gateways in versions up to 1.12.1 a network port intended only for device-internal usage is accidentally accessible via external network interfaces. By exploiting t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-20998

In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-20997

In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-20996

In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-20995

In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-20994

In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-20993

In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-20988

In Hilscher rcX RTOS versions prios to V2.1.14.1 the actual UDP packet length is not verified against the length indicated by the packet. This may lead to a denial of service of the affected device.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-20250

A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vuln ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：28 | 回复：0
CVE漏洞

CVE-2020-27824

A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：23 | 回复：0
CVE漏洞

CVE-2020-14354

A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：22 | 回复：0
CVE漏洞

CVE-2020-12526

TwinCAT OPC UA Server in versions up to 2.3.0.12 and IPC Diagnostics UA Server in versions up to 3.1.0.1 from Beckhoff Automation GmbH Co. KG are vulnerable to denial of service attacks. The attacker ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-25694

Teradici PCoIP Graphics Agent for Windows prior to 21.03 does not validate NVENC.dll. An attacker could replace the .dll and redirect pixels elsewhere.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-26311

In the AMD SEV/SEV-ES feature, memory can be rearranged in the guest address space that is not detected by the attestation mechanism which could be used by a malicious hypervisor to potentially lead t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：15 | 回复：0
CVE漏洞

CVE-2020-12967

The lack of nested page table protection in the AMD SEV/SEV-ES feature could potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-22154

An Information Disclosure vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially gai ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-22153

A Remote Code Execution vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially cause ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-22152

A Denial of Service due to Improper Input Validation vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：22 | 回复：0