漏洞 - 第814页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-28676

An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-25288

An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-25287

An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：39 | 回复：0
CVE漏洞

CVE-2020-6950

Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：27 | 回复：0
CVE漏洞

CVE-2020-27661

A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. A malicious guest could use this flaw to crash the QEMU process on th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：34 | 回复：0
CVE漏洞

CVE-2020-24870

Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：13 | 回复：0
CVE漏洞

CVE-2020-22049

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：19 | 回复：0
CVE漏洞

CVE-2020-22048

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：25 | 回复：0
CVE漏洞

CVE-2020-22046

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：22 | 回复：0
CVE漏洞

CVE-2009-0948

Multiple buffer overflows in the (1) cdf_read_sat, (2) cdf_read_long_sector_chain, and (3) cdf_read_ssat function in file before 5.02.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：19 | 回复：0
CVE漏洞

CVE-2009-0947

Multiple integer overflows in the (1) cdf_read_property_info and (2) cdf_read_sat functions in file before 5.02.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-3530

A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a cras ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-3522

GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-28675

An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Imag ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-26707

The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：25 | 回复：0
CVE漏洞

CVE-2019-12067

The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad-cur_cmd' is null.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-3546

An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw occurs while processing the 'VIRTIO_GPU_CM ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-3545

An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-3544

Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhos ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-3538

A flaw was found in github.com/satori/go.uuid in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45. Due to insecure randomness in the g.rand.Rea ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-23896

Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to view the unencrypted password ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：12 | 回复：0
CVE漏洞

CVE-2020-35514

An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：28 | 回复：0
CVE漏洞

CVE-2020-35510

A flaw was found in jboss-remoting in versions before 5.0.20.SP1-redhat-00001. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes correspondin ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：31 | 回复：0
CVE漏洞

CVE-2020-35503

A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callbac ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：37 | 回复：0
CVE漏洞

CVE-2018-10195

lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：26 | 回复：0
CVE漏洞

CVE-2017-8761

In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：42 | 回复：0
CVE漏洞

CVE-2021-3520

There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argum ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：44 | 回复：0
CVE漏洞

CVE-2021-26940

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-33500. Reason: This candidate is a reservation duplicate of CVE-2021-33500. Notes: All CVE users should reference CVE-2021-33500 ins ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-24012

An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trus ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-23895

Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-23894

Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：27 | 回复：0
CVE漏洞

CVE-2020-14388

A flaw was found in the Red Hat 3scale API Management Platform, where member permissions for an API's admin portal were not properly enforced. This flaw allows an authenticated user to bypass norm ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：29 | 回复：0
CVE漏洞

CVE-2020-14380

An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. A potential attacker with proper authentication to the relevant external authentication source (SSO or Open ID) can claim the priv ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：29 | 回复：0
CVE漏洞

CVE-2020-14371

A credential leak vulnerability was found in Red Hat Satellite. This flaw exposes the compute resources credentials through VMs that are running on these resources in Satellite.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：24 | 回复：0
CVE漏洞

CVE-2020-14340

A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：36 | 回复：0
CVE漏洞

CVE-2020-14336

A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This flaw allows an attacker to cause a denial of service attack on an Open ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：35 | 回复：0
CVE漏洞

CVE-2020-14335

A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy. This flaw allows an attacker to gain control of DHCP records from t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：38 | 回复：0
CVE漏洞

CVE-2020-14326

A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the ent ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：25 | 回复：0
CVE漏洞

CVE-2020-14317

It was found that the issue for security flaw CVE-2019-3805 appeared again in a further version of JBoss Enterprise Application Platform - Continuous Delivery (EAP-CD) introducing regression. An attac ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：36 | 回复：0
CVE漏洞

CVE-2020-10771

A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests. This flaw allows an attacker to perform a cross-site request ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：29 | 回复：0