漏洞 - 第827页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-29475

HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. An attacker is able to receive arbitrary files from the file system when exporting a note to PDF. Since the code in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-29473

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. Exiv2 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-22669

Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an ad ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：18 | 回复：0
CVE漏洞

CVE-2020-36325

** DISPUTED ** An issue was discovered in Jansson through 2.13.1. Due to a parsing error in json_loads, there's an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs whe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-29694

IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 200258.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-29672

IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when processing the current locale settings. A local attacker co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：12 | 回复：0
CVE漏洞

CVE-2020-11289

Out of bound write can occur in TZ command handler due to lack of validation of command ID in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industri ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：10 | 回复：0
CVE漏洞

CVE-2020-11288

Out of bound write can occur in playready while processing command due to lack of input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：12 | 回复：0
CVE漏洞

CVE-2020-11285

Buffer over-read while unpacking the RTCP packet we may read extra byte if wrong length is provided in RTCP packets in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：24 | 回复：0
CVE漏洞

CVE-2020-11284

Locked memory can be unlocked and modified by non secure boot loader through improper system call sequence making the memory region untrusted source of input for secure boot loader in Snapdragon Auto, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：23 | 回复：0
CVE漏洞

CVE-2020-11279

Memory corruption while processing crafted SDES packets due to improper length check in sdes packets recieved in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：12 | 回复：0
CVE漏洞

CVE-2020-11274

Denial of service in MODEM due to assert to the invalid configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：10 | 回复：0
CVE漏洞

CVE-2020-11273

Histogram type KPI was teardown with the assumption of the existence of histogram binning info and will lead to null pointer access when histogram binning info is missing due to lack of null check in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：27 | 回复：0
CVE漏洞

CVE-2020-11268

Potential UE reset while decoding a crafted Sib1 or SIB1 that schedules unsupported SIBs and can lead to denial of service in Snapdragon Auto, Snapdragon Mobile……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：12 | 回复：0
CVE漏洞

CVE-2020-11254

Memory corruption during buffer allocation due to dereferencing session ctx pointer without checking if pointer is valid in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mob ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：20 | 回复：0
CVE漏洞

CVE-2020-29445

Affected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：14 | 回复：0
CVE漏洞

CVE-2020-29444

Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-32093

The ConfigFileAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to read arbitrary files via the ConfigName parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-32092

A Cross-site scripting (XSS) vulnerability in the DocumentAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-32091

A Cross-site scripting (XSS) vulnerability exists in StackLift LocalStack 0.12.6.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-32090

The dashboard component of StackLift LocalStack 0.12.6 allows attackers to inject arbitrary shell commands via the functionName parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-32074

HashiCorp vault-action (aka Vault GitHub Action) before 2.2.0 allows attackers to obtain sensitive information from log files because a multi-line secret was not correctly registered with GitHub Actio ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-32104

A SQL injection vulnerability exists (with user privileges) in interface/forms/eye_mag/save.php in OpenEMR 5.0.2.1.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-32103

A Stored XSS vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.1 allows a admin authenticated user to inject arbitrary web script or HTML via the lname parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-32102

A SQL injection vulnerability exists (with user privileges) in library/custom_template/ajax_code.php in OpenEMR 5.0.2.1.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-32101

The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect access control system in portal/patient/_machine_config.php. To exploit the vulnerability, an unauthenticated attacker can register an ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-32100

A remote file inclusion vulnerability exists in Artica Pandora FMS 742, exploitable by the lowest privileged user.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-32099

A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chart_generator.php ses ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-32098

Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-32096

The ConsoleAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows a CSRF attack that results in injecting arbitrary Ruby code (for an eval call) via the CONSOLE_COMMAND_STRING p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-32095

U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to delete arbitrary files.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-32094

U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to upload arbitrary files.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-32077

Primary Source Verification in VerityStream MSOW Solutions before 3.1.1 allows an anonymous internet user to discover Social Security Number (SSN) values via a brute-force attack on a (sometimes hidde ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：18 | 回复：0
CVE漏洞

CVE-2020-23264

Cross-site request forgery (CSRF) in Fork-CMS before 5.8.2 allow remote attackers to hijack the authentication of logged administrators.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：17 | 回复：0
CVE漏洞

CVE-2020-23263

Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the navigation_title parameter and the title parameter in /priva ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-31737

emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution vulnerability due to upload of database backup file in admin/data.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-29203

A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22. The vulnerability could b ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：50 | 回复：0
CVE漏洞

CVE-2021-27941

Unconstrained Web access to the device's private encryption key in the QR code pairing mode in the eWeLink mobile application (through 4.9.2 on Android and through 4.9.1 on iOS) allows a physicall ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-29493

Kennnyshiwa-cogs contains cogs for Red Discordbot. An RCE exploit has been found in the Tickets module of kennnyshiwa-cogs. This exploit allows discord users to craft a message that can reveal sensiti ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-28665

Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the SNMP plugin that can lead to excessive consumption of memory and CPU resources, and possibly a denia ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:39 | 阅读：19 | 回复：0