漏洞 - 第830页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-21222

Heap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-21221

Insufficient validation of untrusted input in Mojo in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTM ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-21220

Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-21219

Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-21218

Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-21217

Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-21216

Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-21215

Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-21214

Use after free in Network API in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-21213

Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-21212

Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowed a remote attacker to potentially compromise WiFi connection security via a malicious WAP.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-21211

Inappropriate implementation in Navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-21210

Inappropriate implementation in Network in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially access local UDP ports via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-21209

Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-21208

Insufficient data validation in QR scanner in Google Chrome on iOS prior to 90.0.4430.72 allowed an attacker displaying a QR code to perform domain spoofing via a crafted QR code.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-21207

Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrom ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-21206

Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-21205

Insufficient policy enforcement in navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-21204

Use after free in Blink in Google Chrome on OS X prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-21203

Use after free in Blink in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-21202

Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chro ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-21201

Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-20546

IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and cause the applicat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-20536

IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 198836.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-20532

IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 could allow a local user to escalate their privileges to take full control of the system due to insecure directory permissions. IBM X-Force ID: 198 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-20432

IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：17 | 回复：0
CVE漏洞

CVE-2020-4562

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by allowing cross-window communication with unrestricted target origin via documentation frames.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-27851

A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in havin ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-23382

The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused m ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-3494

A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-3472

A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-28399

OrangeHRM 4.7 allows an unauthenticated user to enumerate the valid username and email address via the forgot password function.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-25839

A weak password requirement vulnerability exists in the Create New User function of MintHCM RELEASE 3.0.8, which could lead an attacker to easier password brute-forcing.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-25838

The Import function in MintHCM RELEASE 3.0.8 allows an attacker to execute a cross-site scripting (XSS) payload in file-upload.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：18 | 回复：0
CVE漏洞

CVE-2020-15078

OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potential ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-31802

NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow that is exploitable from the local network without authentication. The vulnerability exists within the handling of an HTTP request. A ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-28079

Jamovi =1.6.18 is affected by a cross-site scripting (XSS) vulnerability. The column-name is vulnerable to XSS in the ElectronJS Framework. An attacker can make a .omv (Jamovi) document containing a p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-26797

An access control vulnerability in Hame SD1 Wi-Fi firmware =V.20140224154640 allows an attacker to get system administrator through an open Telnet service.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-25928

Prototype pollution vulnerability in 'safe-obj' versions 1.0.0 through 1.0.2 allows an attacker to cause a denial of service and may lead to remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-25927

Prototype pollution vulnerability in 'safe-flat' versions 2.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:38 | 阅读：23 | 回复：0