• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号
登陆 注册
描述文字
OGeek|极客世界-中国程序员成长平台 门户 漏洞

漏洞

RSS

下级分类:

  • CVE-2021-31572
    CVE漏洞
    CVE-2021-31572
    The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in stream_buffer.c for a stream buffer.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:36 | 阅读:20 | 回复:0
  • CVE-2021-31571
    CVE漏洞
    CVE-2021-31571
    The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in queue.c for queue creation.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:36 | 阅读:24 | 回复:0
  • CVE-2021-30356
    CVE漏洞
    CVE-2021-30356
    A denial of service vulnerability was reported in Check Point Identity Agent before R81.018.0000, which could allow low privileged users to overwrite protected system files.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:36 | 阅读:35 | 回复:0
  • CVE-2021-28168
    CVE漏洞
    CVE-2021-28168
    Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of th ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:36 | 阅读:36 | 回复:0
  • CVE-2021-27278
    CVE漏洞
    CVE-2021-27278
    This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:36 | 阅读:45 | 回复:0
  • CVE-2021-27277
    CVE漏洞
    CVE-2021-27277
    This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Virtual Infrastructure Monitor 2020.2. An attacker must first obtain the ability to execu ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:36 | 阅读:19 | 回复:0
  • CVE-2021-23133
    CVE漏洞
    CVE-2021-23133
    A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_dest ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:36 | 阅读:28 | 回复:0
  • CVE-2020-7861
    CVE漏洞
    CVE-2020-7861
    AnySupport (Remote support solution) before 2019.3.21.0 allows directory traversing because of swprintf function to copy file from a management PC to a client PC. This can be lead to arbitrary file ex ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:36 | 阅读:18 | 回复:0
  • CVE-2020-7858
    CVE漏洞
    CVE-2020-7858
    There is a directory traversing vulnerability in the download page url of AquaNPlayer 2.0.0.92. The IP of the download page url is localhost and an attacker can traverse directories using dot dot sequ ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:36 | 阅读:20 | 回复:0
  • CVE-2021-30476
    CVE漏洞
    CVE-2021-30476
    HashiCorp Terraform’s Vault Provider (terraform-provider-vault) did not correctly configure GCE-type bound labels for Vault’s GCP auth method. Fixed in 2.19.1.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:36 | 阅读:22 | 回复:0
  • CVE-2021-29653
    CVE漏洞
    CVE-2021-29653
    HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in 1.5.8, 1.6.4, and 1.7.1.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:36 | 阅读:22 | 回复:0
  • CVE-2021-27400
    CVE漏洞
    CVE-2021-27400
    HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:36 | 阅读:13 | 回复:0
  • CVE-2021-22540
    CVE漏洞
    CVE-2021-22540
    Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an attacker to use an XSS attack via DOM clobbering. The validation logic in dart:html for creating DOM nodes from text did not sani ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:36 | 阅读:22 | 回复:0
  • CVE-2021-27736
    CVE漏洞
    CVE-2021-27736
    FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a forged AuthnRequest or LogoutRequest because parseFromBytes uses javax.xml.parsers.DocumentBuilderFactory unsafely.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:36 | 阅读:25 | 回复:0
  • CVE-2021-3287
    CVE漏洞
    CVE-2021-3287
    Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:36 | 阅读:21 | 回复:0
  • CVE-2021-31555
    CVE漏洞
    CVE-2021-31555
    An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. It did not validate the oarc_version (aka oauth_registered_consumer.oarc_version) parameter's length.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:36 | 阅读:10 | 回复:0
  • CVE-2021-31554
    CVE漏洞
    CVE-2021-31554
    An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It improperly handled account blocks for certain automatically created MediaWiki user accounts, thus allowing nefario ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:36 | 阅读:14 | 回复:0
  • CVE-2021-31553
    CVE漏洞
    CVE-2021-31553
    An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2. MediaWiki usernames with trailing whitespace could be stored in the cu_log database table such that denial of service o ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:36 | 阅读:14 | 回复:0
  • CVE-2021-31552
    CVE漏洞
    CVE-2021-31552
    An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly executed certain rules related to blocking accounts after account creation. Such rules would allow for ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:36 | 阅读:20 | 回复:0
  • CVE-2021-31551
    CVE漏洞
    CVE-2021-31551
    An issue was discovered in the PageForms extension for MediaWiki through 1.35.2. Crafted payloads for Token-related query parameters allowed for XSS on certain PageForms-managed MediaWiki pages.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:36 | 阅读:31 | 回复:0
  • CVE-2021-31550
    CVE漏洞
    CVE-2021-31550
    An issue was discovered in the CommentBox extension for MediaWiki through 1.35.2. Via crafted configuration variables, a malicious actor could introduce XSS payloads into various layers.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:36 | 阅读:34 | 回复:0
  • CVE-2021-31549
    CVE漏洞
    CVE-2021-31549
    An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. The Special:AbuseFilter/examine form allowed for the disclosure of suppressed MediaWiki usernames to unprivileged use ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:36 | 阅读:25 | 回复:0
  • CVE-2021-31548
    CVE漏洞
    CVE-2021-31548
    An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. A MediaWiki user who is partially blocked or was unsuccessfully blocked could bypass AbuseFilter and have their edits ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:36 | 阅读:29 | 回复:0
  • CVE-2021-31547
    CVE漏洞
    CVE-2021-31547
    An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. Its AbuseFilterCheckMatch API reveals suppressed edits and usernames to unprivileged users through the iteration of c ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:36 | 阅读:20 | 回复:0
  • CVE-2021-31546
    CVE漏洞
    CVE-2021-31546
    An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly logged sensitive suppression deletions, which should not have been visible to users with access to vie ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:36 | 阅读:21 | 回复:0
  • CVE-2021-31545
    CVE漏洞
    CVE-2021-31545
    An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. The page_recent_contributors leaked the existence of certain deleted MediaWiki usernames, related to rev_deleted.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:36 | 阅读:34 | 回复:0
  • CVE-2021-29466
    CVE漏洞
    CVE-2021-29466
    Discord-Recon is a bot for the Discord chat service. In versions of Discord-Recon 0.0.3 and prior, a remote attacker is able to read local files from the server that can disclose important information ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:36 | 阅读:21 | 回复:0
  • CVE-2021-29465
    CVE漏洞
    CVE-2021-29465
    Discord-Recon is a bot for the Discord chat service. Versions of Discord-Recon 0.0.3 and prior contain a vulnerability in which a remote attacker is able to overwrite any file on the system with the c ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:36 | 阅读:16 | 回复:0
  • CVE-2021-29467
    CVE漏洞
    CVE-2021-29467
    Wrongthink is an encrypted peer-to-peer chat program. A user could check their fingerprint into the service and enter a script to run arbitrary JavaScript on the site. No workarounds exist, but a patc ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:36 | 阅读:29 | 回复:0
  • CVE-2021-1078
    CVE漏洞
    CVE-2021-1078
    NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel driver (nvlddmkm.sys) where a NULL pointer dereference may lead to system crash.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:36 | 阅读:16 | 回复:0
  • CVE-2021-1077
    CVE漏洞
    CVE-2021-1077
    NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver branch, contains a vulnerability where the software uses a reference count to manage a resource that is incorrectly updated, which ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:36 | 阅读:19 | 回复:0
  • CVE-2021-1076
    CVE漏洞
    CVE-2021-1076
    NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys or nvidia.ko) where improper access control may lead to denial of service ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:36 | 阅读:23 | 回复:0
  • CVE-2021-1075
    CVE漏洞
    CVE-2021-1075
    NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the program dereferences a pointer that co ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:36 | 阅读:25 | 回复:0
  • CVE-2021-1074
    CVE漏洞
    CVE-2021-1074
    NVIDIA GPU Display Driver for Windows installer contains a vulnerability where an attacker with local unprivileged system access may be able to replace an application resource with malicious files. Th ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:36 | 阅读:18 | 回复:0
  • CVE-2020-27569
    CVE漏洞
    CVE-2020-27569
    Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. The VPN service writes logs to a location that is world writable and can be leveraged to gain write access to any file on the syst ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:36 | 阅读:17 | 回复:0
  • CVE-2020-27568
    CVE漏洞
    CVE-2020-27568
    Insecure File Permissions exist in Aviatrix Controller 5.3.1516. Several world writable files and directories were found in the controller resource. Note: All Aviatrix appliances are fully encrypted. ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:36 | 阅读:41 | 回复:0
  • CVE-2021-21427
    CVE漏洞
    CVE-2021-21427
    Magento-lts is a long-term support alternative to Magento Community Edition (CE). A vulnerability in magento-lts versions before 19.4.13 and 20.0.9 potentially allows an administrator unauthorized acc ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:36 | 阅读:38 | 回复:0
  • CVE-2021-21426
    CVE漏洞
    CVE-2021-21426
    Magento-lts is a long-term support alternative to Magento Community Edition (CE). In magento-lts versions 19.4.12 and prior and 20.0.8 and prior, there is a vulnerability caused by the unsecured deser ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:36 | 阅读:22 | 回复:0
  • CVE-2020-36324
    CVE漏洞
    CVE-2020-36324
    Wikimedia Quarry analytics-quarry-web before 2020-12-15 allows Reflected XSS because app.py does not explicitly set the application/json content type.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:36 | 阅读:20 | 回复:0
  • CVE-2021-31523
    CVE漏洞
    CVE-2021-31523
    The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has cap_net_raw enabled for the /usr/libexec/xscreensaver/sonar file, which allows local users to gain privileges because this is arguably ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:36 | 阅读:29 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap