漏洞 - 第844页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-29456

Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on (SSO) for your applications via a web portal. In versions 4.27.4 and earlier, ut ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：26 | 回复：0
CVE漏洞

CVE-2020-28973

The ABUS Secvest wireless alarm system FUAA50000 (v3.01.17) fails to properly authenticate some requests to its built-in HTTPS interface. Someone can use this vulnerability to obtain sensitive informa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-28167

In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. This allows a user to call static met ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：25 | 回复：0
CVE漏洞

CVE-2020-23932

An issue was discovered in gpac before 1.0.1. A NULL pointer dereference exists in the function dump_isom_sdp located in filedump.c. It allows an attacker to cause Denial of Service.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：20 | 回复：0
CVE漏洞

CVE-2020-23931

An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：15 | 回复：0
CVE漏洞

CVE-2020-23930

An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function nhmldump_send_header located in write_nhml.c. It allows an attacker to cause Denial of Service.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：14 | 回复：0
CVE漏洞

CVE-2020-23928

An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：10 | 回复：0
CVE漏洞

CVE-2020-23922

An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：16 | 回复：0
CVE漏洞

CVE-2020-23921

An issue was discovered in fast_ber through v0.4. yy::yylex() in asn_compiler.hpp has a heap-based buffer over-read.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：20 | 回复：0
CVE漏洞

CVE-2020-23915

An issue was discovered in cpp-peglib through v0.1.12. peg::resolve_escape_sequence() in peglib.h has a heap-based buffer over-read.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：28 | 回复：0
CVE漏洞

CVE-2020-23914

An issue was discovered in cpp-peglib through v0.1.12. A NULL pointer dereference exists in the peg::AstOptimizer::optimize() located in peglib.h. It allows an attacker to cause Denial of Service.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：15 | 回复：0
CVE漏洞

CVE-2020-23912

An issue was discovered in Bento4 through v1.6.0-637. A NULL pointer dereference exists in the function AP4_StszAtom::GetSampleSize() located in Ap4StszAtom.cpp. It allows an attacker to cause Denial ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：20 | 回复：0
CVE漏洞

CVE-2020-23907

An issue was discovered in retdec v3.3. In function canSplitFunctionOn() of ir_modifications.cpp, there is a possible out of bounds read due to a heap buffer overflow. The impact is: Deny of Service, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-31329

Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Chat and Personal Address field on staff/register.php……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-31327

Stored XSS in Remote Clinic v2.0 in /medicines due to Medicine Name Field.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-30139

In Alpine Linux apk-tools before 2.12.5, the tarball parser allows a buffer overflow and crash.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-30031

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：23 | 回复：0
CVE漏洞

CVE-2020-35982

An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function gf_hinter_track_finalize() in media_tools/isom_hinter.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：21 | 回复：0
CVE漏洞

CVE-2020-35981

An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function SetupWriters() in isomedia/isom_store.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：18 | 回复：0
CVE漏洞

CVE-2020-35980

An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a use-after-free in the function gf_isom_box_del() in isomedia/box_funcs.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：20 | 回复：0
CVE漏洞

CVE-2020-35979

An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap-based buffer overflow in the function gp_rtp_builder_do_avc() in ietf/rtp_pck_mpeg4.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-21647

Jenkins CloudBees CD Plugin 1.1.21 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Item/Read permission to schedule builds of projects without having Item/ ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-21646

Jenkins Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using Script Security Plugin, allowing attackers with Job/Configure permission to execute arbitrary code i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-21645

Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several HTTP endpoints, attackers with Overall/Read permission to enumerate configuration file IDs.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-21644

A cross-site request forgery (CSRF) vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:36 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-21643

Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate syste ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-21642

Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-20501

IBM i 7.1, 7.2, 7.3, and 7.4 SMTP allows a network attacker to send emails to non-existent local-domain recipients to the SMTP server, caused by using a non-default configuration. An attacker could ex ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-20454

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to ex ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-28965

The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and seria ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-29462

The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-29461

Discord Recon Server is a bot that allows one to do one's reconnaissance process from one's Discord. A vulnerability in Discord Recon Server prior to 0.0.3 could be exploited to read internal ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：17 | 回复：0
CVE漏洞

CVE-2020-7857

A vulnerability of XPlatform could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient validation of improper classes. This issue affects: Tob ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：8 | 回复：0
CVE漏洞

CVE-2020-35314

A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：7 | 回复：0
CVE漏洞

CVE-2020-35313

A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-30464

OMICRON StationGuard before 1.10 allows remote attackers to cause a denial of service (connectivity outage) via crafted tcp/20499 packets to the CTRL Ethernet port.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-29459

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible to persistently inject scripts in XWiki versions prior to 12.6.3 and 12.8. Unreg ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-28829

The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-28828

The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-28827

The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：16 | 回复：0