漏洞 - 第845页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-21526

Dell PowerScale OneFS 8.1.0 - 9.1.0 contains a privilege escalation in SmartLock compliance mode that may allow compadmin to execute arbitrary commands as root.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：23 | 回复：0
CVE漏洞

CVE-2020-26197

Dell PowerScale OneFS 8.1.0 - 9.1.0 contains an LDAP Provider inability to connect over TLSv1.2 vulnerability. It may make it easier to eavesdrop and decrypt such traffic for a malicious actor. Note: ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-30496

The Telegram app 7.6.2 for iOS allows remote authenticated users to cause a denial of service (application crash) if the victim pastes an attacker-supplied message (e.g., in the Persian language) into ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-29155

An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spec ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-28492

Unisys Stealth (core) 5.x before 5.0.048.0, 5.1.x before 5.1.017.0, and 6.x before 6.0.037.0 stores passwords in a recoverable format.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-28156

HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit log can be bypassed by specifically crafted HTTP events. Fixed in 1.9.5, and 1.8.10.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-1079

NVIDIA GeForce Experience, all versions prior to 3.22, contains a vulnerability in GameStream plugins where log files are created using NT/System level permissions, which may lead to code execution, d ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：15 | 回复：0
CVE漏洞

CVE-2020-25864

HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value (KV) raw mode was vulnerable to cross-site scripting. Fixed in 1.9.5, 1.8.10 and 1.7.14.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：8 | 回复：0
CVE漏洞

CVE-2020-14105

The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI 2020.01.15.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-28793

vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：10 | 回复：0
CVE漏洞

CVE-2020-7856

A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient authentication validation.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-25681

** UNSUPPORTED WHEN ASSIGNED ** AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. This could allow for exposed AdTran Personal Phon ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-25680

** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and bel ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-25679

** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 an ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-20453

IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-20023

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-3038

A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that result ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-3037

An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-3036

An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the API ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-3035

An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlie ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-3506

An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain acces ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-27458

If Ethernet communication of the JTEKT Corporation TOYOPUC product series’ (TOYOPUC-PC10 Series: PC10G-CPU TCC-6353: All versions, PC10GE TCC-6464: All versions, PC10P TCC-6372: All versions, PC10P-D ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-20208

A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vuln ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-3505

A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algor ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-3498

GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-3497

GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：9 | 回复：0
CVE漏洞

CVE-2020-27241

An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The serialnumber parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injectio ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：15 | 回复：0
CVE漏洞

CVE-2020-27240

An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The componentStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injec ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-30199

In filters/reframe_latm.c in GPAC 1.0.1 there is a Null Pointer Dereference, when gf_filter_pck_get_data is called. The first arg pck may be null with a crafted mp4 file,which results in a crash.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-30022

There is a integer overflow in media_tools/av_parsers.c in the gf_avc_read_pps_bs_internal in GPAC 1.0.1. pps_id may be a negative number, so it will not return. However, avc-pps only has 255 unit, so ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-30020

In the function gf_hevc_read_pps_bs_internal function in media_tools/av_parsers.c in GPAC 1.0.1 there is a loop, which with crafted file, pps-num_tile_columns may be larger than sizeof(pps-column_widt ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-30019

In the adts_dmx_process function in filters/reframe_adts.c in GPAC 1.0.1, a crafted file may cause ctx-hdr.frame_size to be smaller than ctx-hdr.hdr_size, resulting in size to be a negative number and ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-30015

There is a Null Pointer Dereference in function filter_core/filter_pck.c:gf_filter_pck_new_alloc_internal in GPAC 1.0.1. The pid comes from function av1dmx_parse_flush_sample, the ctx.opid maybe NULL. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-30014

There is a integer overflow in media_tools/av_parsers.c in the hevc_parse_slice_segment function in GPAC 1.0.1 which results in a crash.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-29279

There is a integer overflow in function filter_core/filter_props.c:gf_props_assign_value in GPAC 1.0.1. In which, the arg const GF_PropertyValue *value,maybe value-value.data.size is a negative number ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-31262

The AV1_DuplicateConfig function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-31261

The gf_hinter_track_new function in GPAC 1.0.1 allows attackers to read memory via a crafted file in the MP4Box command.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-31260

The MergeTrack function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-31259

The gf_isom_cenc_get_default_info_internal function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-31258

The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：15 | 回复：0