• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号
登陆 注册
描述文字
OGeek|极客世界-中国程序员成长平台 门户 漏洞

漏洞

RSS

下级分类:

  • CVE-2021-31257
    CVE漏洞
    CVE-2021-31257
    The HintFile function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:18 | 回复:0
  • CVE-2021-31256
    CVE漏洞
    CVE-2021-31256
    Memory leak in the stbl_GetSampleInfos function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:15 | 回复:0
  • CVE-2021-31255
    CVE漏洞
    CVE-2021-31255
    Buffer overflow in the abst_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:13 | 回复:0
  • CVE-2021-31254
    CVE漏洞
    CVE-2021-31254
    Buffer overflow in the tenc_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file, related invalid IV sizes.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:11 | 回复:0
  • CVE-2021-29458
    CVE漏洞
    CVE-2021-29458
    Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The ou ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:12 | 回复:0
  • CVE-2021-29457
    CVE漏洞
    CVE-2021-29457
    Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The h ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:16 | 回复:0
  • CVE-2021-29455
    CVE漏洞
    CVE-2021-29455
    Grassroot Platform is an application to make it faster, cheaper and easier to persistently organize and mobilize people in low-income communities. Grassroot Platform before master deployment as of 202 ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:6 | 回复:0
  • CVE-2021-29453
    CVE漏洞
    CVE-2021-29453
    matrix-media-repo is an open-source multi-domain media repository for Matrix. Versions 1.2.6 and earlier of matrix-media-repo do not properly handle malicious images which are crafted to be small in f ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:17 | 回复:0
  • CVE-2021-29434
    CVE漏洞
    CVE-2021-29434
    Wagtail is a Django content management system. In affected versions of Wagtail, when saving the contents of a rich text field in the admin interface, Wagtail does not apply server-side checks to ensur ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:13 | 回复:0
  • CVE-2021-20527
    CVE漏洞
    CVE-2021-20527
    IBM Resilient SOAR V38.0 could allow a privileged user to create create malicious scripts that could be executed as another user. IBM X-Force ID: 198759.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:25 | 回复:0
  • CVE-2021-27031
    CVE漏洞
    CVE-2021-27031
    A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in FBX's Review causing the application to reference a memory location controlled by an una ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:28 | 回复:0
  • CVE-2021-27030
    CVE漏洞
    CVE-2021-27030
    A user may be tricked into opening a malicious FBX file which may exploit a Directory Traversal Remote Code Execution vulnerability in FBX’s Review causing it to run arbitrary code on the system.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:8 | 回复:0
  • CVE-2021-27029
    CVE漏洞
    CVE-2021-27029
    The user may be tricked into opening a malicious FBX file which may exploit a Null Pointer Dereference vulnerability in FBX's Review version 1.5.0 and prior causing the application to crash leadin ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:16 | 回复:0
  • CVE-2021-27028
    CVE漏洞
    CVE-2021-27028
    A Memory Corruption Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to remote code execution through maliciously crafted DLL files.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:17 | 回复:0
  • CVE-2021-27027
    CVE漏洞
    CVE-2021-27027
    An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to code execution through maliciously crafted DLL files or information disclosure.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:28 | 回复:0
  • CVE-2020-28141
    CVE漏洞
    CVE-2020-28141
    The messaging subsystem in the Online Discussion Forum 1.0 is vulnerable to XSS in the message body. An authenticated user can send messages to arbitrary users on the system that include javascript th ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:25 | 回复:0
  • CVE-2021-21981
    CVE漏洞
    CVE-2021-21981
    VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment. Successful exploitation of this issue may allow attackers with local g ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:18 | 回复:0
  • CVE-2021-20992
    CVE漏洞
    CVE-2021-20992
    In Fibaro Home Center 2 and Lite devices in all versions provide a web based management interface over unencrypted HTTP protocol. Communication between the user and the device can be eavesdropped to h ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:16 | 回复:0
  • CVE-2021-20991
    CVE漏洞
    CVE-2021-20991
    In Fibaro Home Center 2 and Lite devices with firmware version 4.540 and older an authenticated user can run commands as root user using a command injection vulnerability.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:14 | 回复:0
  • CVE-2021-20990
    CVE漏洞
    CVE-2021-20990
    In Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older an internal management service is accessible on port 8000 and some API endpoints could be accessed without authentication ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:35 | 回复:0
  • CVE-2021-20989
    CVE漏洞
    CVE-2021-20989
    Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older initiate SSH connections to the Fibaro cloud to provide remote access and remote support capabilities. This connection can b ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:17 | 回复:0
  • CVE-2021-21070
    CVE漏洞
    CVE-2021-21070
    Adobe Robohelp version 2020.0.3 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. An attacker with admin permissions to write to t ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:23 | 回复:0
  • CVE-2020-7851
    CVE漏洞
    CVE-2020-7851
    Innorix Web-Based File Transfer Solution versuibs prior to and including 9.2.18.385 contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:26 | 回复:0
  • CVE-2021-29399
    CVE漏洞
    CVE-2021-29399
    XMB is vulnerable to cross-site scripting (XSS) due to inadequate filtering of BBCode input. This bug affects all versions of XMB. All XMB installations must be updated to versions 1.9.12.03 or 1.9.11 ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:17 | 回复:0
  • CVE-2021-23381
    CVE漏洞
    CVE-2021-23381
    This affects all versions of package killing. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec fun ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:11 | 回复:0
  • CVE-2021-23380
    CVE漏洞
    CVE-2021-23380
    This affects all versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker to exec ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:25 | 回复:0
  • CVE-2021-23379
    CVE漏洞
    CVE-2021-23379
    This affects all versions of package portkiller. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exe ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:28 | 回复:0
  • CVE-2021-23378
    CVE漏洞
    CVE-2021-23378
    This affects all versions of package picotts. If attacker-controlled user input is given to the say function, it is possible for an attacker to execute arbitrary commands. This is due to use of the ch ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:24 | 回复:0
  • CVE-2021-23377
    CVE漏洞
    CVE-2021-23377
    This affects all versions of package onion-oled-js. If attacker-controlled user input is given to the scroll function, it is possible for an attacker to execute arbitrary commands. This is due to use ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:20 | 回复:0
  • CVE-2021-23376
    CVE漏洞
    CVE-2021-23376
    This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:20 | 回复:0
  • CVE-2021-23375
    CVE漏洞
    CVE-2021-23375
    This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the ch ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:22 | 回复:0
  • CVE-2021-23374
    CVE漏洞
    CVE-2021-23374
    This affects all versions of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of th ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:41 | 回复:0
  • CVE-2021-3493
    CVE漏洞
    CVE-2021-3493
    The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combinatio ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:32 | 回复:0
  • CVE-2021-3492
    CVE漏洞
    CVE-2021-3492
    Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situ ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:13 | 回复:0
  • CVE-2020-36195
    CVE漏洞
    CVE-2020-36195
    An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain applicat ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:10 | 回复:0
  • CVE-2020-2509
    CVE漏洞
    CVE-2020-2509
    A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:6 | 回复:0
  • CVE-2021-29452
    CVE漏洞
    CVE-2021-29452
    a12n-server is an npm package which aims to provide a simple authentication system. A new HAL-Form was added to allow editing users in version 0.18.0. This feature should only have been accessible to ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:22 | 回复:0
  • CVE-2021-29451
    CVE漏洞
    CVE-2021-29451
    Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patch ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:4 | 回复:0
  • CVE-2021-29446
    CVE漏洞
    CVE-2021-29446
    jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) de ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:26 | 回复:0
  • CVE-2021-29445
    CVE漏洞
    CVE-2021-29445
    jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) de ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:35 | 阅读:26 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap