漏洞 - 第847页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-29444

jose-browser-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) dec ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-27394

A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions V7.23.19), Mendix Applications using Mendix 8 (All versions V8.17.0), Mendix Applications using Mendix 8 (V8.1 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-31348

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (out-of-bounds read after a certain strcspn fail ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-31347

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (writing outside a memory region created by mmap ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-29443

jose is an npm library providing a number of cryptographic operations. In vulnerable versions AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-26830

SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin librar ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：19 | 回复：0
CVE漏洞

CVE-2020-9681

Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to rewrite the file of the administrator, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：17 | 回复：0
CVE漏洞

CVE-2020-9668

Adobe Genuine Service version 6.6 (and earlier) is affected by an Improper Access control vulnerability when handling symbolic links. An unauthenticated attacker could exploit this to elevate privileg ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：20 | 回复：0
CVE漏洞

CVE-2020-9667

Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker with admin privileges could plant custom binaries and execut ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-20491

IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based buffer overflow caused by improper bounds checking during the parsing of commands. By issuing such a command with an improper parame ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-22539

An attacker can place a crafted JSON config file into the project folder pointing to a custom executable. VScode-bazel allows the workspace path to lint *.bzl files to be set via this config file. As ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-31414

The unofficial vscode-rpm-spec extension before 0.3.2 for Visual Studio Code allows remote code execution via a crafted workspace configuration.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-26074

Broken Authentication in Atlassian Connect Spring Boot (ACSB) from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-26073

Broken Authentication in Atlassian Connect Express (ACE) from version 3.0.2 before version 6.6.0: Atlassian Connect Express is a Node.js package for building Atlassian Connect apps. Authentication bet ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：36 | 回复：0
CVE漏洞

CVE-2018-19942

A cross-site scripting (XSS) vulnerability has been reported to affect earlier versions of File Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have alre ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：62 | 回复：0
CVE漏洞

CVE-2021-27692

Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted action/umountUSB ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-27691

Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_ ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-29450

Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. Thi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-21405

Lotus is an Implementation of the Filecoin protocol written in Go. BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms: serialized, a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-29447

Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-29432

Sydent is a reference matrix identity server. A malicious user could abuse Sydent to send out arbitrary emails from the Sydent email address. This could be used to construct plausible phishing emails, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-29431

Sydent is a reference Matrix identity server. Sydent can be induced to send HTTP GET requests to internal systems, due to lack of parameter validation or IP address blacklisting. It is not possible to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-29430

Sydent is a reference Matrix identity server. Sydent does not limit the size of requests it receives from HTTP clients. A malicious user could send an HTTP request with a very large body, leading to m ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-30245

The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-http(s) hyperlinks. The problem has existed since about 2006 and the issue is also in 4.1.9. If the link ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-31402

The dio package 4.0.0 for Dart allows CRLF injection if the attacker controls the HTTP method string, a different vulnerability than CVE-2020-35669.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-28055

An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：11 | 回复：0
CVE漏洞

CVE-2020-28898

In QED ResourceXpress through 4.9k, a large numeric or alphanumeric value submitted in specific URL parameters causes a server error in script execution due to insufficient input validation.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-29433

Sydent is a reference Matrix identity server. In Sydent versions 2.2.0 and prior, sissing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause exces ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-26582

A security vulnerability in HPE IceWall SSO Domain Gateway Option (Dgfw) module version 10.0 on RHEL 5/6/7, version 10.0 on HP-UX 11i v3, version 10.0 on Windows and 11.0 on Windows could be exploited ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-3243

Wfilter ICF 5.0.117 contains a cross-site scripting (XSS) vulnerability. An attacker in the same LAN can craft a packet with a malicious User-Agent header to inject a payload in its logs, where an att ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-30138

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-29448

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. The Stored XSS exists in the Pi-hole Admin portal, which can be exploited by the malicious actor with the netw ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：5 | 回复：0
CVE漏洞

CVE-2021-27112

LightCMS v1.3.5 contains a remote code execution vulnerability in /app/Http/Controllers/Admin/NEditorController.php during the downloading of external images.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-31229

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd() performs incorrect memory handling while parsing crafted XML files, which leads to an out-of-bounds write of a o ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-20288

An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker w ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-3487

There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-30209

Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded in the background without any security verification, which may lead to obtaining system permissions.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-28549

Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted JSX file. An unauthenticated attacker could levera ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-28548

Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted JSX file. An unauthenticated attacker could levera ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-28242

SQL Injection in the evoadm.php component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database information by injecting SQL commands into the cf_name parameter when creati ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:35 | 阅读：15 | 回复：0