漏洞 - 第850页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2020-29592

An issue was discovered in Orchard before 1.10. A broken access control issue in Orchard components that use the TinyMCE HTML editor's file upload allows an attacker to upload dangerous executable ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-31152

Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request forgery (CSRF) vulnerability. An attacker can enable remote access, change passwords, and perform other actions through misconfig ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：5 | 回复：0
CVE漏洞

CVE-2021-29338

Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option -ImgDir on a directo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-28300

NULL Pointer Dereference in the isomedia/track.c module's MergeTrack() function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial-of-Service (DoS) by uploading a maliciou ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-27990

Appspace 6.2.4 is vulnerable to a broken authentication mechanism where pages such as /medianet/mail.aspx can be called directly and the framework is exposed with layouts, menus and functionalities.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-27815

NULL Pointer Deference in the exif command line tool, when printing out XML formatted EXIF data, in exif v0.6.22 and earlier allows attackers to cause a Denial of Service (DoS) by uploading a maliciou ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-27288

Cross Site Scripting (XSS) in X2Engine X2CRM v7.1 allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the Comment field in /profile/activity page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-27114

An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/addassignment route, a very long text entry for the's_ip and s_mac fields could lead to a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-27113

An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/addRouting route. This could ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-26832

Cross Site Scripting (XSS) in the Reset Password page form of Priority Enterprise Management System v8.00 allows attackers to execute javascript on behalf of the victim by sending a malicious URL or d ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-26827

Buffer Overflow in TP-Link WR2041 v1 firmware for the TL-WR2041+ router allows remote attackers to cause a Denial-of-Service (DoS) by sending an HTTP request with a very long ssid parameter to the /us ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-26812

Cross Site Scripting (XSS) in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the sessionpriv.php module. This allows attackers to craft a malicious URL, which when clicked on by users, can inj ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-26805

Buffer Overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a malicious WAV file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：21 | 回复：0
CVE漏洞

CVE-2020-36120

Buffer Overflow in the sixel_encoder_encode_bytes function of Libsixel v1.8.6 allows attackers to cause a Denial of Service (DoS).……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：17 | 回复：0
CVE漏洞

CVE-2020-21088

Cross Site Scripting (XSS) in X2engine X2CRM v7.1 and older allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the First Name and Last Name fields in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：21 | 回复：0
CVE漏洞

CVE-2020-21087

Cross Site Scripting (XSS) in X2Engine X2CRM v6.9 and older allows remote attackers to execute arbitrary code by injecting arbitrary web script or HTML via the New Name field of the Rename a Module to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：16 | 回复：0
CVE漏洞

CVE-2020-19778

Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote attackers to gain privileges in /index.php by manipulating the parameter user_id in the HTML request.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-22879

Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-27989

Appspace 6.2.4 is vulnerable to stored cross-site scripting (XSS) in multiple parameters within /medianet/sgcontentset.aspx.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：5 | 回复：0
CVE漏洞

CVE-2021-25316

A Insecure Temporary File vulnerability in s390-tools of SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-SP2 allows local attackers to prevent VM live migrations This issue affect ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-28797

A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：5 | 回复：0
CVE漏洞

CVE-2021-31162

In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：14 | 回复：0
CVE漏洞

CVE-2020-36323

In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes af ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：9 | 回复：0
CVE漏洞

CVE-2018-25008

In the standard library in Rust before 1.29.0, there is weak synchronization in the Arc::get_mut method. This synchronization issue can be lead to memory safety issues through race conditions.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：23 | 回复：0
CVE漏洞

CVE-2017-20004

In the standard library in Rust before 1.19.0, there is a synchronization problem in the MutexGuard object. MutexGuards can be used across threads with any types, allowing for memory safety issues thr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：22 | 回复：0
CVE漏洞

CVE-2020-36322

An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-24028

An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift pr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-29370

A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. This resulted in Cross-site scripting on the cheetah browser in any website ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-3473

An internal product security audit of Lenovo XClarity Controller (XCC) discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Adm ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-3471

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-3463

A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-3462

A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-3460

The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：17 | 回复：0
CVE漏洞

CVE-2020-8415

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：11 | 回复：0
CVE漏洞

CVE-2020-8414

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：8 | 回复：0
CVE漏洞

CVE-2020-8413

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：6 | 回复：0
CVE漏洞

CVE-2020-8412

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：17 | 回复：0
CVE漏洞

CVE-2020-8411

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：7 | 回复：0
CVE漏洞

CVE-2020-8410

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：5 | 回复：0
CVE漏洞

CVE-2020-8409

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:33 | 阅读：7 | 回复：0