漏洞 - 第863页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-1362

A vulnerability in the SOAP API endpoint of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM amp; Presence ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：5 | 回复：0
CVE漏洞

CVE-2021-1309

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：4 | 回复：0
CVE漏洞

CVE-2021-1308

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-1251

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-1137

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileg ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-30457

An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in remove_set upon a panic in a Drop impl.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-30456

An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in get_or_insert upon a panic of a user-provided f function.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-30455

An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in IdMap::clone_from upon a .clone panic.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-30454

An issue was discovered in the outer_cgi crate before 0.2.1 for Rust. A user-provided Read instance receives an uninitialized memory buffer from KeyValueReader.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-29641

Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-30246

In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid. NOTE: there is no known practical attack.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-26758

Privilege Escalation in LiteSpeed Technologies OpenLiteSpeed web server version 1.7.8 allows attackers to gain root terminal access and execute commands on the host system.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：61 | 回复：0
CVE漏洞

CVE-2020-36316

In RELIC before 2021-04-03, there is a buffer overflow in PKCS#1 v1.5 signature verification because garbage bytes can be present.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：18 | 回复：0
CVE漏洞

CVE-2020-36315

In RELIC before 2020-08-01, RSA PKCS#1 v1.5 signature forgery can occur because certain checks of the padding (and of the first two bytes) are inadequate. NOTE: this requires that a low public exponen ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-30123

FFmpeg =4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：12 | 回复：0
CVE漏洞

CVE-2013-1055

The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an act ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：16 | 回复：0
CVE漏洞

CVE-2013-1054

The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initializ ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-28166

In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-21425

Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of admin ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：18 | 回复：0
CVE漏洞

CVE-2020-24140

Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. It can help identif ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：20 | 回复：0
CVE漏洞

CVE-2020-24139

Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：17 | 回复：0
CVE漏洞

CVE-2020-24137

Directory traversal vulnerability in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the path parameter to wex/cssjs.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：15 | 回复：0
CVE漏洞

CVE-2020-24135

A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Wcms 0.3.2, which allows remote attackers to inject arbitrary web script and HTML via the type parameter to wex/cssjs.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-29627

In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13.0-RC4 before p0, and 12.2-RELEASE before p6, listening socket accept filters implementing the accf_create callback incorrectly fre ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-29626

In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11.4-STABLE before r369559, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, copy-on-write logic failed to inv ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-28927

The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers w ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：10 | 回复：0
CVE漏洞

CVE-2020-25584

In FreeBSD 13.0-STABLE before n245118, 12.2-STABLE before r369552, 11.4-STABLE before r369560, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, a superuser inside a FreeBSD jail ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：20 | 回复：0
CVE漏洞

CVE-2020-24138

Cross Site Scripting (XSS) vulnerability in wcms 0.3.2 allows remote attackers to inject arbitrary web script and HTML via the pagename parameter to wex/html.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：17 | 回复：0
CVE漏洞

CVE-2020-24136

Directory traversal in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the pagename parameter to wex/html.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-30185

CERN Indico before 2.3.4 can use an attacker-supplied Host header in a password reset link.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：50 | 回复：0
CVE漏洞

CVE-2021-21641

A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-21640

Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not properly check that a newly created view has an allowed name, allowing attackers with View/Create permission to create views with invalid or ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-21639

Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate the type of object created after loading the data submitted to the `config.xml` REST API endpoint of a node, allowing attackers wit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-30184

GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmd_pgnloa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：7 | 回复：0
CVE漏洞

CVE-2020-36314

fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's pa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-30177

There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-26709

** UNSUPPORTED WHEN ASSIGNED ** D-Link DSL-320B-D1 devices through EU_1.25 are prone to multiple Stack-Based Buffer Overflows that allow unauthenticated remote attackers to take over a device via the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-20692

Directory traversal vulnerability in Archive collectively operation utility Ver.2.10.1.0 and earlier allows an attacker to create or overwrite files by leading a user to expand a malicious ZIP archive ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-20691

Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbitrary script via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：5 | 回复：0
CVE漏洞

CVE-2021-20690

Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbitrary script via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：13 | 回复：0