漏洞 - 第865页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2020-36309

ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：5 | 回复：0
CVE漏洞

CVE-2021-24027

A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device’s external storage to read c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-24026

A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.3 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-20334

A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass. This is ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-30146

Seafile 7.0.5 (2019) allows Persistent XSS via the share of library functionality.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-30140

LiquidFiles 3.4.15 has stored XSS through the send email functionality when sending a file via email to an administrator. When a file has no extension and contains malicious HTML / JavaScript content ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-29424

The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass acc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-29136

Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when umoci unpack or umoci raw unpack is used.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：5 | 回复：0
CVE漏洞

CVE-2021-26833

Cleartext Storage in a File or on Disk in TimelyBills = 1.7.0 for iOS and versions = 1.21.115 for Android allows attacker who can locally read user's files obtain JWT tokens for user's account ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：13 | 回复：0
CVE漏洞

CVE-2020-36285

Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：17 | 回复：0
CVE漏洞

CVE-2020-36284

Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile app ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：16 | 回复：0
CVE漏洞

CVE-2020-23533

Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-30130

phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-28658

In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-28142

CITSmart before 9.1.2.28 mishandles the filtro de autocomplete.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-30046

VIGRA Computer Vision Library Version-1-11-1 contains a segmentation fault vulnerability in the impex.hxx read_image_band() function, in which a crafted file can cause a denial of service.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-30045

SerenityOS 2021-03-27 contains a buffer overflow vulnerability in the EndOfCentralDirectory::read() function.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-28874

SerenityOS fixed as of c9f25bca048443e317f1994ba9b106f2386688c3 contains a buffer overflow vulnerability in LibTextCode through opening a crafted file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-28075

iKuaiOS 3.4.8 Build 202012291059 has an arbitrary file download vulnerability, which can be exploited by attackers to obtain sensitive information.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-27698

RIOT-OS 2021.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c through the _parse_options() function.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-27697

RIOT-OS 2021.01 contains a buffer overflow vulnerability in sys/net/gnrc/routing/rpl/gnrc_rpl_validation.c through the gnrc_rpl_validation_options() function.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-27357

RIOT-OS 2020.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-27343

SerenityOS Unspecified is affected by: Buffer Overflow. The impact is: obtain sensitive information (context-dependent). The component is: /Userland/Libraries/LibCrypto/ASN1/DER.h Crypto::der_decode_s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-28173

The file upload function of Vangene deltaFlow E-platform does not perform access controlled properly. Remote attackers can upload and execute arbitrary files without login.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-28172

There is a Path Traversal vulnerability in the file download function of Vangene deltaFlow E-platform. Remote attackers can access credential data with this leakage.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：5 | 回复：0
CVE漏洞

CVE-2021-28171

The Vangene deltaFlow E-platform does not take properly protective measures. Attackers can obtain privileged permissions remotely by tampering with users’ data in the Cookie.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-30164

Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-30163

Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-30162

An issue was discovered on LG mobile devices with Android OS 4.4 through 11 software. Attackers can leverage ISMS services to bypass access control on specific content providers. The LG ID is LVE-SMP- ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-30161

An issue was discovered on LG mobile devices with Android OS 11 software. Attackers can bypass the lockscreen protection mechanism after an incoming call has been terminated. The LG ID is LVE-SMP-2100 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：10 | 回复：0
CVE漏洞

CVE-2020-36308

Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：13 | 回复：0
CVE漏洞

CVE-2020-36307

Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：10 | 回复：0
CVE漏洞

CVE-2020-36306

Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：10 | 回复：0
CVE漏洞

CVE-2019-25026

Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-30158

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user mig ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-30157

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-fil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-30154

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On Special:NewFiles, all the mediastatistics-header-* messages are output in HTML unescaped, leading to XSS ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-30151

Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-30150

Composr 10.0.36 allows XSS in an XML script.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-30149

Composr 10.0.36 allows upload and execution of PHP files.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：5 | 回复：0