漏洞 - 第896页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2020-36215

An issue was discovered in the hashconsing crate before 1.1.0 for Rust. Because HConsed does not have bounds on its Send trait or Sync trait, memory corruption can occur.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：25 | 回复：0
CVE漏洞

CVE-2020-36214

An issue was discovered in the multiqueue2 crate before 0.1.7 for Rust. Because a non-Send type can be sent to a different thread, a data race can occur.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：34 | 回复：0
CVE漏洞

CVE-2020-36213

An issue was discovered in the abi_stable crate before 0.9.1 for Rust. A retain call can create an invalid UTF-8 string, violating soundness.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：15 | 回复：0
CVE漏洞

CVE-2020-36212

An issue was discovered in the abi_stable crate before 0.9.1 for Rust. DrainFilter lacks soundness because of a double drop.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：26 | 回复：0
CVE漏洞

CVE-2020-36211

An issue was discovered in the gfwx crate before 0.3.0 for Rust. Because ImageChunkMut does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：25 | 回复：0
CVE漏洞

CVE-2020-36210

An issue was discovered in the autorand crate before 0.2.3 for Rust. Because of impl Random on arrays, uninitialized memory can be dropped when a panic occurs, leading to memory corruption.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：21 | 回复：0
CVE漏洞

CVE-2020-36209

An issue was discovered in the late-static crate before 0.4.0 for Rust. Because Sync is implemented for LateStatic with T: Send, a data race can occur.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：10 | 回复：0
CVE漏洞

CVE-2020-36208

An issue was discovered in the conquer-once crate before 0.3.2 for Rust. Thread crossing can occur for a non-Send but Sync type, leading to memory corruption.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：30 | 回复：0
CVE漏洞

CVE-2020-36207

An issue was discovered in the aovec crate through 2020-12-10 for Rust. Because AovecT does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：20 | 回复：0
CVE漏洞

CVE-2020-36206

An issue was discovered in the rusb crate before 0.7.0 for Rust. Because of a lack of Send and Sync bounds, a data race and memory corruption can occur.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：11 | 回复：0
CVE漏洞

CVE-2020-36205

An issue was discovered in the xcb crate through 2020-12-10 for Rust. base::Error does not have soundness. Because of the public ptr field, a use-after-free or double-free can occur.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：16 | 回复：0
CVE漏洞

CVE-2020-36204

An issue was discovered in the im crate through 2020-11-09 for Rust. Because TreeFocus does not have bounds on its Send trait or Sync trait, a data race can occur.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：21 | 回复：0
CVE漏洞

CVE-2020-36203

An issue was discovered in the reffers crate through 2020-12-01 for Rust. ARefss can contain a !Send,!Sync object, leading to a data race and memory corruption.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：13 | 回复：0
CVE漏洞

CVE-2020-36202

An issue was discovered in the async-h1 crate before 2.3.0 for Rust. Request smuggling can occur when used behind a reverse proxy.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：19 | 回复：0
CVE漏洞

CVE-2020-36201

An issue was discovered in certain Xerox WorkCentre products. They do not properly encrypt passwords. This affects 3655, 3655i, 58XX, 58XXi 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi 78XX, 78XXi, 7970, 797 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：14 | 回复：0
CVE漏洞

CVE-2020-36200

TinyCheck before commits 9fd360d and ea53de8 allowed an authenticated attacker to send an HTTP GET request to the crafted URLs.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：22 | 回复：0
CVE漏洞

CVE-2020-36199

TinyCheck before commits 9fd360d and ea53de8 was vulnerable to command injection due to insufficient checks of input parameters in several places.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：12 | 回复：0
CVE漏洞

CVE-2020-36011

A cross-site scripting (XSS) issue in Add Patient Form in QDOCS Smart Hospital Management System 3.1 allows a remote attacker to inject arbitrary code via the Name, Guardian Name, Email, Address, Rema ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：12 | 回复：0
CVE漏洞

CVE-2020-35854

Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Body parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：30 | 回复：0
CVE漏洞

CVE-2020-35853

4images Image Gallery Management System 1.7.11 is affected by cross-site scripting (XSS) in the Image URL. This vulnerability can result in an attacker to inject the XSS payload into the IMAGE URL. Ea ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：14 | 回复：0
CVE漏洞

CVE-2020-35845

FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0x96cf.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：12 | 回复：0
CVE漏洞

CVE-2020-35844

FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0xbe9c4.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：13 | 回复：0
CVE漏洞

CVE-2020-35843

FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0x956e.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：24 | 回复：0
CVE漏洞

CVE-2020-35753

The job posting recommendation form in Persis Human Resource Management Portal (Versions 17.2.00 through 17.2.35 and 19.0.00 through 19.0.20), when the Recommend job posting function is enabled, allow ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：13 | 回复：0
CVE漏洞

CVE-2020-35576

A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metachar ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：19 | 回复：0
CVE漏洞

CVE-2020-35513

A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if bo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：14 | 回复：0
CVE漏洞

CVE-2020-35310

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none NOTE: This is disputed by the vendor; We have no records of contact with the original reporter, and have not been able to reproduce any ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：18 | 回复：0
CVE漏洞

CVE-2020-35309

Bakeshop Online Ordering System in PHP/MySQLi 1.0 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML in admin dashboard - Categories.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：22 | 回复：0
CVE漏洞

CVE-2020-35270

Student Result Management System In PHP With Source Code is affected by SQL injection. An attacker can able to access of Admin Panel and manage every account of Result.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：22 | 回复：0
CVE漏洞

CVE-2020-35263

EgavilanMedia User Registration Login System 1.0 is affected by SQL injection to the admin panel, which may allow arbitrary code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：24 | 回复：0
CVE漏洞

CVE-2020-35239

A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The CsrfProtectionMiddleware component allows method override parameters to bypass CSRF checks by changing the HTTP request method to an ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：21 | 回复：0
CVE漏洞

CVE-2020-29443

ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：34 | 回复：0
CVE漏洞

CVE-2020-29241

Online News Portal using PHP/MySQLi 1.0 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML via the Title parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：12 | 回复：0
CVE漏洞

CVE-2020-29001

An issue was discovered on Geeni GNC-CW028 Camera 2.7.2, Geeni GNC-CW025 Doorbell 2.9.5, Merkury MI-CW024 Doorbell 2.9.6, and Merkury MI-CW017 Camera 2.9.6 devices. A vulnerability exists in the RESTf ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：40 | 回复：0
CVE漏洞

CVE-2020-29000

An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A vulnerability exists in the RTSP service that allows a remote attacker to take full control of the device with a high-privileged ac ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：26 | 回复：0
CVE漏洞

CVE-2020-28999

An issue was discovered in Apexis Streaming Video Web Application on Geeni GNC-CW013 doorbell 1.8.1 devices. A remote attacker can take full control of the camera with a high-privileged account. The v ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：19 | 回复：0
CVE漏洞

CVE-2020-28998

An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A vulnerability exists in the Telnet service that allows a remote attacker to take full control of the device with a high-privileged ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：16 | 回复：0
CVE漏洞

CVE-2020-28874

reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered (an invalid token parameter).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：11 | 回复：0
CVE漏洞

CVE-2020-28326

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：19 | 回复：0
CVE漏洞

CVE-2020-28325

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：12 | 回复：0