漏洞 - 第898页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-26295

Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：39 | 回复：0
CVE漏洞

CVE-2020-28501

This affects the package es6-crawler-detect before 3.1.3. No limitation of user agent string length supplied to regex operators.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-28964

A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-21438

Agents are able to see linked FAQ articles without permissions (defined in FAQ Category). This issue affects: FAQ version 6.0.29 and prior versions, OTRS version 7.0.24 and prior versions.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-21437

Agents are able to see linked Config Items without permissions, which are defined in General Catalog. This issue affects: OTRSCIsInCustomerFrontend 7.0.15 and prior versions, ITSMConfigurationManageme ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-28963

Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-28956

** UNSUPPORTED WHEN ASSIGNED ** The unofficial vscode-sass-lint (aka Sass Lint) extension through 1.0.7 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafte ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-28955

git-bug before 0.7.2 has an Uncontrolled Search Path Element. It will execute git.bat from the current directory in certain PATH situations (most often seen on Windows).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-26070

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-linked resources via a Broken Authentication vulnerability in the `make ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-26069

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to download temporary files and enumerate project keys via an Information Disclosure vulnerability in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：29 | 回复：0
CVE漏洞

CVE-2020-13963

SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related authentication algorithm, is public. The key for admin is hardcoded in the installation code ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-23360

This affects the package killport before 1.0.2. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-28961

applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-28957

An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction at ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：45 | 回复：0
CVE漏洞

CVE-2021-28954

In Chris Walz bit before 1.0.5 on Windows, attackers can run arbitrary code via a .exe file in a crafted repository.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-28953

The unofficial C/C++ Advanced Lint extension before 1.9.0 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted repository.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：36 | 回复：0
CVE漏洞

CVE-2020-27171

An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：31 | 回复：0
CVE漏洞

CVE-2020-27170

An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spect ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-28952

An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：37 | 回复：0
CVE漏洞

CVE-2021-28117

libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor http://) based on the content of ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：44 | 回复：0
CVE漏洞

CVE-2021-28951

An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concur ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-28950

An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-21267

Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector). In before version 2.0.0, email address validation is vulnerable to a denial-of-service attac ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：29 | 回复：0
CVE漏洞

CVE-2019-14831

A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where forum subscribe link contained an open redirect if forced subscription mode was ena ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：43 | 回复：0
CVE漏洞

CVE-2019-14830

A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where the mobile launch endpoint contained an open redirect in some circumstances, which ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：31 | 回复：0
CVE漏洞

CVE-2019-14829

A vulnerability was found in Moodle affection 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions where activity creation capabilities were not correctly respected when selecting ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：35 | 回复：0
CVE漏洞

CVE-2019-14828

A vulnerability was found in Moodle affecting 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where users with the capability to create courses were assigned as a teacher in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：34 | 回复：0
CVE漏洞

CVE-2019-10225

A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：37 | 回复：0
CVE漏洞

CVE-2019-10200

A flaw was discovered in OpenShift Container Platform 4 where, by default, users with access to create pods also have the ability to schedule workloads on master nodes. Pods with permission to access ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：35 | 回复：0
CVE漏洞

CVE-2019-10196

A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Den ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：43 | 回复：0
CVE漏洞

CVE-2019-10151

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：39 | 回复：0
CVE漏洞

CVE-2019-10128

A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for EnterpriseDB-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the A ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：46 | 回复：0
CVE漏洞

CVE-2021-27520

A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the author parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-27519

A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the srch parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-26992

Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability which could allow a remote attacker to cause a Denial of Service (DoS).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：45 | 回复：0
CVE漏洞

CVE-2021-26991

Cloud Manager versions prior to 3.9.4 contain an insecure Cross-Origin Resource Sharing (CORS) policy which could allow a remote attacker to interact with Cloud Manager.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-26990

Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability that could allow a remote attacker to overwrite arbitrary system files.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-20077

Nessus versions 8.13.2 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gainin ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：45 | 回复：0
CVE漏洞

CVE-2019-10127

A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for BigSQL-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：42 | 回复：0
CVE漏洞

CVE-2021-25278

FTAPI 4.0 through 4.10 allows XSS via an SVG document to the Background Image upload feature in the Submit Box Template Editor.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：30 | 回复：0