漏洞 - 第899页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-25277

FTAPI 4.0 - 4.10 allows XSS via a crafted filename to the alternative text hover box in the file submission component.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-27906

A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-27807

A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-21390

MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-17T02-33-02Z, there is a vulnerab ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-21387

Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS and Axolotl ratchet. In wrongthink from version 2.0.0 and before 2.3.0 there was a set of vulnerabilities causing inadequate encrypt ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：32 | 回复：0
CVE漏洞

CVE-2020-4635

IBM Resilient SOAR 40 and earlier could disclose sensitive information by allowing a user to enumerate usernames.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-27506

The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-28834

Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-28831

decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-28090

Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-28089

Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：38 | 回复：0
CVE漏洞

CVE-2020-25097

An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbid ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-28126

index.jsp in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a Stored cross-site scripting (XSS) vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-28110

/exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a vulnerability in its XML parser.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-25293

An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-25292

An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：41 | 回复：0
CVE漏洞

CVE-2021-25291

An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-25290

An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-25289

An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOT ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：33 | 回复：0
CVE漏洞

CVE-2020-6578

Zen Cart 1.5.6d allows reflected XSS via the main_page parameter to includes/templates/template_default/common/tpl_main_page.php or includes/templates/responsive_classic/common/tpl_main_page.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：34 | 回复：0
CVE漏洞

CVE-2020-6577

The IT-Recht Kanzlei plugin in Zen Cart 1.5.6c (German edition) allows itrk-api.php rechtstext_language SQL Injection.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-3327

Ovation Dynamic Content 1.10.1 for Elementor allows XSS via the post_title parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：52 | 回复：0
CVE漏洞

CVE-2021-28109

TranzWare (POI) FIMI before 4.2.20.4.2 allows login_tw.php reflected Cross-Site Scripting (XSS).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：47 | 回复：0
CVE漏洞

CVE-2021-27928

A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-27221

** DISPUTED ** MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor's position is that this is inten ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-28653

The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave suppor ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：39 | 回复：0
CVE漏洞

CVE-2021-26275

** UNSUPPORTED WHEN ASSIGNED ** The eslint-fixer package through 0.1.5 for Node.js allows command injection via shell metacharacters to the fix function. NOTE: This vulnerability only affects products ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-21384

shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using _Shescape_ to defend against shell injection may still be vulnerable against shell injection if ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-27436

WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：37 | 回复：0
CVE漏洞

CVE-2021-3416

A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA ch ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-27358

The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-25764

In JetBrains PhpStorm before 2020.3, source code could be added to debug logs.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：26 | 回复：0
CVE漏洞

CVE-2020-9367

The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build 10.0.486 is vulnerable to DLL Hijacking: dcinventory.exe and dcconfig.exe try to load CSUNSAPI.dll without supplying the complete ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：29 | 回复：0
CVE漏洞

CVE-2020-36144

Redash 8.0.0 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided template since the username included in the search filter lacks ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：20 | 回复：0
CVE漏洞

CVE-2020-26886

Softaculous before 5.5.7 is affected by a code execution vulnerability because of External Initialization of Trusted Variables or Data Stores. This leads to privilege escalation on the local host.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：22 | 回复：0
CVE漏洞

CVE-2020-26797

Mediainfo before version 20.08 has a heap buffer overflow vulnerability via MediaInfoLib::File_Gxf::ChooseParser_ChannelGrouping.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：26 | 回复：0
CVE漏洞

CVE-2019-14852

A flaw was found in 3scale’s APIcast gateway that enabled the TLS 1.0 protocol. An attacker could target traffic using this weaker protocol and break its encryption, gaining access to unauthorized in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：28 | 回复：0
CVE漏洞

CVE-2019-14851

A denial of service vulnerability was discovered in nbdkit. A client issuing a certain sequence of commands could possibly trigger an assertion failure, causing nbdkit to exit. This issue only affecte ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-28160

Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) suffers from a reflected XSS vulnerability due to unsanitized SSID value when the latter is displayed in the /repeater.html page (Repeater Wizard homepage ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:51 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-21309

Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：31 | 回复：0