漏洞 - 第912页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2020-11228

Part of RPM region was not protected from xblSec itself due to improper policy and leads to unprivileged access in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:49 | 阅读：34 | 回复：0
CVE漏洞

CVE-2020-11227

Out of bound write while parsing RTT/TTY packet parsing due to lack of check of buffer size before copying into buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:49 | 阅读：30 | 回复：0
CVE漏洞

CVE-2020-11226

Out of bound memory read in Data modem while unpacking data due to lack of offset length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Indu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:49 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-21621

Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the About user (basic authentication details only) information, which can include the session ID of ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-21620

A cross-site request forgery (CSRF) vulnerability in Jenkins Claim Plugin 2.18.1 and earlier allows attackers to change claims.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-21619

Jenkins Claim Plugin 2.18.1 and earlier does not escape the user display name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers who are able to control the displ ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：42 | 回复：0
CVE漏洞

CVE-2021-21618

Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by at ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-21617

A cross-site request forgery (CSRF) vulnerability in Jenkins Configuration Slicing Plugin 1.51 and earlier allows attackers to apply different slice configurations.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-21616

Jenkins Active Choices Plugin 2.5.2 and earlier does not escape reference parameter values, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：34 | 回复：0
CVE漏洞

CVE-2020-7846

Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads to a file download and execution via access to crafted web pag ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：41 | 回复：0
CVE漏洞

CVE-2020-28599

A stack-based buffer overflow vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacke ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-3355

A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：47 | 回复：0
CVE漏洞

CVE-2021-27645

The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：36 | 回复：0
CVE漏洞

CVE-2020-12702

Weak encryption in the Quick Pairing mode in the eWeLink mobile application (Android application V4.9.2 and earlier, iOS application V4.9.1 and earlier) allows physically proximate attackers to eavesd ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：37 | 回复：0
CVE漏洞

CVE-2021-20662

Missing authentication for critical function in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to alter the setting information without the access privileges via unspecified vector ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-20661

Directory traversal vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-20660

Cross-site scripting vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to inject an arbitrary script via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：37 | 回复：0
CVE漏洞

CVE-2021-20659

SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-20658

SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-20657

Improper access control vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain and/or alter the setting information without the access privilege vi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：43 | 回复：0
CVE漏洞

CVE-2021-20656

Exposure of information through directory listing in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain the information inside the system, such as directories a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：49 | 回复：0
CVE漏洞

CVE-2021-3410

A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：44 | 回复：0
CVE漏洞

CVE-2021-3407

A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potential consequences.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-21323

Brave is an open source web browser with a focus on privacy and security. In Brave versions 1.17.73-1.20.103, the CNAME adblocking feature added in Brave 1.17.73 accidentally initiated DNS requests th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：41 | 回复：0
CVE漏洞

CVE-2021-20256

A flaw was found in Red Hat Satellite. The BMC interface exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-20252

A flaw was found in Red Hat 3scale API Management Platform 2. The 3scale backend does not perform preventive handling on user-requested date ranges in certain queries allowing a malicious authenticate ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-20194

There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDE ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-20182

A privilege escalation flaw was found in openshift4/ose-docker-builder. The build container runs with high privileges using a chrooted environment instead of runc. If an attacker can gain access to th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：47 | 回复：0
CVE漏洞

CVE-2021-3405

A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-26927

A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of service.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-27583

** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can discover whether a user is present in the database through the password reset feature. NOTE: This vulnerability only affe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-26680

A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based ma ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：45 | 回复：0
CVE漏洞

CVE-2021-26679

A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based ma ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：39 | 回复：0
CVE漏洞

CVE-2021-26677

A local authenticated escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in ClearPass OnGuard cou ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-26595

** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can learn sensitive information such as the version of the CMS, the PHP version used by the site, and the name of the DBMS, s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：41 | 回复：0
CVE漏洞

CVE-2021-26594

** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can switch to the administrator role (via the PATCH method) without any control by the back end. NOTE: This vulnerability onl ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：41 | 回复：0
CVE漏洞

CVE-2021-26593

** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can see all users in the CMS using the API /users/{id}. For each call, they get in response a lot of information about the us ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：46 | 回复：0
CVE漏洞

CVE-2021-22882

UniFi Protect before v1.17.1 allows an attacker to use spoofed cameras to perform a denial-of-service attack that may cause the UniFi Protect controller to crash.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：37 | 回复：0
CVE漏洞

CVE-2021-22112

Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：52 | 回复：0
CVE漏洞

CVE-2021-20247

A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：42 | 回复：0