漏洞 - 第924页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-28306

An issue was discovered in the fltk crate before 0.15.3 for Rust. There is a NULL pointer dereference during attempted use of a multi label type if the image is nonexistent.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：42 | 回复：0
CVE漏洞

CVE-2021-28305

An issue was discovered in the diesel crate before 1.4.6 for Rust. There is a use-after-free in the SQLite backend because the semantics of sqlite3_column_name are not followed.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：59 | 回复：0
CVE漏洞

CVE-2021-27647

Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：54 | 回复：0
CVE漏洞

CVE-2021-27646

Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：53 | 回复：0
CVE漏洞

CVE-2021-26569

Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web re ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：44 | 回复：0
CVE漏洞

CVE-2021-20674

Untrusted search path vulnerability in Installer of MagicConnect Client program distributed before 2021 March 1 allows an attacker to gain privileges and via a Trojan horse DLL in an unspecified direc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：45 | 回复：0
CVE漏洞

CVE-2020-36282

JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 is vulnerable to unsafe deserialization that can result in code execution via crafted StreamMessage data.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：73 | 回复：0
CVE漏洞

CVE-2020-36281

Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in colorquant1.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：49 | 回复：0
CVE漏洞

CVE-2020-36280

Leptonica before 1.80.0 allows a heap-based buffer over-read in pixReadFromTiffStream, related to tiffio.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：45 | 回复：0
CVE漏洞

CVE-2020-36279

Leptonica before 1.80.0 allows a heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：32 | 回复：0
CVE漏洞

CVE-2020-36278

Leptonica before 1.80.0 allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-28154

** DISPUTED ** Camunda Modeler (aka camunda-modeler) through 4.6.0 allows arbitrary file access. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, w ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-28153

An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：60 | 回复：0
CVE漏洞

CVE-2021-28143

/jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated command injection via ping, ping6, or traceroute (under System Tools).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：58 | 回复：0
CVE漏洞

CVE-2020-24984

An issue was discovered in Quadbase EspressReports ES 7 Update 9. It allows CSRF, whereby an attacker may be able to trick an authenticated admin level user into uploading malicious files to the web s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：49 | 回复：0
CVE漏洞

CVE-2020-24983

An issue was discovered in Quadbase EspressReports ES 7 Update 9. An unauthenticated attacker can create a malicious HTML file that houses a POST request made to the DashboardBuilder within the target ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：45 | 回复：0
CVE漏洞

CVE-2020-35681

Django Channels 3.x before 3.0.3 allows remote attackers to obtain sensitive information from a different request scope. The legacy channels.http.AsgiHandler class, used for handling HTTP type request ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：18 | 回复：0
CVE漏洞

CVE-2020-35664

An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. There is cross-site scripting (XSS) in the console.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：13 | 回复：0
CVE漏洞

CVE-2020-35571

An issue was discovered in MantisBT through 2.24.3. In the helper_ensure_confirmed call in manage_custom_field_update.php, the custom field name is not sanitized. This may be problematic depending on ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：23 | 回复：0
CVE漏洞

CVE-2020-35556

An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. Because the local notification service misconfigures CORS, information disclosure can occur.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-3149

On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manual_ping.cgi allows OS command injection (after authentication by the attacker) because the system C library function is used unsafely ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：47 | 回复：0
CVE漏洞

CVE-2021-26120

Smarty before 3.1.39 allows code injection via an unexpected function name after a {function name= substring.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-26119

Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-24115

In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, base58, base64, and hex).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-27516

URI.js (aka urijs) before 1.19.6 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-27515

url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-27514

EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authentication bypass (such as in CVE-2021-27513 exploitation).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-27513

The module admin_ITSM in EyesOfNetwork 5.3-10 allows remote authenticated users to upload arbitrary .xml.php files because it relies on le filtre userside.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：41 | 回复：0
CVE漏洞

CVE-2021-26716

Modules/input/Views/schedule.php in Emoncms through 10.2.7 allows XSS via the node parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-26544

Livy server version 0.7.0-incubating (only) is vulnerable to a cross site scripting issue in the session name. A malicious user could use this flaw to access logs and results of other users' sessi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：72 | 回复：0
CVE漏洞

CVE-2020-28248

An integer overflow in the PngImg::InitStorage_() function of png-img before 3.1.0 leads to an under-allocation of heap memory and subsequently an exploitable heap-based buffer overflow when loading a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-3189

The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-27509

In Visualware MyConnection Server before 11.0b build 5382, each published report is not associated with its own access code.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：45 | 回复：0
CVE漏洞

CVE-2020-27997

An issue was discovered in SmartStoreNET before 4.1.0. Lack of Cross Site Request Forgery (CSRF) protection may lead to elevation of privileges (e.g., /admin/customer/create to create an admin account ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：29 | 回复：0
CVE漏洞

CVE-2020-24617

Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribersByColumn in lib/models/campaigns.js via /campaigns/clicked/ajax because variable column names are not properly escaped.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：33 | 回复：0
CVE漏洞

CVE-2020-24393

TweetStream 2.6.1 uses the library eventmachine in an insecure way that does not have TLS hostname validation. This allows an attacker to perform a man-in-the-middle attack.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：20 | 回复：0
CVE漏洞

CVE-2020-24392

In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library (because eventmachine is misused).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：23 | 回复：0
CVE漏洞

CVE-2020-12873

An issue was discovered in Alfresco Enterprise Content Management (ECM) before 6.2.1. A user with privileges to edit a FreeMarker template (e.g., a webscript) may execute arbitrary Java code or run ar ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：24 | 回复：0
CVE漏洞

CVE-2020-12668

Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：33 | 回复：0
CVE漏洞

CVE-2020-27785

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-29074. Reason: This candidate is a reservation duplicate of CVE-2020-29074. Notes: All CVE users should reference CVE-2020-29074 ins ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：45 | 回复：0