漏洞 - 第874页-OStack程序员社区-中国程序员成长平台

OStack程序员社区-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-28545

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing support for an integrity check. An unauthenticated attacker ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-20296

A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-20235

There's a flaw in the zeromq server in versions before 4.3.3 in src/decoder_allocators.hpp. The decoder static allocator could have its sized changed, but the buffer would remain the same as it is ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-20234

An uncontrolled resource consumption (memory leak) flaw was found in the ZeroMQ client in versions before 4.3.3 in src/pipe.cpp. This issue causes a client that connects to multiple malicious or compr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-28918

Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-29083

Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote authenticated users to execute arb ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-29942

An issue was discovered in the reorder crate through 2021-02-24 for Rust. swap_index can return uninitialized values if an iterator returns a len() that is too large.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-29941

An issue was discovered in the reorder crate through 2021-02-24 for Rust. swap_index has an out-of-bounds write if an iterator returns a len() that is too small.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-29940

An issue was discovered in the through crate through 2021-02-18 for Rust. There is a double free (in through and through_and) upon a panic of the map function.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-29939

An issue was discovered in the stackvector crate through 2021-02-19 for Rust. There is an out-of-bounds write in StackVec::extend if size_hint provides certain anomalous data.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-29938

An issue was discovered in the slice-deque crate through 2021-02-19 for Rust. A double drop can occur in SliceDeque::drain_filter upon a panic in a predicate function.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-29937

An issue was discovered in the telemetry crate through 2021-02-17 for Rust. There is a drop of uninitialized memory if a value.clone() call panics within misc::vec_with_size().……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-29936

An issue was discovered in the adtensor crate through 2021-01-11 for Rust. There is a drop of uninitialized memory via the FromIterator implementation for Vector and Matrix.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-29935

An issue was discovered in the rocket crate before 0.4.7 for Rust. uri::Formatter can have a use-after-free if a user-provided function panics.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-29934

An issue was discovered in PartialReader in the uu_od crate before 0.0.4 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-29933

An issue was discovered in the insert_many crate through 2021-01-26 for Rust. Elements may be dropped twice if a .next() method panics.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-29932

An issue was discovered in the parse_duration crate through 2021-03-18 for Rust. It allows attackers to cause a denial of service (CPU and memory consumption) via a duration string with a large expone ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-29931

An issue was discovered in the arenavec crate through 2021-01-12 for Rust. A double drop can sometimes occur upon a panic in T::drop().……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-29930

An issue was discovered in the arenavec crate through 2021-01-12 for Rust. A drop of uninitialized memory can sometimes occur upon a panic in T::default().……

作者：菜鸟教程小白 | 时间：2022-2-5 10:28 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-29929

An issue was discovered in the endian_trait crate through 2021-01-04 for Rust. A double drop can occur when a user-provided Endian impl panics.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:27 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-29251

BTCPay Server before 1.0.7.1 mishandles the policy setting in which users can register (in Server Settings Policies). This affects Docker use cases in which a mail server is configured.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:27 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-26071

The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymou ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：73 | 回复：0
CVE漏洞

CVE-2020-36286

The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：36 | 回复：0
CVE漏洞

CVE-2020-36238

The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：69 | 回复：0
CVE漏洞

CVE-2021-29349

Mahara 20.10 is affected by Cross Site Request Forgery (CSRF) that allows a remote attacker to remove inbox-mail on the server. The application fails to validate the CSRF token for a POST request. An ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：48 | 回复：0
CVE漏洞

CVE-2021-28994

kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-27349

Advanced Order Export before 3.1.8 for WooCommerce allows XSS, a different vulnerability than CVE-2020-11727.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：48 | 回复：0
CVE漏洞

CVE-2021-27220

An issue was discovered in PRTG Network Monitor before 21.1.66.1623. By invoking the screenshot functionality with prepared context paths, an attacker is able to verify the existence of certain files ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：33 | 回复：0
CVE漏洞

CVE-2020-24550

An Open Redirect vulnerability in EpiServer Find before 13.2.7 allows an attacker to redirect users to untrusted websites via the _t_redirect parameter in a crafted URL, such as a /find_v2/_click URL.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：46 | 回复：0
CVE漏洞

CVE-2021-22538

A privilege escalation vulnerability impacting the Google Exposure Notification Verification Server (versions prior to 0.23.1), allows an attacker who (1) has UserWrite permissions and (2) is using a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：49 | 回复：0
CVE漏洞

CVE-2021-29663

CourseMS (aka Course Registration Management System) 2.1 is affected by cross-site scripting (XSS). When an attacker with access to an Admin account creates a Job Title in the Site area (aka the admin ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：61 | 回复：0
CVE漏洞

CVE-2021-26943

The UX360CA BIOS through 303 on ASUS laptops allow an attacker (with the ring 0 privilege) to overwrite nearly arbitrary physical memory locations, including SMRAM, and execute arbitrary code in the S ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：40 | 回复：0
CVE漏洞

CVE-2020-35308

CONQUEST DICOM SERVER before 1.5.0 has a code execution vulnerability which can be exploited by attackers to execute malicious code.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-29662

The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypas ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：54 | 回复：0
CVE漏洞

CVE-2021-23007

On BIG-IP versions 14.1.4 and 16.0.1.1, when the Traffic Management Microkernel (TMM) process handles certain undisclosed traffic, it may start dropping all fragmented IP traffic. Note: Software versi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：42 | 回复：0
CVE漏洞

CVE-2021-23006

On all 7.x and 6.x versions (fixed in 8.0.0), undisclosed BIG-IQ pages have a reflected cross-site scripting vulnerability. Note: Software versions which have reached End of Software Development (EoSD ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：37 | 回复：0
CVE漏洞

CVE-2021-23005

On all 7.x and 6.x versions (fixed in 8.0.0), when using a Quorum device for BIG-IQ high availability (HA) for automatic failover, BIG-IQ does not make use of Transport Layer Security (TLS) with the C ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：66 | 回复：0
CVE漏洞

CVE-2021-23004

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, Multipath TCP (MPTCP) forwarding fl ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：46 | 回复：0
CVE漏洞

CVE-2021-23003

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the Traffic Management Microkernel ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：53 | 回复：0
CVE漏洞

CVE-2021-23002

When using BIG-IP APM 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, or all 12.1.x and 11.6.x versions or Edge Client versions 7.2.1.x before 7.2.1.1, 7. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：47 | 回复：0