漏洞 - 第875页-OStack程序员社区-中国程序员成长平台

OStack程序员社区-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-23001

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the upload functionality in BIG-IP Advance ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：50 | 回复：0
CVE漏洞

CVE-2021-23000

On BIG-IP versions 13.1.3.4-13.1.3.6 and 12.1.5.2, if the tmm.http.rfc.enforcement BigDB key is enabled in a BIG-IP system, or the Bad host header value is checked in the AFM HTTP security profile ass ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：56 | 回复：0
CVE漏洞

CVE-2021-22999

On versions 15.0.x before 15.1.0 and 14.1.x before 14.1.4, the BIG-IP system provides an option to connect HTTP/2 clients to HTTP/1.x servers. When a client is slow to accept responses and it closes a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：64 | 回复：0
CVE漏洞

CVE-2021-22998

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, SYN flood protection thresholds are ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：50 | 回复：0
CVE漏洞

CVE-2021-22997

On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ HA ElasticSearch service does not implement any form of authentication for the clustering transport services, and all data used by ElasticSearch fo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：50 | 回复：0
CVE漏洞

CVE-2021-22996

On all 7.x versions (fixed in 8.0.0), when set up for auto failover, a BIG-IQ Data Collection Device (DCD) cluster member that receives an undisclosed message may cause the corosync process to abort. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：56 | 回复：0
CVE漏洞

CVE-2021-22994

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, undisclosed endpoints in iControl R ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：45 | 回复：0
CVE漏洞

CVE-2021-22993

On BIG-IP Advanced WAF and BIG-IP ASM versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, DOM-based XSS on DoS Profile pr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-22991

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, undisclosed requests to a virtual server may be incorrectly ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-21983

Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager AP ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：42 | 回复：0
CVE漏洞

CVE-2021-21975

Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：68 | 回复：0
CVE漏洞

CVE-2021-21418

ps_emailsubscription is a newsletter subscription module for the PrestaShop platform. An employee can inject javascript in the newsletter condition field that will then be executed on the front office ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：56 | 回复：0
CVE漏洞

CVE-2021-29658

The unofficial vscode-rufo extension before 0.0.4 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace folder.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：59 | 回复：0
CVE漏洞

CVE-2021-22995

On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ high availability (HA) when using a Quorum device for automatic failover does not implement any form of authentication with the Corosync daemon. No ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：41 | 回复：0
CVE漏洞

CVE-2021-22992

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, a malicious HTTP response to an Adv ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-22990

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, on systems with Advanced WAF or BIG ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：45 | 回复：0
CVE漏洞

CVE-2021-22989

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, when running in Appliance mode with ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：47 | 回复：0
CVE漏洞

CVE-2021-22987

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3 when running in Appliance mode, the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：37 | 回复：0
CVE漏洞

CVE-2021-23348

This affects the package portprocesses before 1.0.5. If (attacker-controlled) user input is given to the killProcess function, it is possible for an attacker to execute arbitrary commands. This is due ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：42 | 回复：0
CVE漏洞

CVE-2021-22988

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, TMUI, also referred to as the Confi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：59 | 回复：0
CVE漏洞

CVE-2021-22986

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：67 | 回复：0
CVE漏洞

CVE-2021-3479

There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consum ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：58 | 回复：0
CVE漏洞

CVE-2021-3478

There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：78 | 回复：0
CVE漏洞

CVE-2021-3477

There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integ ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-3470

A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bou ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：65 | 回复：0
CVE漏洞

CVE-2021-28245

PbootCMS 3.0.4 contains a SQL injection vulnerability through index.php via the search parameter that can reveal sensitive information through adding an admin account.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：54 | 回复：0
CVE漏洞

CVE-2021-23988

Mozilla developers reported memory safety bugs present in Firefox 86. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been explo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：39 | 回复：0
CVE漏洞

CVE-2021-23987

Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：44 | 回复：0
CVE漏洞

CVE-2021-23986

A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have be ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：68 | 回复：0
CVE漏洞

CVE-2021-23985

If an attacker is able to alter specific about:config values (for example malware running on the user's computer), the Devtools remote debugging feature could have been enabled in a way that was u ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：54 | 回复：0
CVE漏洞

CVE-2021-23984

A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could hav ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：56 | 回复：0
CVE漏洞

CVE-2021-23983

By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash. This vuln ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：46 | 回复：0
CVE漏洞

CVE-2021-23982

Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizin ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：44 | 回复：0
CVE漏洞

CVE-2021-23981

A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-21782

An out-of-bounds write vulnerability exists in the SGI format buffer size processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An atta ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：55 | 回复：0
CVE漏洞

CVE-2021-21776

An out-of-bounds write vulnerability exists in the SGI Format Buffer Size Processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An atta ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：42 | 回复：0
CVE漏洞

CVE-2021-21773

An out-of-bounds write vulnerability exists in the TIFF header count-processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：53 | 回复：0
CVE漏洞

CVE-2020-28173

Simple College Website 1.0 allows a user to conduct remote code execution via /alumni/admin/ajax.php?action=save_settings when uploading a malicious file using the image upload functionality, which is ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：47 | 回复：0
CVE漏洞

CVE-2020-28172

A SQL injection vulnerability in Simple College Website 1.0 allows remote unauthenticated attackers to bypass the admin authentication mechanism in college_website/admin/ajax.php?action=login, thus ga ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-28657

A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:56 | 阅读：59 | 回复：0