漏洞 - 第876页-OStack程序员社区-中国程序员成长平台

OStack程序员社区-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-21413

isolated-vm is a library for nodejs which gives you access to v8's Isolate interface. Versions of isolated-vm before v4.0.0 have API pitfalls which may make it easy for implementers to expose supp ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：52 | 回复：0
CVE漏洞

CVE-2020-24995

Buffer overflow vulnerability in sniff_channel_order function in aacdec_template.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code (local).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-29650

An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：41 | 回复：0
CVE漏洞

CVE-2021-29649

An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：59 | 回复：0
CVE漏洞

CVE-2021-29648

An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly consider that resolved_ids and resolved_sizes are intentionally uninitialized in the vmlinux BPF Type Fo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：43 | 回复：0
CVE漏洞

CVE-2021-29647

An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized dat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：54 | 回复：0
CVE漏洞

CVE-2021-29646

An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c does not properly validate certain data sizes, aka CID-0217ed2848e8.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：58 | 回复：0
CVE漏洞

CVE-2020-24391

mongo-express before 1.0.0 offers support for certain advanced syntax but implements this in an unsafe way. NOTE: this may overlap CVE-2019-10769.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：39 | 回复：0
CVE漏洞

CVE-2021-29642

GistPad before 0.2.7 allows a crafted workspace folder to change the URL for the Gist API, which leads to leakage of GitHub access tokens.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：65 | 回复：0
CVE漏洞

CVE-2021-3476

A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：65 | 回复：0
CVE漏洞

CVE-2021-3475

There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with app ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：53 | 回复：0
CVE漏洞

CVE-2021-3474

There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：60 | 回复：0
CVE漏洞

CVE-2021-26579

A security vulnerability in HPE Unified Data Management (UDM) could allow the local disclosure of privileged information (CWE-321: Use of Hard-coded Cryptographic Key in a product). HPE has provided u ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-21412

Potential for arbitrary code execution in npm package @thi.ng/egf `#gpg`-tagged property values (only if `decrypt: true` option is enabled). PR with patch has been submitted and will has been released ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：43 | 回复：0
CVE漏洞

CVE-2021-20520

IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potential ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-20518

IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potential ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-20506

IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potential ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-20504

IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potential ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：43 | 回复：0
CVE漏洞

CVE-2021-20503

IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potential ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：49 | 回复：0
CVE漏洞

CVE-2021-20502

IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive informatio ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：43 | 回复：0
CVE漏洞

CVE-2021-20447

IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potential ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：41 | 回复：0
CVE漏洞

CVE-2021-20352

IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potential ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-21398

PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.7.3, an attacker can inject HTML when the Grid Column Type DataColumn is badly used. The problem is fix ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-20482

IBM Cloud Pak for Automation 20.0.2 and 20.0.3 IF002 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to exp ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：52 | 回复：0
CVE漏洞

CVE-2020-4944

IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2, stores keystore passwords in plain text after a manual edit, which can be read by a local user. I ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：48 | 回复：0
CVE漏洞

CVE-2020-4884

IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 190908.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：59 | 回复：0
CVE漏洞

CVE-2020-4848

IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 could allow an authenticated user to initiate a plugin or compare process resources that they should not have access to. IBM X-Force ID: 190293 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：44 | 回复：0
CVE漏洞

CVE-2021-27271

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：42 | 回复：0
CVE漏洞

CVE-2021-27270

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-27269

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-27268

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：37 | 回复：0
CVE漏洞

CVE-2021-27267

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：43 | 回复：0
CVE漏洞

CVE-2021-27266

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：39 | 回复：0
CVE漏洞

CVE-2021-27265

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：43 | 回复：0
CVE漏洞

CVE-2021-27264

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：48 | 回复：0
CVE漏洞

CVE-2021-27263

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：46 | 回复：0
CVE漏洞

CVE-2021-27262

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-27261

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-23363

This affects the package kill-by-port before 0.0.2. If (attacker-controlled) user input is given to the killByPort function, it is possible for an attacker to execute arbitrary commands. This is due t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-21409

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers clients. In Netty (io.netty:netty-codec-http2) ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：47 | 回复：0