漏洞 - 第890页-OStack程序员社区-中国程序员成长平台

OStack程序员社区-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-3164

ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file via a POST request to reso ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：39 | 回复：0
CVE漏洞

CVE-2021-3152

** DISPUTED ** Home Assistant before 2021.1.3 does not have a protection layer that can help to prevent directory-traversal attacks against custom integrations. NOTE: the vendor's perspective is t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：142 | 回复：0
CVE漏洞

CVE-2021-3115

Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the go get command to fetch modules that make use of cgo (for example, cgo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-3114

In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-26267

cPanel before 92.0.9 allows a MySQL user (who has an old-style password hash) to bypass suspension (SEC-579).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-26266

cPanel before 92.0.9 allows a Reseller to bypass the suspension lock (SEC-578).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-26026

PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a User Mode Write Access Violation starting at IDE_ACDStd!JPEGTransW+0x000000000000c7f4 via a crafted BMP image.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-26025

PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a User Mode Write Access Violation starting at IDE_ACDStd!zlibVersion+0x0000000000004e5e via a crafted BMP image.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-25908

An issue was discovered in the fil-ocl crate through 2021-01-04 for Rust. FromEventList can lead to a double free.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-25907

An issue was discovered in the containers crate before 0.9.11 for Rust. When a panic occurs, a util::{mutate,mutate2} double drop can be performed.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：327 | 回复：0
CVE漏洞

CVE-2021-25906

An issue was discovered in the basic_dsp_matrix crate before 0.9.2 for Rust. When a TransformContent panic occurs, a double drop can be performed.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-25905

An issue was discovered in the bra crate before 0.1.1 for Rust. It lacks soundness because it can read uninitialized memory.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-25904

An issue was discovered in the av-data crate before 0.3.0 for Rust. A raw pointer is dereferenced, leading to a read of an arbitrary memory address, sometimes causing a segfault.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：190 | 回复：0
CVE漏洞

CVE-2021-25903

An issue was discovered in the cache crate through 2021-01-01 for Rust. A raw pointer is dereferenced.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：43 | 回复：0
CVE漏洞

CVE-2021-25902

An issue was discovered in the glsl-layout crate before 0.4.0 for Rust. When a panic occurs, map_array can perform a double drop.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：43 | 回复：0
CVE漏洞

CVE-2021-25901

An issue was discovered in the lazy-init crate through 2021-01-17 for Rust. Lazy lacks a Send bound, leading to a data race.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：46 | 回复：0
CVE漏洞

CVE-2021-25900

An issue was discovered in the smallvec crate before 0.6.14 and 1.x before 1.6.1 for Rust. There is a heap-based buffer overflow in SmallVec::insert_many.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-25864

node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：51 | 回复：0
CVE漏洞

CVE-2021-25863

Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-22873

Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been availa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-22872

Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in mod ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-22871

Revive Adserver before 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-22698

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a stack-based buffer overflow to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：62 | 回复：0
CVE漏洞

CVE-2021-22697

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a use-after-free condition which ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：39 | 回复：0
CVE漏洞

CVE-2021-21723

Some ZTE products have a DoS vulnerability. Due to the improper handling of memory release in some specific scenarios, a remote attacker can trigger the vulnerability by performing a series of operati ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：37 | 回复：0
CVE漏洞

CVE-2021-21615

Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use (TOCTOU) race condition.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：34 | 回复：0
CVE漏洞

CVE-2020-9492

In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：35 | 回复：0
CVE漏洞

CVE-2020-8295

A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：36 | 回复：0
CVE漏洞

CVE-2020-8293

A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage wit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：21 | 回复：0
CVE漏洞

CVE-2020-8292

Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scripting (XSS) vulnerability via the drag drop functionality in message boxes.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：38 | 回复：0
CVE漏洞

CVE-2020-8288

The `specializedRendering` function in Rocket.Chat server before 3.9.2 allows a cross-site scripting (XSS) vulnerability by way of the `value` parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：39 | 回复：0
CVE漏洞

CVE-2020-6780

Use of Password Hash With Insufficient Computational Effort in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows a remote attacker with admin privi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：34 | 回复：0
CVE漏洞

CVE-2020-6779

Use of Hard-coded Credentials in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows an unauthenticated remote attacker to log into the database with ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：35 | 回复：0
CVE漏洞

CVE-2020-5495

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：51 | 回复：0
CVE漏洞

CVE-2020-5494

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：28 | 回复：0
CVE漏洞

CVE-2020-5493

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：37 | 回复：0
CVE漏洞

CVE-2020-5492

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：37 | 回复：0
CVE漏洞

CVE-2020-5491

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：36 | 回复：0
CVE漏洞

CVE-2020-5490

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：31 | 回复：0
CVE漏洞

CVE-2020-5489

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:52 | 阅读：45 | 回复：0