漏洞 - 第900页-OStack程序员社区-中国程序员成长平台

OStack程序员社区-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2020-27223

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) paramet ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-0406

In cameraisp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not n ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-0405

In performance driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-0404

In mobile_log_d, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-0403

In netdiag, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is n ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-0402

In jpeg, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not nee ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-0401

In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploita ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：42 | 回复：0
CVE漏洞

CVE-2021-0367

In vpu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for expl ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-0366

In vpu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for expl ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-21308

PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 the soft logout system is not complete and an attacker is able to foreign request and executes custom ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：59 | 回复：0
CVE漏洞

CVE-2021-21302

PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 there is a CSV Injection vulnerability possible by using shop search keywords via the admin panel. Th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：43 | 回复：0
CVE漏洞

CVE-2021-23345

All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when the src attribute of an HTML element refers to an ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：128 | 回复：0
CVE漏洞

CVE-2021-21274

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a mali ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：64 | 回复：0
CVE漏洞

CVE-2021-21273

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, reques ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-21298

Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier has a vulnerability which allows arbitrary path traversal via the Projects API. If the P ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：41 | 回复：0
CVE漏洞

CVE-2021-21297

Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier contains a Prototype Pollution vulnerability in the admin API. A badly formed request ca ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-23979

Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been explo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-23978

Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-23965

Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been explo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-23964

Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：23 | 回复：0
CVE漏洞

CVE-2020-24686

The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：19 | 回复：0
CVE漏洞

CVE-2019-11684

Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component allows arbitrary and unauthenticated access to a limited subset of certificates, stored in the underlyin ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-3010

There are multiple persistent cross-site scripting (XSS) vulnerabilities in the web interface of OpenText Content Server Version 20.3. The application allows a remote attacker to introduce arbitrary J ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-26904

LMA ISIDA Retriever 5.2 allows SQL Injection.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-26903

LMA ISIDA Retriever 5.2 is vulnerable to XSS via query.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-22661

Changing the password on the module webpage does not require the user to type in the current password first. Thus, the password could be changed by a user or external process without knowledge of the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：25 | 回复：0
CVE漏洞

CVE-2020-28646

ownCloud owncloud/client before 2.7 allows DLL Injection. The desktop client loaded development plugins from certain directories when they were present.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：29 | 回复：0
CVE漏洞

CVE-2020-28199

best it Amazon Pay Plugin before 9.4.2 for Shopware exposes Sensitive Information to an Unauthorized Actor.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：26 | 回复：0
CVE漏洞

CVE-2020-26200

A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity. This component is incorporated in Kaspersky Rescue Disk (KRD) and ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：20 | 回复：0
CVE漏洞

CVE-2019-18947

Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to information disclosure.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：27 | 回复：0
CVE漏洞

CVE-2019-18946

Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session fixation.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：23 | 回复：0
CVE漏洞

CVE-2019-18945

Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：27 | 回复：0
CVE漏洞

CVE-2019-18944

Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：19 | 回复：0
CVE漏洞

CVE-2019-18943

Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：27 | 回复：0
CVE漏洞

CVE-2019-18942

Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without encoding.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-23977

Firefox for Android suffered from a time-of-check-time-of-use vulnerability that allowed a malicious application to read sensitive data from application directories. Note: This issue is only affected ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-23963

When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to loss of control over the currently granted permission. This ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-23962

Incorrect use of the 'RowCountChanged' method could have led to a user-after-poison and a potentially exploitable crash. This vulnerability affects Firefox 85.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-23961

Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local m ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-23960

Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox 85, Thunderbird 78.7, and F ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:50 | 阅读：28 | 回复：0