漏洞 - 第914页-OStack程序员社区-中国程序员成长平台

OStack程序员社区-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-22643

Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：38 | 回复：0
CVE漏洞

CVE-2020-29075

Acrobat Reader DC versions 2020.013.20066 (and earlier), 2020.001.30010 (and earlier) and 2017.011.30180 (and earlier) are affected by an information exposure vulnerability, that could enable an attac ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：30 | 回复：0
CVE漏洞

CVE-2020-27819

An issue was discovered in libxls before and including 1.6.1 when reading Microsoft Excel files. A NULL pointer dereference vulnerability exists when parsing XLS cells in libxls/xls2csv.c:199. It coul ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：28 | 回复：0
CVE漏洞

CVE-2020-27768

In ImageMagick, there is an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h. This flaw affects ImageMagick versions prior to 7.0.9-0.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：32 | 回复：0
CVE漏洞

CVE-2020-25690

An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory alloc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：39 | 回复：0
CVE漏洞

CVE-2021-27568

An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatExceptio ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：27 | 回复：0
CVE漏洞

CVE-2020-35852

Chatbox is affected by cross-site scripting (XSS). An attacker has to upload any XSS payload with SVG, XML file in Chatbox. There is no restriction on file upload in Chatbox which leads to stored XSS.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-27189

The CIRA Canadian Shield app before 4.0.13 for iOS lacks SSL Certificate Validation.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-23827

Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5.6.1 on Linux, allows an attacker to obtain potentially sensitive media (such as private pictures) in the Cache and uploadtemps di ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-21157

Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-21156

Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-21155

Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a cr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：52 | 回复：0
CVE漏洞

CVE-2021-21154

Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-21153

Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-21152

Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-21151

Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：43 | 回复：0
CVE漏洞

CVE-2021-21150

Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：56 | 回复：0
CVE漏洞

CVE-2021-21149

Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：43 | 回复：0
CVE漏洞

CVE-2021-26725

Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticated administrator to read-protected system files. This issue affects: Nozomi Netw ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：44 | 回复：0
CVE漏洞

CVE-2021-26724

OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows authenticated administrators to perform remote code execution. This ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：51 | 回复：0
CVE漏洞

CVE-2021-26068

An endpoint in Atlassian Jira Server for Slack plugin from version 0.0.3 before version 2.0.15 allows remote attackers to execute arbitrary code via a template injection vulnerability.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：42 | 回复：0
CVE漏洞

CVE-2020-36232

The MessageBundleWhiteList class of atlassian-gadgets before version 4.2.37, from version 4.3.0 before 4.3.14, from version 4.3.2.0 before 4.3.2.4, from version 4.4.0 before 4.4.12, and from version 5 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：30 | 回复：0
CVE漏洞

CVE-2020-29453

The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3, and from 8.14.0 before 8.15.0 allowed unauthenticated remote attackers ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：29 | 回复：0
CVE漏洞

CVE-2020-29448

The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated re ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-27279

MyBB before 1.8.25 allows stored XSS via nested tags with MyCode (aka BBCode).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-27564

A stored XSS issue exists in Appspace 6.2.4. After a user is authenticated and enters an XSS payload under the groups section of the network tab, it is stored as the group name. Whenever another membe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-27549

** DISPUTED ** Genymotion Desktop through 3.2.0 leaks the host's clipboard data to the Android application by default. NOTE: the vendor's position is that this is intended behavior that can be ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-27228

An issue was discovered in Shinobi through ocean version 1. lib/auth.js has Incorrect Access Control. Valid API Keys are held in an internal JS Object. Therefore an attacker can use JS Proto Method na ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：33 | 回复：0
CVE漏洞

CVE-2020-22475

Tasks application version before 9.7.3 is affected by insecure permissions. The VoiceCommandActivity application component allows arbitrary applications on a device to add tasks with no restrictions.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：32 | 回复：0
CVE漏洞

CVE-2020-22474

In webERP 4.15, the ManualContents.php file allows users to specify the Language parameter, which can lead to local file inclusion.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：41 | 回复：0
CVE漏洞

CVE-2020-24175

Buffer overflow in Yz1 0.30 and 0.32, as used in IZArc 4.4, ZipGenius 6.3.2.3116, and Explzh (extension) 8.14, allows attackers to execute arbitrary code via a crafted archive file, related to filenam ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-3120

An arbitrary file upload vulnerability in the YITH WooCommerce Gift Cards Premium plugin before 3.3.1 for WordPress allows remote attackers to achieve remote code execution on the operating system in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：37 | 回复：0
CVE漏洞

CVE-2021-27559

The Contact page in Monica 2.19.1 allows stored XSS via the Nickname field.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-27371

The Contact page in Monica 2.19.1 allows stored XSS via the Description field.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-27370

The Contact page in Monica 2.19.1 allows stored XSS via the Last Name field.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-27369

The Contact page in Monica 2.19.1 allows stored XSS via the Middle Name field.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-27368

The Contact page in Monica 2.19.1 allows stored XSS via the First Name field.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：74 | 回复：0
CVE漏洞

CVE-2020-21224

A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote attacker can send a malicious login packet to the control server……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：24 | 回复：0
CVE漏洞

CVE-2020-19762

Automated Logic Corporation (ALC) WebCTRL System 6.5 and prior allows remote attackers to execute any JavaScript code via a XSS payload for the first parameter in a GET request.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：28 | 回复：0
CVE漏洞

CVE-2020-3664

Out of bound read access in hypervisor due to an invalid read access attempt by passing invalid addresses in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snap ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：37 | 回复：0