漏洞 - 第933页-OStack程序员社区-中国程序员成长平台

OStack程序员社区-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2020-14410

SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：38 | 回复：0
CVE漏洞

CVE-2020-14409

SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：25 | 回复：0
CVE漏洞

CVE-2020-8581

Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible to a vulnerability which could allow an authenticated but unauthorized attacker to overwrite arbitrary data when VMware vStorage s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-20190

A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiali ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：31 | 回复：0
CVE漏洞

CVE-2020-35929

In TinyCheck before commits 9fd360d and ea53de8, the installation script of the tool contained hard-coded credentials to the backend part of the tool. This information could be used by an attacker for ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：27 | 回复：0
CVE漏洞

CVE-2020-27276

SOOIL Developments Co Ltd DiabecareRS,AnyDana-i AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i AnyDana-A mobile apps doesn't use adequate measures to authenticate th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：37 | 回复：0
CVE漏洞

CVE-2020-27272

SOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A, The communication protocol of the insulin pump and AnyDana-i,AnyDana-A mobile apps doesn't use adequate measures to authenticate the pum ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：48 | 回复：0
CVE漏洞

CVE-2020-27270

SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communication protocol of the insulin pump AnyDana-i,AnyDana-A mobile apps doesnt use adequate measures to protect encryption keys in trans ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：45 | 回复：0
CVE漏洞

CVE-2021-3184

MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global_menu.ctp user homepage favourite button.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-25325

MISP 2.4.136 has XSS via galaxy cluster element values to app/View/GalaxyElements/ajax/index.ctp. Reference types could contain javascript: URLs.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-25324

MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-25323

The default setting of MISP 2.4.136 did not enable the requirements (aka require_password_confirmation) to provide the previous password when changing a password.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-22498

XML External Entity Injection vulnerability in Micro Focus Application Lifecycle Management (Previously known as Quality Center) product. The vulnerability affects versions 12.x, 12.60 Patch 5 and ear ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：25 | 回复：0
CVE漏洞

CVE-2020-4881

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the lack of server hostname verification for SSL/TLS communication. By sending a specially-crafted r ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：37 | 回复：0
CVE漏洞

CVE-2020-4873

IBM Planning Analytics 2.0 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. IBM X-Force ID: 190836.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：48 | 回复：0
CVE漏洞

CVE-2020-4871

IBM Planning Analytics 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 190834.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：24 | 回复：0
CVE漏洞

CVE-2020-27733

Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-3183

Files.com Fat Client 3.3.6 allows authentication bypass because the client continues to have access after a logout and a removal of a login profile.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：43 | 回复：0
CVE漏洞

CVE-2021-3182

** UNSUPPORTED WHEN ASSIGNED ** D-Link DCS-5220 devices have a buffer overflow. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-3181

rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields ( ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：41 | 回复：0
CVE漏洞

CVE-2020-28482

This affects the package fastify-csrf before 3.0.0. 1. The generated cookie used insecure defaults, and did not have the httpOnly flag on: cookieOpts: { path: '/', sameSite: true } 2. The CSRF ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：29 | 回复：0
CVE漏洞

CVE-2020-28481

The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：35 | 回复：0
CVE漏洞

CVE-2020-28480

The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath (https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath). The path used the access the objec ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：24 | 回复：0
CVE漏洞

CVE-2020-28479

The package jointjs before 3.3.0 are vulnerable to Denial of Service (DoS) via the unsetByPath function.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：29 | 回复：0
CVE漏洞

CVE-2020-35129

Mautic before 3.2.4 is affected by stored XSS. An attacker with access to Social Monitoring, an application feature, could attack other users, including administrators. For example, an attacker could ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：28 | 回复：0
CVE漏洞

CVE-2020-35128

Mautic before 3.2.4 is affected by stored XSS. An attacker with permission to manage companies, an application feature, could attack other users, including administrators. For example, by loading an e ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：28 | 回复：0
CVE漏洞

CVE-2020-23342

A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：27 | 回复：0
CVE漏洞

CVE-2020-23522

Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：32 | 回复：0
CVE漏洞

CVE-2020-20950

Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher's oracle ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：25 | 回复：0
CVE漏洞

CVE-2020-28478

This affects the package gsap before 3.6.0.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：41 | 回复：0
CVE漏洞

CVE-2020-28477

This affects all versions of package immer.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：43 | 回复：0
CVE漏洞

CVE-2020-28472

This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSh ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：39 | 回复：0
CVE漏洞

CVE-2021-22852

HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (online registration) to obtain database schema and data.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-22851

HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (document management page) to obtain database schema and data.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-22850

HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-3178

** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：43 | 回复：0
CVE漏洞

CVE-2021-3177

Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrus ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-20619

Cross-site scripting vulnerability in GROWI (v4.2 Series) versions prior to v4.2.3 allows remote attackers to inject an arbitrary script via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：47 | 回复：0
CVE漏洞

CVE-2020-29450

Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the avatar upload fe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：40 | 回复：0
CVE漏洞

CVE-2020-36193

Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:45 | 阅读：34 | 回复：0