漏洞 - 第978页-OStack程序员社区-中国程序员成长平台

OStack程序员社区-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-27877

An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current ver ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：102 | 回复：0
CVE漏洞

CVE-2021-27876

An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communica ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：107 | 回复：0
CVE漏洞

CVE-2021-26704

EPrints 3.4.2 allows remote attackers to execute arbitrary commands via crafted input to the verb parameter in a cgi/toolbox/toolbox URI.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：103 | 回复：0
CVE漏洞

CVE-2021-26703

EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted JSON/XML input to a cgi/ajax/phrase URI.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：106 | 回复：0
CVE漏洞

CVE-2021-26702

EPrints 3.4.2 exposes a reflected XSS opportunity in the dataset parameter to the cgi/dataset_dictionary URI.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：95 | 回复：0
CVE漏洞

CVE-2021-26476

EPrints 3.4.2 allows remote attackers to execute OS commands via crafted LaTeX input to a cgi/cal?year= URI.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：105 | 回复：0
CVE漏洞

CVE-2021-26475

EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal URI.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：118 | 回复：0
CVE漏洞

CVE-2021-3332

WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via post_password.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：118 | 回复：0
CVE漏洞

CVE-2021-27318

Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the lastname parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：85 | 回复：0
CVE漏洞

CVE-2021-27317

Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the comment parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：102 | 回复：0
CVE漏洞

CVE-2021-21517

SRS Policy Manager 6.X is affected by an XML External Entity Injection (XXE) vulnerability due to a misconfigured XML parser that processes user-supplied DTD input without sufficient validation. A rem ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：108 | 回复：0
CVE漏洞

CVE-2021-21515

Dell EMC SourceOne, versions 7.2SP10 and prior, contain a Stored Cross-Site Scripting vulnerability. A remote low privileged attacker may potentially exploit this vulnerability, to hijack user session ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：109 | 回复：0
CVE漏洞

CVE-2021-25914

Prototype pollution vulnerability in 'object-collider' versions 1.0.0 through 1.0.3 allows attacker to cause a denial of service and may lead to remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：95 | 回复：0
CVE漏洞

CVE-2021-22114

Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：102 | 回复：0
CVE漏洞

CVE-2020-36240

The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF di ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：90 | 回复：0
CVE漏洞

CVE-2018-25004

A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects: MongoDB Inc. MongoDB Server v4.0 vers ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：101 | 回复：0
CVE漏洞

CVE-2021-25833

A file extension handling issue was found in module of ONLYOFFICE DocumentServer v4.2.0.71-v5.6.0.21. The file extension is controlled by an attacker through the request data and leads to arbitrary f ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：115 | 回复：0
CVE漏洞

CVE-2021-25832

A heap buffer overflow vulnerability inside of BMP image processing was found at module of ONLYOFFICE DocumentServer v4.0.0-9-v6.0.0. Using this vulnerability, an attacker is able to gain remote code ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：107 | 回复：0
CVE漏洞

CVE-2021-25831

A file extension handling issue was found in module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. An attacker must request the conversion of the crafted file from PPTT into PPTX format. Using the cha ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：97 | 回复：0
CVE漏洞

CVE-2021-25830

A file extension handling issue was found in module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13. An attacker must request the conversion of the crafted file from DOCT into DOCX format. Using th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：130 | 回复：0
CVE漏洞

CVE-2021-25829

An improper binary stream data handling issue was found in the module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. Using this bug, an attacker is able to produce a denial of service attack that can ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：88 | 回复：0
CVE漏洞

CVE-2020-9479

When loading a UDF, a specially crafted zip file could allow files to be placed outside of the UDF deployment directory. This issue affected Apache AsterixDB unreleased builds between commits 580b81aa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：93 | 回复：0
CVE漏洞

CVE-2020-7929

A user authorized to perform database queries may trigger denial of service by issuing specially crafted query contain a type of regex. This issue affects: MongoDB Inc. MongoDB Server v3.6 versions pr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：87 | 回复：0
CVE漏洞

CVE-2021-25329

The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：101 | 回复：0
CVE漏洞

CVE-2021-25122

When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：76 | 回复：0
CVE漏洞

CVE-2021-26530

The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compiled with OpenSSL support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：50 | 回复：0
CVE漏洞

CVE-2021-26529

The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：41 | 回复：0
CVE漏洞

CVE-2021-26528

The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：57 | 回复：0
CVE漏洞

CVE-2021-26222

The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-26221

The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：44 | 回复：0
CVE漏洞

CVE-2021-26220

The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：48 | 回复：0
CVE漏洞

CVE-2020-36152

Buffer overflow in readDataVar in hdf/dataobject.c in Symonics libmysofa 0.5 - 1.1 allows attackers to execute arbitrary code via a crafted SOFA.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：43 | 回复：0
CVE漏洞

CVE-2020-36151

Incorrect handling of input data in mysofa_resampler_reset_mem function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and overwriting large memory block.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：60 | 回复：0
CVE漏洞

CVE-2020-36150

Incorrect handling of input data in loudness function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and access to unallocated memory block.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：47 | 回复：0
CVE漏洞

CVE-2020-36149

Incorrect handling of input data in changeAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protect ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：63 | 回复：0
CVE漏洞

CVE-2020-36148

Incorrect handling of input data in verifyAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protect ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：54 | 回复：0
CVE漏洞

CVE-2020-24944

picoquic (before 3rd of July 2020) allows attackers to cause a denial of service (infinite loop) via a crafted QUIC frame, related to the picoquic_decode_frames and picoquic_decode_stream_frame functi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：57 | 回复：0
CVE漏洞

CVE-2021-26910

Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：58 | 回复：0
CVE漏洞

CVE-2021-26905

1Password SCIM Bridge before 1.6.2 mishandles validation of authenticated requests for log files, leading to disclosure of a TLS private key.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：61 | 回复：0
CVE漏洞

CVE-2021-26577

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so uploadsshkey function.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：64 | 回复：0