漏洞 - 第999页-OStack程序员社区-中国程序员成长平台

OStack程序员社区-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2020-4916

IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially le ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：121 | 回复：0
CVE漏洞

CVE-2020-4913

IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：132 | 回复：0
CVE漏洞

CVE-2020-4912

IBM Cloud Pak System 2.3 Self Service Console could allow a privilege escalation by capturing the user request URL when logged in as a privileged user. IBM X-Force ID: 191287.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：127 | 回复：0
CVE漏洞

CVE-2020-4910

IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially le ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：122 | 回复：0
CVE漏洞

CVE-2020-4909

IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially le ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：122 | 回复：0
CVE漏洞

CVE-2020-7771

The package asciitable.js before 1.0.3 are vulnerable to Prototype Pollution via the main function.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：131 | 回复：0
CVE漏洞

CVE-2020-28464

This affects the package djv before 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：120 | 回复：0
CVE漏洞

CVE-2019-16960

SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file with a crafted Location Name field.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：141 | 回复：0
CVE漏洞

CVE-2019-16956

SolarWinds Web Help Desk 12.7.0 allows XSS via the Request Type parameter of a ticket.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：138 | 回复：0
CVE漏洞

CVE-2021-3007

** DISPUTED ** Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：131 | 回复：0
CVE漏洞

CVE-2021-21495

MK-AUTH through 19.01 K4.9 allows CSRF for password changes via the central/executar_central.php?acao=altsenha_princ URI.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：121 | 回复：0
CVE漏洞

CVE-2021-21494

MK-AUTH through 19.01 K4.9 allows XSS via the admin/logs_ajax.php tipo parameter. An attacker can leverage this to read the centralmka2 (session token) cookie, which is not set to HTTPOnly.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：151 | 回复：0
CVE漏洞

CVE-2020-35965

decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：145 | 回复：0
CVE漏洞

CVE-2020-35964

track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：124 | 回复：0
CVE漏洞

CVE-2020-35963

flb_gzip_compress in flb_gzip.c in Fluent Bit before 1.6.4 has an out-of-bounds write because it does not use the correct calculation of the maximum gzip data-size expansion.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：128 | 回复：0
CVE漏洞

CVE-2020-35962

The sellTokenForLRC function in the vault protocol in the smart contract implementation for Loopring (LRC), an Ethereum token, lacks access control for fee swapping and thus allows price manipulation.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：140 | 回复：0
CVE漏洞

CVE-2021-3006

The breed function in the smart contract implementation for Farm in Seal Finance (Seal), an Ethereum token, lacks access control and thus allows price manipulation, as exploited in the wild in Decembe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：138 | 回复：0
CVE漏洞

CVE-2020-28841

MyDrivers64.sys in DriverGenius 9.61.3708.3054 allows attackers to cause a system crash via the ioctl command 0x9c402000 to \\.\MyDrivers0_0_1.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：139 | 回复：0
CVE漏洞

CVE-2021-3005

MK-AUTH through 19.01 K4.9 allows remote attackers to obtain sensitive information (e.g., a CPF number) via a modified titulo (aka invoice number) value to the central/recibo.php URI.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：115 | 回复：0
CVE漏洞

CVE-2021-3004

The _deposit function in the smart contract implementation for Stable Yield Credit (yCREDIT), an Ethereum token, has certain incorrect calculations. An attacker can obtain more yCREDIT tokens than the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：128 | 回复：0
CVE漏洞

CVE-2020-35952

login.php in PHPFusion (aka PHP-Fusion) Andromeda 9.x before 2020-12-30 generates error messages that distinguish between incorrect username and incorrect password (i.e., not a single Incorrect userna ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：110 | 回复：0
CVE漏洞

CVE-2020-28852

In x/text in Go before v0.3.5, a slice bounds out of range panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-L ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：113 | 回复：0
CVE漏洞

CVE-2020-28851

In x/text in Go 1.15.4, an index out of range panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language hea ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：121 | 回复：0
CVE漏洞

CVE-2021-3002

Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?sec=forgot email parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：118 | 回复：0
CVE漏洞

CVE-2020-35717

zonote through 0.4.0 allows XSS via a crafted note, with resultant Remote Code Execution (because nodeIntegration in webPreferences is true).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：135 | 回复：0
CVE漏洞

CVE-2020-35391

Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：143 | 回复：0
CVE漏洞

CVE-2022-24115

Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:42 | 阅读：205 | 回复：0
CVE漏洞

CVE-2022-24114

Local privilege escalation due to race condition on application startup. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (mac ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:42 | 阅读：196 | 回复：0
CVE漏洞

CVE-2022-24113

Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:42 | 阅读：233 | 回复：0
CVE漏洞

CVE-2022-23980

Cross-Site Scripting (XSS) vulnerability discovered in Yasr – Yet Another Stars Rating WordPress plugin (versions = 2.9.9), vulnerable at parameter 'source'.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:42 | 阅读：189 | 回复：0
CVE漏洞

CVE-2022-23947

A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon DCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerbe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:42 | 阅读：186 | 回复：0
CVE漏洞

CVE-2022-23946

A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon GCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerbe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:42 | 阅读：190 | 回复：0
CVE漏洞

CVE-2022-23913

In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:42 | 阅读：181 | 回复：0
CVE漏洞

CVE-2022-23805

A security out-of-bounds read information disclosure vulnerability in Trend Micro Worry-Free Business Security Server could allow a local attacker to send garbage data to a specific named pipe and cra ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:42 | 阅读：166 | 回复：0
CVE漏洞

CVE-2022-23614

Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:42 | 阅读：198 | 回复：0
CVE漏洞

CVE-2022-23611

iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows utility. In affected versions iTunesRPC-Remastered did not properly sanitize image file paths leading to OS level command injectio ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:42 | 阅读：157 | 回复：0
CVE漏洞

CVE-2022-23609

iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows utility. In affected versions iTunesRPC-Remastered did not properly sanitize user input used to remove files leading to file delet ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:42 | 阅读：176 | 回复：0
CVE漏洞

CVE-2022-23605

Wire webapp is a web client for the wire messaging protocol. In versions prior to 2022-01-27-production.0 expired ephemeral messages were not reliably removed from local chat history of Wire Webapp. I ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:42 | 阅读：206 | 回复：0
CVE漏洞

CVE-2022-23600

fleet is an open source device management, built on osquery. Versions prior to 4.9.1 expose a limited ability to spoof SAML authentication with missing audience verification. This impacts deployments ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:42 | 阅读：201 | 回复：0
CVE漏洞

CVE-2022-23595

Tensorflow is an Open Source Machine Learning Framework. When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:42 | 阅读：223 | 回复：0