漏洞 - 第989页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-3029

** UNSUPPORTED WHEN ASSIGNED ** EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has an OS Command Injection vulnerability via shell metacharacters and an IFS manipulation. The parameter file on ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：54 | 回复：0
CVE漏洞

CVE-2020-35114

Mozilla developers reported memory safety bugs present in Firefox 83. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been explo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：67 | 回复：0
CVE漏洞

CVE-2020-35113

Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：48 | 回复：0
CVE漏洞

CVE-2020-35112

If a user downloaded a file lacking an extension on Windows, and then Open-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an exe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：46 | 回复：0
CVE漏洞

CVE-2020-35111

When an extension with the proxy permission registered to receive all_urls, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：46 | 回复：0
CVE漏洞

CVE-2020-26979

When a user typed a URL in the address bar or the search bar and quickly hit the enter key, a website could sometimes capture that event and then redirect the user before navigation occurred to the de ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：60 | 回复：0
CVE漏洞

CVE-2020-26978

Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：69 | 回复：0
CVE漏洞

CVE-2020-26977

By attempting to connect a website using an unresponsive port, an attacker could have controlled the content of a tab while the URL bar displayed the original domain. *Note: This issue only affects Fi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：53 | 回复：0
CVE漏洞

CVE-2020-26976

When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe n ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：55 | 回复：0
CVE漏洞

CVE-2020-26975

When a malicious application installed on the user's device broadcast an Intent to Firefox for Android, arbitrary headers could have been specified, leading to attacks such as abusing ambient auth ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：67 | 回复：0
CVE漏洞

CVE-2020-26974

When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potent ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：56 | 回复：0
CVE漏洞

CVE-2020-26973

Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox 84, Thunderbird 7 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：45 | 回复：0
CVE漏洞

CVE-2020-26972

The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former must ensure that they are not attempting to use a dead actor they have a reference to. Such a check wa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：43 | 回复：0
CVE漏洞

CVE-2020-26971

Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firefox 84, Thunderbird 78.6, and Firefox E ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：41 | 回复：0
CVE漏洞

CVE-2020-26768

Formstone =1.4.16 is vulnerable to a Reflected Cross-Site Scripting (XSS) vulnerability caused by improper validation of user supplied input in the upload-target.php and upload-chunked.php files. A re ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：49 | 回复：0
CVE漏洞

CVE-2020-24903

Cute Editor for ASP.NET 6.4 is vulnerable to reflected cross-site scripting (XSS) caused by improper validation of user supplied input. A remote attacker could exploit this vulnerability using a speci ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：55 | 回复：0
CVE漏洞

CVE-2020-24902

Quixplorer =2.4.1 is vulnerable to reflected cross-site scripting (XSS) caused by improper validation of user supplied input. A remote attacker could exploit this vulnerability using a specially craft ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：55 | 回复：0
CVE漏洞

CVE-2020-24901

The default installation of Krpano Panorama Viewer version =1.20.8 is vulnerable to Reflected XSS due to insecure remote js load in file viewer/krpano.html, parameter plugin.url.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：38 | 回复：0
CVE漏洞

CVE-2020-24900

The default installation of Krpano Panorama Viewer version =1.20.8 is prone to Reflected XSS due to insecure XML load in file /viewer/krpano.html, parameter xml.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：47 | 回复：0
CVE漏洞

CVE-2020-36183

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：37 | 回复：0
CVE漏洞

CVE-2020-36182

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：45 | 回复：0
CVE漏洞

CVE-2020-36180

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：45 | 回复：0
CVE漏洞

CVE-2020-36179

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：50 | 回复：0
CVE漏洞

CVE-2020-26085

Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) wi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：66 | 回复：0
CVE漏洞

CVE-2020-36189

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSou ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：52 | 回复：0
CVE漏洞

CVE-2020-36188

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：40 | 回复：0
CVE漏洞

CVE-2020-36187

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：44 | 回复：0
CVE漏洞

CVE-2020-36186

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：34 | 回复：0
CVE漏洞

CVE-2020-36185

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：28 | 回复：0
CVE漏洞

CVE-2020-36184

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：34 | 回复：0
CVE漏洞

CVE-2020-36181

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：48 | 回复：0
CVE漏洞

CVE-2020-35262

Cross Site Scripting (XSS) vulnerability in Digisol DG-HR3400 can be exploited via the NTP server name in Time and date module and Keyword in URL Filter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：59 | 回复：0
CVE漏洞

CVE-2020-25498

Cross Site Scripting (XSS) vulnerability in Beetel router 777VR1 can be exploited via the NTP server name in System Time and Keyword in URL Filter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：40 | 回复：0
CVE漏洞

CVE-2020-8287

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：29 | 回复：0
CVE漏洞

CVE-2020-8281

A missing file type check in Nextcloud Contacts 3.3.0 allows a malicious user to upload malicious SVG files to perform cross-site scripting (XSS) attacks.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：28 | 回复：0
CVE漏洞

CVE-2020-8280

A missing file type check in Nextcloud Contacts 3.4.0 allows a malicious user to upload SVG files as PNG files to perform cross-site scripting (XSS) attacks.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：38 | 回复：0
CVE漏洞

CVE-2020-8275

Citrix Secure Mail for Android before 20.11.0 suffers from improper access control allowing unauthenticated access to read limited calendar related data stored within Secure Mail. Note that a maliciou ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：37 | 回复：0
CVE漏洞

CVE-2020-8274

Citrix Secure Mail for Android before 20.11.0 suffers from Improper Control of Generation of Code ('Code Injection') by allowing unauthenticated access to read data stored within Secure Mail. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：37 | 回复：0
CVE漏洞

CVE-2020-8265

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TL ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：55 | 回复：0
CVE漏洞

CVE-2020-8264

In actionpack gem = 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:37 | 阅读：43 | 回复：0

1 ... 985 986 987 988989990 991 992 ... 1000 / 1000 页下一页

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群官方微博

客服电话

电子邮件

漏洞

下级分类:

极客给你想要的成长

关于我们

产品与服务

解决方案

139-2527-9053