CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-3002

Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?sec=forgot email parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：103 | 回复：0
CVE-2020-28851

In x/text in Go 1.15.4, an index out of range panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language hea ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：100 | 回复：0
CVE-2020-28852

In x/text in Go before v0.3.5, a slice bounds out of range panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-L ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：98 | 回复：0
CVE-2020-35952

login.php in PHPFusion (aka PHP-Fusion) Andromeda 9.x before 2020-12-30 generates error messages that distinguish between incorrect username and incorrect password (i.e., not a single Incorrect userna ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：90 | 回复：0
CVE-2021-3004

The _deposit function in the smart contract implementation for Stable Yield Credit (yCREDIT), an Ethereum token, has certain incorrect calculations. An attacker can obtain more yCREDIT tokens than the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：103 | 回复：0
CVE-2021-3005

MK-AUTH through 19.01 K4.9 allows remote attackers to obtain sensitive information (e.g., a CPF number) via a modified titulo (aka invoice number) value to the central/recibo.php URI.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：98 | 回复：0
CVE-2020-28841

MyDrivers64.sys in DriverGenius 9.61.3708.3054 allows attackers to cause a system crash via the ioctl command 0x9c402000 to \\.\MyDrivers0_0_1.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：111 | 回复：0
CVE-2021-3006

The breed function in the smart contract implementation for Farm in Seal Finance (Seal), an Ethereum token, lacks access control and thus allows price manipulation, as exploited in the wild in Decembe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：109 | 回复：0
CVE-2020-35962

The sellTokenForLRC function in the vault protocol in the smart contract implementation for Loopring (LRC), an Ethereum token, lacks access control for fee swapping and thus allows price manipulation.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：105 | 回复：0
CVE-2020-35963

flb_gzip_compress in flb_gzip.c in Fluent Bit before 1.6.4 has an out-of-bounds write because it does not use the correct calculation of the maximum gzip data-size expansion.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：105 | 回复：0
CVE-2020-35964

track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：101 | 回复：0
CVE-2020-35965

decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：119 | 回复：0
CVE-2021-21494

MK-AUTH through 19.01 K4.9 allows XSS via the admin/logs_ajax.php tipo parameter. An attacker can leverage this to read the centralmka2 (session token) cookie, which is not set to HTTPOnly.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：124 | 回复：0
CVE-2021-21495

MK-AUTH through 19.01 K4.9 allows CSRF for password changes via the central/executar_central.php?acao=altsenha_princ URI.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：98 | 回复：0
CVE-2021-3007

** DISPUTED ** Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：108 | 回复：0
CVE-2019-16956

SolarWinds Web Help Desk 12.7.0 allows XSS via the Request Type parameter of a ticket.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：113 | 回复：0
CVE-2019-16960

SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file with a crafted Location Name field.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：114 | 回复：0
CVE-2020-28464

This affects the package djv before 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：92 | 回复：0
CVE-2020-7771

The package asciitable.js before 1.0.3 are vulnerable to Prototype Pollution via the main function.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：107 | 回复：0
CVE-2020-4909

IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially le ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：96 | 回复：0
CVE-2020-4910

IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially le ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：99 | 回复：0
CVE-2020-4912

IBM Cloud Pak System 2.3 Self Service Console could allow a privilege escalation by capturing the user request URL when logged in as a privileged user. IBM X-Force ID: 191287.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：106 | 回复：0
CVE-2020-4913

IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：105 | 回复：0
CVE-2020-4916

IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially le ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：104 | 回复：0
CVE-2020-4917

IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X- ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：109 | 回复：0
CVE-2020-4918

IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. IBM X ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：94 | 回复：0
CVE-2020-4919

IBM Cloud Pak System 2.3 has insufficient logout controls which could allow an authenticated privileged user to impersonate another user on the system. IBM X-Force ID: 191395.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：109 | 回复：0
CVE-2020-4928

IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By intercepting the request and modifying the file extention, the attacker could execute arbitrary code on t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：95 | 回复：0
CVE-2020-4942

IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user tha ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：103 | 回复：0
CVE-2020-22550

Veno File Manager 3.5.6 is affected by a directory traversal vulnerability. Using the traversal allows an attacker to download sensitive files from the server.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：122 | 回复：0
CVE-2020-35493

A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow - out-of-bounds read that could lead to an impac ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：104 | 回复：0
CVE-2020-35494

There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：104 | 回复：0
CVE-2020-35495

There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat fro ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：97 | 回复：0
CVE-2021-3349

** DISPUTED ** GNOME Evolution through 3.38.3 produces a Valid signature message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the G ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：100 | 回复：0
CVE-2021-3350

deleteaccount.php in the Delete Account plugin 1.4 for MyBB allows XSS via the deletereason parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：94 | 回复：0
CVE-2020-28194

Variable underflow exists in accel-ppp radius/packet.c when receiving a RADIUS vendor-specific attribute with length field is less than 2. It has an impact only when the attacker controls the RADIUS s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:35 | 阅读：121 | 回复：0
CVE-2022-23564

Tensorflow is an Open Source Machine Learning Framework. When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based o ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:42 | 阅读：230 | 回复：0
CVE-2022-23565

Tensorflow is an Open Source Machine Learning Framework. An attacker can trigger denial of service via assertion failure by altering a `SavedModel` on disk such that `AttrDef`s of some operation are d ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:42 | 阅读：252 | 回复：0
CVE-2022-23566

Tensorflow is an Open Source Machine Learning Framework. TensorFlow is vulnerable to a heap OOB write in `Grappler`. The `set_output` function writes to an array at the specified index. Hence, this gi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:42 | 阅读：225 | 回复：0
CVE-2022-23570

Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are mis ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:42 | 阅读：217 | 回复：0