CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-23648

containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’ ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：79 | 回复：0
CVE-2021-40637

OS4ED openSIS 8.0 is affected by cross-site scripting (XSS) in EmailCheckOthers.php. An attacker can inject JavaScript code to get the user's cookie and take over the working session of user.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：59 | 回复：0
CVE-2021-43774

A risky-algorithm issue was discovered on Fujifilm DocuCentre-VI C4471 1.8 devices. An attacker that obtained access to the administrative web interface of a printer (e.g., by using the default creden ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：64 | 回复：0
CVE-2021-45819

Wordline HIDCCEMonitorSVC before v5.2.4.3 contains an unquoted service path which allows attackers to escalate privileges to the system level.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：78 | 回复：0
CVE-2022-22706

Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. This affects Midgard r26p0 through r31p0, Bifrost r0p0 through r35p0, and Valhall r19p0 throu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：132 | 回复：0
CVE-2022-25031

Remote Desktop Commander Suite Agent before v4.8 contains an unquoted service path which allows attackers to escalate privileges to the system level.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：96 | 回复：0
CVE-2022-0753

Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：74 | 回复：0
CVE-2022-0841

OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：90 | 回复：0
CVE-2022-25138

Axelor Open Suite v5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Name parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：94 | 回复：0
CVE-2022-26125

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isis_tlvs.c.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：86 | 回复：0
CVE-2022-26126

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isis_nb_notifications.c.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：137 | 回复：0
CVE-2022-26127

A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to missing a check on the input packet length in the babel_packet_examin function in babeld/message.c.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：156 | 回复：0
CVE-2022-26128

A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to a wrong check on the input packet length in the babel_packet_examin function in babeld/message.c.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：393 | 回复：0
CVE-2022-26129

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the subtlv length in the functions, parse_hello_subtlv, parse_ihu_subtlv, and parse_update_subtlv in babeld/mess ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：231 | 回复：0
CVE-2021-3602

An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variab ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：166 | 回复：0
CVE-2021-3609

.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：135 | 回复：0
CVE-2021-3620

A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：92 | 回复：0
CVE-2022-0492

A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_ ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：94 | 回复：0
CVE-2022-22700

CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header co ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：88 | 回复：0
CVE-2022-23898

MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：100 | 回复：0
CVE-2022-23899

MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：93 | 回复：0
CVE-2022-25125

MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：85 | 回复：0
CVE-2022-24724

cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing ` ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：72 | 回复：0
CVE-2022-21716

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the pee ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：68 | 回复：0
CVE-2022-24723

URI.js is a Javascript URL mutation library. Before version 1.19.9, whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly. This issue has been patch ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：74 | 回复：0
CVE-2021-22686

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：65 | 回复：0
CVE-2021-22687

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：72 | 回复：0
CVE-2021-22688

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：91 | 回复：0
CVE-2021-22689

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：89 | 回复：0
CVE-2021-22690

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：83 | 回复：0
CVE-2021-22691

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：74 | 回复：0
CVE-2021-22692

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：78 | 回复：0
CVE-2021-22693

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：80 | 回复：0
CVE-2021-22694

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：94 | 回复：0
CVE-2021-22695

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：123 | 回复：0
CVE-2021-38577

Heap Overflow in BaseBmpSupportLib.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：213 | 回复：0
CVE-2021-38578

Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：141 | 回复：0
CVE-2021-3762

A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary f ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：176 | 回复：0
CVE-2021-4002

A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：149 | 回复：0
CVE-2022-0265

Improper Restriction of XML External Entity Reference in GitHub repository hazelcast/hazelcast in 5.1-BETA-1.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：145 | 回复：0