CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-20238

It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint (port 22623) ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：33 | 回复：0
CVE-2021-20295

It was discovered that the update for the virt:rhel module in the RHSA-2020:4676 (https://access.redhat.com/errata/RHSA-2020:4676) erratum released as part of Red Hat Enterprise Linux 8.3 failed to in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：48 | 回复：0
CVE-2021-22277

Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite - Control and I/O, ABB Base Software for SoftControl allows an attacker ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：41 | 回复：0
CVE-2021-23247

A command injection vulerability found in quick game engine allows arbitrary remote code in quick app. Allows remote attacke0rs to gain arbitrary code execution in quick game engine……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：40 | 回复：0
CVE-2021-23287

The vulnerability exists due to insufficient validation of input of certain resources within the IPM software. This issue affects: Intelligent Power Manager (IPM 1) versions prior to 1.70.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：34 | 回复：0
CVE-2021-23288

The vulnerability exists due to insufficient validation of input from certain resources by the IPP software. The attacker would need access to the local Subnet and an administrator interaction to comp ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：32 | 回复：0
CVE-2021-26623

A remote code execution vulnerability due to incomplete check for 'xheader_decode_path_record' function's parameter length value in the ark library. Remote attackers can induce exploit mal ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：34 | 回复：0
CVE-2021-26624

An local privilege escalation vulnerability due to a runasroot command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to runasroot co ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：30 | 回复：0
CVE-2021-27223

A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：32 | 回复：0
CVE-2021-27493

Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an u ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：34 | 回复：0
CVE-2021-27497

Philips Vue PACS versions 12.2.x.x and prior does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：33 | 回复：0
CVE-2021-27501

Philips Vue PACS versions 12.2.x.x and prior does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabilities.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：34 | 回复：0
CVE-2021-28504

On Arista Strata family products which have “TCAM profile” feature enabled when Port IPv4 access-list has a rule which matches on “vxlan” as protocol then that rule and subsequent rules ( rules de ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：46 | 回复：0
CVE-2021-32503

Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch fu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：49 | 回复：0
CVE-2021-32933

An attacker could leverage an API to pass along a malicious file that could then manipulate the process creation command line in MDT AutoSave versions prior to v6.02.06 and run a command line argument ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：49 | 回复：0
CVE-2021-32937

An attacker can gain knowledge of a session temporary working folder where the getfile and putfile commands are used in MDT AutoSave versions prior to v6.02.06. An attacker can leverage this knowledge ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：67 | 回复：0
CVE-2021-32945

An attacker could decipher the encryption and gain access to MDT AutoSave versions prior to v6.02.06.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：65 | 回复：0
CVE-2021-32949

An attacker could utilize a function in MDT AutoSave versions prior to v6.02.06 that permits changing a designated path to another path and traversing the directory, allowing the replacement of an exi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：91 | 回复：0
CVE-2021-32953

An attacker could utilize SQL commands to create a new user MDT AutoSave versions prior to v6.02.06 and update the user’s permissions, granting the attacker the ability to login.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：76 | 回复：0
CVE-2021-32957

A function in MDT AutoSave versions prior to v6.02.06 is used to retrieve system information for a specific process, and this information collection executes multiple commands and summarizes the infor ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：68 | 回复：0
CVE-2021-32960

Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated attacker to bypass ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：77 | 回复：0
CVE-2021-32961

A getfile function in MDT AutoSave versions prior to v6.02.06 enables a user to supply an optional parameter, resulting in the processing of a request in a special manner. This can result in the execu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：103 | 回复：0
CVE-2021-32968

Two buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O Series firmware version 2.2 or earlier may allow a remote attacker to cause a denial-of-service condition.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：111 | 回复：0
CVE-2021-32970

Data can be copied without validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier, which may allow a remote attacker to cause denial-of-service conditi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：97 | 回复：0
CVE-2021-32974

Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to execute commands.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：81 | 回复：0
CVE-2021-32976

Five buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to initiate a denial-of-service attack and execute arbitr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：87 | 回复：0
CVE-2021-33018

The use of a broken or risky cryptographic algorithm in Philips Vue PACS versions 12.2.x.x and prior is an unnecessary risk that may result in the exposure of sensitive information.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：58 | 回复：0
CVE-2021-33020

Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attac ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：55 | 回复：0
CVE-2021-33022

Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：49 | 回复：0
CVE-2021-33024

Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or retrieval.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：37 | 回复：0
CVE-2021-33657

There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this lib ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：40 | 回复：0
CVE-2021-39908

In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 certain Unicode characters can be ab ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：41 | 回复：0
CVE-2021-3461

A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute .……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：35 | 回复：0
CVE-2021-3847

An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into anot ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：47 | 回复：0
CVE-2022-0373

Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 to 14.6.4, and 12.6 to 14.7.1 allows project non-members to retrieve the service desk email address……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：65 | 回复：0
CVE-2022-0390

Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1 allowed for project non-members to retrieve issue details when it was linked to an item from the vul ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：63 | 回复：0
CVE-2022-0425

A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE/EE since version 7.9 allows an attacker to trigger Server Side Request Forgery (SSRF) attacks.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：146 | 回复：0
CVE-2022-0489

An issue has been discovered in GitLab CE/EE affecting all versions starting with 8.15 . It was possible to trigger a DOS by using the math feature with a specific formula in issue comments.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：170 | 回复：0
CVE-2022-0741

Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：96 | 回复：0
CVE-2022-0922

The software does not perform any authentication for critical system functionality.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：73 | 回复：0