CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-26635

In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from the target file due to the wrong use of the data type. An attacker could use this vulnerab ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：61 | 回复：0
CVE-2021-32546

Missing input validation in internal/db/repo_editor.go in Gogs before 0.12.8 allows an attacker to execute code remotely. An unprivileged attacker (registered user) can overwrite the Git configuration ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：58 | 回复：0
CVE-2021-33254

An issue was discovered in src/http/httpLib.c in EmbedThis Appweb Community Edition 8.2.1, allows attackers to cause a denial of service via the stream paramter to the parseUri function.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：46 | 回复：0
CVE-2021-33504

Couchbase Server before 7.1.0 has Incorrect Access Control.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：42 | 回复：0
CVE-2021-33615

RSA Archer 6.8.00500.1003 P5 allows Unrestricted Upload of a File with a Dangerous Type.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：36 | 回复：0
CVE-2021-34078

lifion-verify-dependencies through 1.1.0 is vulnerable to OS command injection via a crafted dependency name on the scanned project's package.json file.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：47 | 回复：0
CVE-2021-34079

OS Command injection vulnerability in Mintzo Docker-Tester through 1.2.1 allows attackers to execute arbitrary commands via shell metacharacters in the 'ports' entry of a crafted docker-compos ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：33 | 回复：0
CVE-2021-34080

OS Command Injection vulnerability in es128 ssl-utils 1.0.0 for Node.js allows attackers to execute arbitrary commands via unsanitized shell metacharacters provided to the createCertRequest() and the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：36 | 回复：0
CVE-2021-34081

OS Command Injection vulnerability in bbultman gitsome through 0.2.3 allows attackers to execute arbitrary commands via a crafted tag name of the target git repository.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：44 | 回复：0
CVE-2021-34082

OS Command Injection vulnerability in allenhwkim proctree through 0.1.1 and commit 0ac10ae575459457838f14e21d5996f2fa5c7593 for Node.js, allows attackers to execute arbitrary commands via the fix func ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：38 | 回复：0
CVE-2021-34083

Google-it is a Node.js package which allows its users to send search queries to Google and receive the results in a JSON format. When using the 'Open in browser' option in versions up to 1.6.2 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：40 | 回复：0
CVE-2021-34084

OS command injection vulnerability in Turistforeningen node-s3-uploader through 2.0.3 for Node.js allows attackers to execute arbitrary commands via the metadata() function.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：33 | 回复：0
CVE-2021-36866

Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) vulnerability in Fatcat Apps Easy Pricing Tables plugin = 3.1.2 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：36 | 回复：0
CVE-2021-36890

Cross-Site Request Forgery (CSRF) vulnerability in Social Share Buttons by Supsystic plugin = 2.2.2 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：34 | 回复：0
CVE-2021-3676

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：31 | 回复：0
CVE-2021-40186

The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：39 | 回复：0
CVE-2021-42195

An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function handleEditText() located in swfdump.c. It allows an attacker to cause code Execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：41 | 回复：0
CVE-2021-42196

An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function traits_parse() located in abc.c. It allows an attacker to cause Denial of Service.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：70 | 回复：0
CVE-2021-42197

An issue was discovered in swftools through 20201222 through a memory leak in the swftools when swfdump is used. It allows an attacker to cause code execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：47 | 回复：0
CVE-2021-42198

An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function swf_GetBits() located in rfxswf.c. It allows an attacker to cause Denial of Service.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：68 | 回复：0
CVE-2021-42199

An issue was discovered in swftools through 20201222. A heap buffer overflow exists in the function swf_FontExtract_DefineTextCallback() located in swftext.c. It allows an attacker to cause code execu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：78 | 回复：0
CVE-2021-42200

An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function main() located in swfdump.c. It allows an attacker to cause Denial of Service.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：65 | 回复：0
CVE-2021-42201

An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function swf_GetD64() located in rfxswf.c. It allows an attacker to cause code execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：59 | 回复：0
CVE-2021-42202

An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function swf_DeleteFilter() located in swffilter.c. It allows an attacker to cause Denial of Service.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：70 | 回复：0
CVE-2021-42203

An issue was discovered in swftools through 20201222. A heap-use-after-free exists in the function swf_FontExtract_DefineTextCallback() located in swftext.c. It allows an attacker to cause code execut ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：72 | 回复：0
CVE-2021-42204

An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function swf_GetBits() located in rfxswf.c. It allows an attacker to cause code execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：67 | 回复：0
CVE-2021-42872

TOTOLINK EX1200T V4.1.2cu.5215 is affected by a command injection vulnerability that can remotely execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：105 | 回复：0
CVE-2021-43306

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：114 | 回复：0
CVE-2021-43307

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：187 | 回复：0
CVE-2021-43308

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module's exported ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：115 | 回复：0
CVE-2021-43512

An issue was discovered in FlightRadar24 v8.9.0, v8.10.0, v8.10.2, v8.10.3, v8.10.4 for Android, allows attackers to cause unspecified consequences due to being able to decompile a local application a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：84 | 回复：0
CVE-2021-44080

A Command Injection vulnerability in httpd web server (setup.cgi) in SerComm h500s, FW: lowi-h500s-v3.4.22 allows logged in administrators to arbitrary OS commands as root in the device via the connec ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：69 | 回复：0
CVE-2021-44095

A SQL injection vulnerability exists in ProjectWorlds Hospital Management System in php 1.0 on login page that allows a remote attacker to compromise Application SQL database.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：41 | 回复：0
CVE-2021-44096

EGavilan Media User-Registration-and-Login-System-With-Admin-Panel 1.0 is vulnerable to SQL Injection via profile_action - update_user. This allows a remote attacker to compromise Application SQL data ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：42 | 回复：0
CVE-2021-44097

EGavilan Media Contact-Form-With-Messages-Entry-Management 1.0 is vulnerable to SQL Injection via Addmessage.php. This allows a remote attacker to compromise Application SQL database.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：45 | 回复：0
CVE-2021-44098

EGavilan Media Expense-Management-System 1.0 is vulnerable to SQL Injection via /expense_action.php. This allows a remote attacker to compromise Application SQL database.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：41 | 回复：0
CVE-2021-4014

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：56 | 回复：0
CVE-2022-1215

A format string vulnerability was found in libinput……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：44 | 回复：0
CVE-2022-1419

The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：46 | 回复：0
CVE-2022-1462

An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：55 | 回复：0