CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-23608

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：12 | 回复：0
CVE-2022-23652

capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious `Con ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：12 | 回复：0
CVE-2022-23654

Wiki.js is a wiki app built on Node.js. In affected versions an authenticated user with write access on a restricted set of paths can update a page outside the allowed paths by specifying a different ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：12 | 回复：0
CVE-2022-23635

Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, `istiod`, is vulnerable to a request processing error, allowing a malicious attack ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：14 | 回复：0
CVE-2021-43824

Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions a crafted request crashes Envoy when a CONNECT request is sent to JWT filter configured wit ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：14 | 回复：0
CVE-2021-43825

Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：11 | 回复：0
CVE-2021-43826

Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions of Envoy a crash occurs when configured for :ref:`upstream tunneling envoy_v3_api_field_ext ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：11 | 回复：0
CVE-2022-21654

Envoy is an open source edge and service proxy, designed for cloud-native applications. Envoy's tls allows re-use when some cert validation settings have changed from their default configuration. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：11 | 回复：0
CVE-2022-21655

Envoy is an open source edge and service proxy, designed for cloud-native applications. The envoy common router will segfault if an internal redirect selects a route configured with direct response or ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：11 | 回复：0
CVE-2022-21656

Envoy is an open source edge and service proxy, designed for cloud-native applications. The default_validator.cc implementation used to implement the default certificate validation routines has a type ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：11 | 回复：0
CVE-2022-21657

Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions Envoy does not restrict the set of certificates it accepts from the peer, either as a TLS c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：12 | 回复：0
CVE-2022-23606

Envoy is an open source edge and service proxy, designed for cloud-native applications. When a cluster is deleted via Cluster Discovery Service (CDS) all idle connections established to endpoints in t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：11 | 回复：0
CVE-2022-23612

OpenMRS is a patient-based medical record system focusing on giving providers a free customizable electronic medical record system. Affected versions are subject to arbitrary file exfiltration due to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：11 | 回复：0
CVE-2022-0654

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository fgribreau/node-request-retry prior to 7.0.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：12 | 回复：0
CVE-2022-0717

Out-of-bounds Read in GitHub repository mruby/mruby prior to 3.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：12 | 回复：0
CVE-2022-0736

Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：13 | 回复：0
CVE-2022-0719

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：14 | 回复：0
CVE-2022-0721

Insertion of Sensitive Information Into Debugging Code in GitHub repository microweber/microweber prior to 1.3.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：11 | 回复：0
CVE-2022-0724

Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：15 | 回复：0
CVE-2022-0726

Improper Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：16 | 回复：0
CVE-2022-0727

Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：17 | 回复：0
CVE-2022-0729

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：18 | 回复：0
CVE-2022-0476

Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：17 | 回复：0
CVE-2022-20623

A vulnerability in the rate limiter for Bidirectional Forwarding Detection (BFD) traffic of Cisco NX-OS Software for Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：20 | 回复：0
CVE-2022-20624

A vulnerability in the Cisco Fabric Services over IP (CFSoIP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affecte ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：15 | 回复：0
CVE-2022-20625

A vulnerability in the Cisco Discovery Protocol service of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the service to restart, resulting in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：19 | 回复：0
CVE-2022-20650

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：19 | 回复：0
CVE-2022-0731

Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：21 | 回复：0
CVE-2022-21705

Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions user input was not properly sanitized before rendering. An authenticated user with the permissions to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：16 | 回复：0
CVE-2021-4070

Off-by-one Error in GitHub repository v2fly/v2ray-core prior to 4.44.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：21 | 回复：0
CVE-2022-22333

IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly val ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：15 | 回复：0
CVE-2022-22336

IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could allow a remote user to consume resources causing a denial of service due to a resource lea ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：14 | 回复：0
CVE-2022-24409

Dell BSAFE SSL-J contains remediation for a covert timing channel vulnerability that may be exploited by malicious users to compromise the affected system. Only customers with active BSAFE maintenance ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：12 | 回复：0
CVE-2022-23651

b2-sdk-python is a python library to access cloud storage provided by backblaze. Linux and Mac releases of the SDK version 1.14.0 and below contain a key disclosure vulnerability that, in certain cond ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：13 | 回复：0
CVE-2022-23653

B2 Command Line Tool is the official command line tool for the backblaze cloud storage service. Linux and Mac releases of the B2 command-line tool version 3.2.0 and below contain a key disclosure vuln ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：12 | 回复：0
CVE-2022-23655

Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS did not validate gateway server signatures. As a result non-authoritative gateway servers m ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：13 | 回复：0
CVE-2021-26092

Failure to sanitize input in the SSL VPN web portal of FortiOS 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14, 6.0.0 through 6.0.12, 6.2.0 through 6.2.7, 6.4.0 through 6.4.4; and Fo ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：13 | 回复：0
CVE-2021-35689

A potential vulnerability in the Oracle Talent Acquisition Cloud - Taleo Enterprise Edition. This high severity potential vulnerability allows attackers to perform remote code execution on Taleo Enter ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：13 | 回复：0
CVE-2022-24671

A link following privilege escalation vulnerability in Trend Micro Antivirus for Max 11.0.2150 and below could allow a local attacker to modify a file during the update process and escalate their priv ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：12 | 回复：0
CVE-2022-24678

An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：13 | 回复：0