CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-3700

A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：11 | 回复：0
CVE-2021-44531

Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js 12.22.9, ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：11 | 回复：0
CVE-2021-44532

Node.js 12.22.9, 14.18.3, 16.13.2, and 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connect ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：10 | 回复：0
CVE-2021-44533

Node.js 12.22.9, 14.18.3, 16.13.2, and 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Disti ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：10 | 回复：0
CVE-2021-44662

A Site Scripting (XSS) vulnerability exists in the Xerte Project Xerte through 3.8.4 via the link parameter in print.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：9 | 回复：0
CVE-2021-44663

A Remote Code Execution (RCE) vulnerability exists in the Xerte Project Xerte through 3.8.4 via a crafted php file through elfinder in connetor.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：10 | 回复：0
CVE-2021-4021

A vulnerability was found in Radare2 in versions prior to 5.6.2, 5.6.0, 5.5.4 and 5.5.2. Mapping a huge section filled with zeros of an ELF64 binary for MIPS architecture can lead to uncontrolled reso ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：9 | 回复：0
CVE-2022-0544

An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender version ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：10 | 回复：0
CVE-2021-43049

The Database component of TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：44 | 回复：0
CVE-2021-43050

The Auth Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with local access to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：37 | 回复：0
CVE-2022-22770

The Web Server component of TIBCO Software Inc.'s TIBCO AuditSafe contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute API methods on ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：49 | 回复：0
CVE-2021-42713

Splashtop Remote Client (Personal Edition) through 3.4.6.1 creates a Temporary File in a Directory with Insecure Permissions.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：32 | 回复：0
CVE-2021-42714

Splashtop Remote Client (Business Edition) through 3.4.8.3 creates a Temporary File in a Directory with Insecure Permissions.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：45 | 回复：0
CVE-2022-23639

crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：49 | 回复：0
CVE-2022-24589

Burden v3.0 was discovered to contain a stored cross-site scripting (XSS) in the Add Category function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted paylo ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：41 | 回复：0
CVE-2021-33945

RICOH Printer series SP products 320DN, SP 325DNw, SP 320SN, SP 320SFN, SP 325SNw, SP 325SFNw, SP 330SN, Aficio SP 3500SF, SP 221S, SP 220SNw, SP 221SNw, SP 221SF, SP 220SFNw, SP 221SFNw v1.06 were di ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：37 | 回复：0
CVE-2021-37354

Xerox Phaser 4622 v35.013.01.000 was discovered to contain a buffer overflow in the function sub_3226AC via the TIMEZONE variable. This vulnerability allows attackers to cause a Denial of Service (DoS ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：29 | 回复：0
CVE-2021-46262

Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the PPPoE module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted o ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：37 | 回复：0
CVE-2021-46263

Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the wifiTime module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafte ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：33 | 回复：0
CVE-2021-46264

Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the onlineList module. This vulnerability allows attackers to cause a Denial of Service (DoS) via craf ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：37 | 回复：0
CVE-2021-46265

Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the wanBasicCfg module. This vulnerability allows attackers to cause a Denial of Service (DoS) via cra ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：35 | 回复：0
CVE-2021-46321

Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the wifiBasicCfg module. This vulnerability allows attackers to cause a Denial of Service (DoS) via cr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：44 | 回复：0
CVE-2022-23641

Discourse is an open source discussion platform. In versions prior to 2.8.1 in the `stable` branch, 2.9.0.beta2 in the `beta` branch, and 2.9.0.beta2 in the `tests-passed` branch, users can trigger a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：45 | 回复：0
CVE-2021-35380

A Directory Traversal vulnerability exists in Solari di Udine TermTalk Server (TTServer) 3.24.0.2, which lets an unauthenticated malicious user gain access to the files on the remote system by gaining ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：44 | 回复：0
CVE-2022-23643

Sourcegraph is a code search and navigation engine. Sourcegraph versions 3.35 and 3.36 reintroduced a previously fixed side-channel vulnerabilitity in the Code Monitoring feature where strings in priv ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：50 | 回复：0
CVE-2021-46249

An authorization bypass exploited by a user-controlled key in SpecificApps REST API in ScratchOAuth2 before commit d856dc704b2504cd3b92cf089fdd366dd40775d6 allows app owners to set flags that indicate ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：48 | 回复：0
CVE-2021-46250

An issue in SOA2Login::commented of ScratchOAuth2 before commit a91879bd58fa83b09283c0708a1864cdf067c64a allows attackers to authenticate as other users on downstream components that rely on ScratchOA ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：63 | 回复：0
CVE-2021-46251

A reflected cross-site scripting (XSS) in ScratchOAuth2 before commit 1603f04e44ef67dde6ccffe866d2dca16defb293 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：107 | 回复：0
CVE-2021-46252

A Cross-Site Request Forgery (CSRF) in RequirementsBypassPage.php of Scratch Wiki scratch-confirmaccount-v3 allows attackers to modify account request requirement bypasses.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：78 | 回复：0
CVE-2022-0611

Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3.11.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：109 | 回复：0
CVE-2022-25235

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：72 | 回复：0
CVE-2022-25236

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：51 | 回复：0
CVE-2022-25241

In FileCloud before 21.3, the CSV user import functionality is vulnerable to Cross-Site Request Forgery (CSRF).……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：55 | 回复：0
CVE-2022-25242

In FileCloud before 21.3, file upload is not protected against Cross-Site Request Forgery (CSRF).……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：57 | 回复：0
CVE-2022-0612

Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：25 | 回复：0
CVE-2022-0613

Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：23 | 回复：0
CVE-2022-0614

Use of Out-of-range Pointer Offset in Homebrew mruby prior to 3.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：19 | 回复：0
CVE-2021-46388

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: Reason: The issue is not a vulnerability (fails CNT2) - Has no impact on availability, integrity or confidence as only documented html templa ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：25 | 回复：0
CVE-2022-0559

Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：23 | 回复：0
CVE-2022-23358

EasyCMS v1.6 allows for SQL injection via ArticlemAction.class.php. In the background, search terms provided by the user were not sanitized and were used directly to construct a SQL statement.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：24 | 回复：0