CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-45391

A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21_CN in the sub_422CE4 function in the goform/setIPv6Status binary file /usr/sbin/httpd via the conType parameter, which causes a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：21 | 回复：0
CVE-2021-26726

A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions f ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：22 | 回复：0
CVE-2019-4291

IBM Maximo Anywhere 7.6.4.0 could allow an attacker to reverse engineer the application due to the lack of binary protection precautions. IBM X-Force ID: 160697.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：17 | 回复：0
CVE-2019-4351

IBM Maximo Anywhere 7.6.4.0 applications could disclose sensitive information to a user with physical access to the device. IBM X-Force ID: 161493.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：17 | 回复：0
CVE-2019-4352

IBM Maximo Anywhere 7.6.4.0 applications could allow obfuscation of the application source code. IBM X-Force ID: 161494.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：16 | 回复：0
CVE-2020-6917

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：14 | 回复：0
CVE-2020-6918

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：11 | 回复：0
CVE-2020-6919

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：13 | 回复：0
CVE-2020-6920

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：12 | 回复：0
CVE-2020-6921

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：13 | 回复：0
CVE-2020-6922

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：14 | 回复：0
CVE-2021-21958

A heap-based buffer overflow vulnerability exists in the Hword HwordApp.dll functionality of Hancom Office 2020 11.0.0.2353. A specially-crafted malformed file can lead to memory corruption and potent ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：11 | 回复：0
CVE-2021-21966

An information disclosure vulnerability exists in the HTTP Server /ping.html functionality of Texas Instruments CC3200 SimpleLink Solution NWP 2.9.0.0. A specially-crafted HTTP request can lead to an ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：11 | 回复：0
CVE-2021-22040

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this iss ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：11 | 回复：0
CVE-2021-22041

VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：11 | 回复：0
CVE-2021-22042

VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor with privileges within the VMX process only, may be able to acc ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：12 | 回复：0
CVE-2021-22043

VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled. A malicious actor with access to settingsd, may exploit this issue to escala ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：10 | 回复：0
CVE-2021-22050

ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. A malicious actor with network access to ESXi may exploit this issue to create a denial-of-service condition by overwhelmi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：9 | 回复：0
CVE-2021-23682

This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：9 | 回复：0
CVE-2021-39297

Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：9 | 回复：0
CVE-2021-39298

A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting in arbitrary code execution which could be used b ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：8 | 回复：0
CVE-2021-39299

Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：9 | 回复：0
CVE-2021-39300

Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：9 | 回复：0
CVE-2021-39301

Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：9 | 回复：0
CVE-2021-3551

A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：7 | 回复：0
CVE-2021-3557

A flaw was found in argocd. Any unprivileged user is able to deploy argocd in their namespace and with the created ServiceAccount argocd-argocd-server, the unprivileged user is able to read all resour ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：8 | 回复：0
CVE-2021-3648

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-3530. Reason: This candidate is a reservation duplicate of CVE-2021-3530. Notes: All CVE users should reference CVE-2021-3530 instea ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：8 | 回复：0
CVE-2021-4106

A vulnerability in Snow Inventory Java Scanner allows an attacker to run malicious code at a higher level of privileges. This issue affects: SNOW Snow Inventory Java Scanner 1.0……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：8 | 回复：0
CVE-2021-4134

The Fancy Product Designer WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the ID parameter found in the ~/inc/api/class-view.php file which allows ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：6 | 回复：0
CVE-2021-4220

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：6 | 回复：0
CVE-2022-0513

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the exclusion_reason parameter found in the ~/includes/class-wp-statistics-exclus ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：6 | 回复：0
CVE-2022-0617

A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：6 | 回复：0
CVE-2022-22792

MobiSoft - MobiPlus User Take Over and Improper Handling of url Parameters Attacker can navigate to specific url which will expose all the users and password in clear text. http://IP/MobiPlusWeb/Handl ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：6 | 回复：0
CVE-2022-22945

VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：6 | 回复：0
CVE-2022-23186

Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the curren ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：6 | 回复：0
CVE-2022-23188

Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by a buffer overflow vulnerability due to insecure handling of a crafted malicious file, potentially resulting in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：6 | 回复：0
CVE-2022-23189

Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：6 | 回复：0
CVE-2022-23190

Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could levera ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：6 | 回复：0
CVE-2022-23191

Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could levera ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：6 | 回复：0
CVE-2022-23192

Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could levera ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：6 | 回复：0