CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-3947

A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvme_changed_nslist() where a malicious guest controlling certain input can read out of bounds memory. A malicious use ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：7 | 回复：0
CVE-2021-3948

An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cl ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：7 | 回复：0
CVE-2021-44968

A Use after Free vulnerability exists in IOBit Advanced SystemCare 15 pro via requests sent in sequential order using the IOCTL driver codes, which could let a malicious user execute arbitrary code or ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：5 | 回复：0
CVE-2021-45401

A Command injection vulnerability exists in Tenda AC10U AC1200 Smart Dual-band Wireless Router AC10U V1.0 Firmware V15.03.06.49_multi via the setUsbUnload functionality. The vulnerability is caused be ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2021-4090

An out-of-bounds (OOB) memory write flaw was found in the NFSD in the Linux kernel. Missing sanity may lead to a write beyond bmval in nfsd4_decode_bitmap4 in fs/nfsd/nfs4xdr.c. In this flaw, a local ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2021-4091

A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2021-4093

A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2022-0138

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 has a deserialization function that does not validate o ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2022-0585

Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2022-0646

A flaw use after free in the Linux kernel Management Component Transport Protocol (MCTP) subsystem was found in the way user triggers cancel_work_sync after the unregister_netdev during removing devic ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2022-0671

A flaw was found in vscode-xml in versions prior to 0.19.0. Schema download could lead to blind SSRF or DoS via a large file.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2022-0672

A flaw was found in LemMinX in versions prior to 0.19.0. Insecure redirect could allow unauthorized access to sensitive information locally if LemMinX is run under a privileged user.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2022-0673

A flaw was found in LemMinX in versions prior to 0.19.0. Cache poisoning of external schema files due to directory traversal.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2022-21141

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization checks on multipl ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2022-21143

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input on several locati ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：7 | 回复：0
CVE-2022-21176

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input, which may allow ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：9 | 回复：0
CVE-2022-21196

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authenticatio ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：10 | 回复：0
CVE-2022-21215

This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：11 | 回复：0
CVE-2022-21800

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before sto ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：11 | 回复：0
CVE-2022-23981

The vulnerability allows Subscriber+ level users to create brands in WordPress Perfect Brands for WooCommerce plugin (versions = 2.0.4).……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：13 | 回复：0
CVE-2022-23982

The vulnerability discovered in WordPress Perfect Brands for WooCommerce plugin (versions = 2.0.4) allows server information exposure.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：11 | 回复：0
CVE-2022-24445

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：9 | 回复：0
CVE-2022-25335

RigoBlock Dragos through 2022-02-17 lacks the onlyOwner modifier for setMultipleAllowances. This enables token manipulation, as exploited in the wild in February 2022. NOTE: although 2022-02-17 is the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：12 | 回复：0
CVE-2022-25336

Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference (IDOR) attacks against image files because the image path and filename can be c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：14 | 回复：0
CVE-2022-25337

Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：20 | 回复：0
CVE-2021-46036

An arbitrary file upload vulnerability in the component /ms/file/uploadTemplate.do of MCMS v5.2.4 allows attackers to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：21 | 回复：0
CVE-2021-46037

MCMS v5.2.4 was discovered to contain an arbitrary file deletion vulnerability via the component /template/unzip.do.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：22 | 回复：0
CVE-2021-23702

The package object-extend from 0.0.0 are vulnerable to Prototype Pollution via object-extend.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：36 | 回复：0
CVE-2021-46062

MCMS v5.2.5 was discovered to contain an arbitrary file deletion vulnerability via the component oldFileName.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：28 | 回复：0
CVE-2021-46063

MCMS v5.2.5 was discovered to contain a Server Side Template Injection (SSTI) vulnerability via the Template Management module.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：32 | 回复：0
CVE-2021-46082

Moxa TN-5900 v3.1 series routers, MGate 5109 v2.2 series protocol gateways, and MGate 5101-PBM-MN v2.1 series protocol gateways were discovered to contain a memory leak which allows attackers to cause ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：56 | 回复：0
CVE-2021-46562

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：60 | 回复：0
CVE-2021-46563

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：62 | 回复：0
CVE-2021-46564

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：789 | 回复：0
CVE-2021-46565

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：86 | 回复：0
CVE-2021-46566

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：52 | 回复：0
CVE-2021-46567

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：57 | 回复：0
CVE-2021-46568

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：27 | 回复：0
CVE-2021-46569

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：19 | 回复：0
CVE-2021-46570

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.16.0.80. User interaction is required to exploit this vulnerability in that th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：18 | 回复：0