CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-46462

njs through 0.7.1, used in NGINX, was discovered to contain a segmentation violation via njs_object_set_prototype in /src/njs_object.c.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：24 | 回复：0
CVE-2021-46463

njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then().……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：26 | 回复：0
CVE-2021-4201

Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms allows remote unauthenticated attackers to hijack sessions, including potentially admin-level sessions ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：24 | 回复：0
CVE-2022-0581

Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：40 | 回复：0
CVE-2022-0582

Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：44 | 回复：0
CVE-2022-0583

Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：32 | 回复：0
CVE-2022-0586

Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：47 | 回复：0
CVE-2022-23410

AXIS IP Utility before 4.18.0 allows for remote code execution and local privilege escalation by the means of DLL hijacking. IPUtility.exe would attempt to load DLLs from its current working directory ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：62 | 回复：0
CVE-2022-23992

XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：56 | 回复：0
CVE-2022-24704

The rad_packet_recv function in opt/src/accel-pppd/radius/packet.c suffers from a buffer overflow vulnerability, whereby user input len is copied into a fixed buffer attr-val.integer without any bound ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：44 | 回复：0
CVE-2022-24705

The rad_packet_recv function in radius/packet.c suffers from a memcpy buffer overflow, resulting in an overly-large recvfrom into a fixed buffer that causes a buffer overflow and overwrites arbitrary ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：47 | 回复：0
CVE-2022-25139

njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njs_await_fulfilled.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：39 | 回复：0
CVE-2022-0580

Improper Access Control in Packagist librenms/librenms prior to 22.2.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：30 | 回复：0
CVE-2022-21818

NVIDIA License System contains a vulnerability in the installation scripts for the DLS virtual appliance, where a user on a network after signing in to the portal can access other users’ credentials, ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：30 | 回复：0
CVE-2021-43952

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to restore the default configuration of fields via a Cross-Site Request Forgery (CSRF) vulnerability i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：28 | 回复：0
CVE-2021-43950

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view import source configuration information via a Broken Access Control vulnerabi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：35 | 回复：0
CVE-2021-43953

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：75 | 回复：0
CVE-2021-43940

Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Conflue ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：36 | 回复：0
CVE-2021-43941

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources (including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa) via a Cross-Site ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：57 | 回复：0
CVE-2021-43948

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view the names of private objects via an Improper Authorization vulnerability in t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：50 | 回复：0
CVE-2022-0587

Improper Authorization in Packagist librenms/librenms prior to 22.2.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：44 | 回复：0
CVE-2022-0588

Exposure of Sensitive Information to an Unauthorized Actor in Packagist librenms/librenms prior to 22.2.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：39 | 回复：0
CVE-2022-0589

Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.1.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：41 | 回复：0
CVE-2021-46557

Vicidial 2.14-783a was discovered to contain a cross-site scripting (XSS) vulnerability via the input tabs.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：55 | 回复：0
CVE-2021-46558

Multiple cross-site scripting (XSS) vulnerabilities in the Add User module of Issabel PBX 20200102 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the use ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：94 | 回复：0
CVE-2022-23317

CobaltStrike =4.5 HTTP(S) listener does not determine whether the request URL begins with /, and attackers can obtain relevant information by specifying the URL.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：56 | 回复：0
CVE-2022-23384

YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in /admin.add……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：45 | 回复：0
CVE-2021-41552

CommScope SURFboard SBG6950AC2 9.1.103AA23 devices allow Command Injection.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：43 | 回复：0
CVE-2021-42712

Splashtop Streamer through 3.4.8.3 creates a Temporary File in a Directory with Insecure Permissions.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：34 | 回复：0
CVE-2021-43734

kkFileview v4.0.0 has arbitrary file read through a directory traversal vulnerability which may lead to sensitive file leak on related host.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：24 | 回复：0
CVE-2022-0596

Business Logic Errors in Packagist microweber/microweber prior to 1.2.11.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：33 | 回复：0
CVE-2022-0597

Open Redirect in Packagist microweber/microweber prior to 1.2.11.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：29 | 回复：0
CVE-2022-24586

A stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the co ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：21 | 回复：0
CVE-2022-24227

A cross-site scripting (XSS) vulnerability in BoltWire v7.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the name and lastname parameters.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：20 | 回复：0
CVE-2022-24684

HashiCorp Nomad and Nomad Enterprise before 1.0.17, 1.1.x before 1.1.12, and 1.2.x before 1.2.6 has Uncontrolled Resource Consumption.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：20 | 回复：0
CVE-2021-44960

In SVGPP SVG++ library 1.3.0, the XMLDocument::getRoot function in the renderDocument function handled the XMLDocument object improperly, returning a null pointer in advance at the second if, resultin ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：18 | 回复：0
CVE-2022-21698

client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to ve ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：17 | 回复：0
CVE-2022-23604

x26-Cogs is a repository of cogs made by Twentysix for the Red Discord bot. Among these cogs is the Defender cog, a tool for Discord server moderation. A vulnerability in the Defender cog prior to ver ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：17 | 回复：0
CVE-2022-24226

Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：10 | 回复：0
CVE-2022-24585

A stored cross-site scripting (XSS) vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the autho ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：8 | 回复：0