CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-45342

A buffer overflow vulnerability in CDataList of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document.……

作者：菜鸟教程小白 | 时间：2022-6-23 07:48 | 阅读：19 | 回复：0
CVE-2021-45343

In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of libdxfrw allows an attacker to crash the application using a crafted DXF document.……

作者：菜鸟教程小白 | 时间：2022-6-23 07:48 | 阅读：14 | 回复：0
CVE-2021-45802

MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because the email and phone parameter values are added to the SQL query without any verification at the time of membe ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:48 | 阅读：15 | 回复：0
CVE-2021-45803

MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because this view parameter value is added to the SQL query without additional verification when viewing reservation.……

作者：菜鸟教程小白 | 时间：2022-6-23 07:48 | 阅读：16 | 回复：0
CVE-2021-45844

Improper sanitization in the invocation of ODA File Converter from FreeCAD 0.19 allows an attacker to inject OS commands via a crafted filename.……

作者：菜鸟教程小白 | 时间：2022-6-23 07:48 | 阅读：14 | 回复：0
CVE-2021-45845

The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS command injection, allowing an attacker to execute arbitrary commands via a crafted FCStd document.……

作者：菜鸟教程小白 | 时间：2022-6-23 07:48 | 阅读：13 | 回复：0
CVE-2021-46113

In MartDevelopers KEA-Hotel-ERP open source as of 12-31-2021, a remote code execution vulnerability can be exploited by uploading PHP files using the file upload vulnerability in this service.……

作者：菜鸟教程小白 | 时间：2022-6-23 07:48 | 阅读：14 | 回复：0
CVE-2022-23223

The HTTP response will disclose the user password. This issue affected Apache ShenYu 2.4.0 and 2.4.1.……

作者：菜鸟教程小白 | 时间：2022-6-23 07:48 | 阅读：12 | 回复：0
CVE-2022-23944

User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1.……

作者：菜鸟教程小白 | 时间：2022-6-23 07:48 | 阅读：10 | 回复：0
CVE-2022-23945

Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1.……

作者：菜鸟教程小白 | 时间：2022-6-23 07:48 | 阅读：9 | 回复：0
CVE-2021-45846

A flaw in the AMF parser of Slic3r libslic3r 1.3.0 allows an attacker to cause an application crash using a crafted AMF document, where a metadata tag lacks a type attribute.……

作者：菜鸟教程小白 | 时间：2022-6-23 07:48 | 阅读：9 | 回复：0
CVE-2021-45847

Several missing input validations in the 3MF parser component of Slic3r libslic3r 1.3.0 can each allow an attacker to cause an application crash using a crafted 3MF input file.……

作者：菜鸟教程小白 | 时间：2022-6-23 07:48 | 阅读：7 | 回复：0
CVE-2022-21697

Jupyter Server Proxy is a Jupyter notebook server extension to proxy web services. Versions of Jupyter Server Proxy prior to 3.2.1 are vulnerable to Server-Side Request Forgery (SSRF). Any user deploy ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:48 | 阅读：9 | 回复：0
CVE-2022-23033

arm: guest_physmap_remove_page not removing the p2m mappings The functions to remove one or more entries from a guest p2m pagetable on Arm (p2m_remove_mapping, guest_physmap_remove_page, and p2m_set_e ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:48 | 阅读：9 | 回复：0
CVE-2022-23034

A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where a PV guest would have the IOMMU enabled. PV guests can requ ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:48 | 阅读：8 | 回复：0
CVE-2022-23035

Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up afte ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:48 | 阅读：9 | 回复：0
CVE-2021-3850

Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21.……

作者：菜鸟教程小白 | 时间：2022-6-23 07:48 | 阅读：10 | 回复：0
CVE-2021-46033

In ForestBlog, as of 2021-12-28, File upload can bypass verification.……

作者：菜鸟教程小白 | 时间：2022-6-23 07:48 | 阅读：11 | 回复：0
CVE-2021-46089

In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root privileges.……

作者：菜鸟教程小白 | 时间：2022-6-23 07:48 | 阅读：12 | 回复：0
CVE-2022-21711

elfspirit is an ELF static analysis and injection framework that parses, manipulates, and camouflages ELF files. When analyzing the ELF file format in versions prior to 1.1, there is an out-of-bounds ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:10 | 阅读：24 | 回复：0
CVE-2022-21715

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A cross-site scripting (XSS) vulnerability was found in `API\ResponseTrait` in Codeigniter4 prior to version 4.1.8. Attac ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:10 | 阅读：46 | 回复：0
CVE-2022-22554

Dell EMC System Update, version 1.9.2 and prior, contain an Unprotected Storage of Credentials vulnerability. A local attacker with user privleges could potentially exploit this vulnerability leading ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:10 | 阅读：30 | 回复：0
CVE-2022-0177

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent acciden ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:10 | 阅读：37 | 回复：0
CVE-2022-22928

MCMS v5.2.4 was discovered to have a hardcoded shiro-key, allowing attackers to exploit the key and execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：21 | 回复：0
CVE-2022-22930

A remote code execution (RCE) vulnerability in the Template Management function of MCMS v5.2.4 allows attackers to execute arbitrary code via a crafted payload.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：17 | 回复：0
CVE-2022-23314

MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via /ms/mdiy/model/importJson.do.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：14 | 回复：0
CVE-2022-23315

MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.do.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：11 | 回复：0
CVE-2022-0326

NULL Pointer Dereference in Homebrew mruby prior to 3.2.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：15 | 回复：0
CVE-2022-21933

ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary c ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：18 | 回复：0
CVE-2022-0329

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent acciden ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：11 | 回复：0
CVE-2022-0318

Heap-based Buffer Overflow in vim/vim prior to 8.2.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：13 | 回复：0
CVE-2020-19858

Platinum Upnp SDK through 1.2.0 has a directory traversal vulnerability. The attack could remote attack victim by sending http://ip:port/../privacy.avi URL to compromise a victim's privacy.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：16 | 回复：0
CVE-2020-19860

When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_internal function has a heap out of bounds read vulnerability. An attacker can leak information on the heap by constructing a zone ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：8 | 回复：0
CVE-2022-0319

Out-of-bounds Read in vim/vim prior to 8.2.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：20 | 回复：0
CVE-2020-19861

When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt_data is too trusted for the length value obtained from the zone file. When the memcpy is copied, the 0xfe - ldns_rdf_size(salt_rd ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：16 | 回复：0
CVE-2021-35003

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer C90 1.0.6 Build 20200114 rel.73164(5553) routers. Authentication is not required to exp ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：15 | 回复：0
CVE-2021-35004

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link TL-WA1201 1.0.1 Build 20200709 rel.66244(5553) wireless access points. Authentication is not r ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：15 | 回复：0
CVE-2021-40855

The EU Technical Specifications for Digital COVID Certificates before 1.1 mishandle certificate governance. A non-production public key certificate could have been used in production.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：16 | 回复：0
CVE-2021-46198

An SQL Injection vulnerability exists in Sourceodester Courier Management System 1.0 via the email parameter in /cms/ajax.php app.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：15 | 回复：0
CVE-2021-46200

An SQL Injection vulnerability exists in Sourcecodester Simple Music Clour Community System 1.0 via the email parameter in /music/ajax.php.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：21 | 回复：0