CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-46234

A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregister () at scenegraph/base_scenegraph.c. This vulnerability can lead to a Denial of Service (DoS).……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：35 | 回复：0
CVE-2021-46236

A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_vrml_field_pointer_del () at scenegraph/vrml_tools.c. This vulnerability can lead to a Denial of Service (DoS).……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：30 | 回复：0
CVE-2021-46237

An untrusted pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregister () at scenegraph/base_scenegraph.c. This vulnerability can lead to a Denial of Service (DoS).……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：23 | 回复：0
CVE-2021-46238

GPAC v1.1.0 was discovered to contain a stack overflow via the function gf_node_get_name () at scenegraph/base_scenegraph.c. This vulnerability can lead to a program crash, causing a Denial of Service ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：28 | 回复：0
CVE-2021-46239

The binary MP4Box in GPAC v1.1.0 was discovered to contain an invalid free vulnerability via the function gf_free () at utils/alloc.c. This vulnerability can lead to a Denial of Service (DoS).……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：24 | 回复：0
CVE-2021-46240

A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_dump_vrml_sffield () at scene_manager/scene_dump.c. This vulnerability can lead to a Denial of Service (DoS).……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：26 | 回复：0
CVE-2021-46242

HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the component H5AC_unpin_entry.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：29 | 回复：0
CVE-2021-46243

An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1-1 via the function H5O__dtype_decode_helper () at hdf5/src/H5Odtype.c. This vulnerability can lead to a Denial of Service (DoS).……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：22 | 回复：0
CVE-2021-46244

A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the function H5T__complete_copy () at /hdf5/src/H5T.c. This vulnerability causes an aritmetic exception, leading to a Denial of Service (DoS ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：25 | 回复：0
CVE-2021-46311

A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_destroy_routes () at scenegraph/vrml_route.c. This vulnerability can lead to a Denial of Service (DoS).……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：26 | 回复：0
CVE-2021-46313

The binary MP4Box in GPAC v1.0.1 was discovered to contain a segmentation fault via the function __memmove_avx_unaligned_erms (). This vulnerability can lead to a Denial of Service (DoS).……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：37 | 回复：0
CVE-2022-22551

DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker could potentially exploit this vulnerability, and hijack the victim sess ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：39 | 回复：0
CVE-2022-22552

Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync. A remote unauthenticated attacker could potentially exploit this vulnerability to trick the victim into executing ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：38 | 回复：0
CVE-2022-22553

Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication Attempts Vulnerability that can be exploited from UI and CLI. An adjacent unauthenticated attacker coul ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：32 | 回复：0
CVE-2022-23837

In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：33 | 回复：0
CVE-2021-39480

Bingrep v0.8.5 was discovered to contain a memory allocation failure which can cause a Denial of Service (DoS).……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：42 | 回复：0
CVE-2022-21707

wasmCloud Host Runtime is a server process that securely hosts and provides dispatch for web assembly (WASM) actors and capability providers. In versions prior to 0.52.2 actors can bypass capability a ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：27 | 回复：0
CVE-2022-21708

graphql-go is a GraphQL server with a focus on ease of use. In versions prior to 1.3.0 there exists a DoS vulnerability that is possible due to a bug in the library that would allow an attacker with s ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：29 | 回复：0
CVE-2022-23363

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via index.php.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：33 | 回复：0
CVE-2022-23364

HMS v1.0 was discovered to contain a SQL injection vulnerability via adminlogin.php.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：23 | 回复：0
CVE-2022-23365

HMS v1.0 was discovered to contain a SQL injection vulnerability via doctorlogin.php.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：32 | 回复：0
CVE-2022-23366

HMS v1.0 was discovered to contain a SQL injection vulnerability via patientlogin.php.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：34 | 回复：0
CVE-2022-23807

An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication fo ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：30 | 回复：0
CVE-2022-23808

An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：34 | 回复：0
CVE-2021-4172

Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：37 | 回复：0
CVE-2021-4103

Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 1.0.34.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：37 | 回复：0
CVE-2022-23850

xhtml_translate_entity in xhtml.c in epub2txt (aka epub2txt2) through 2.02 allows a stack-based buffer overflow via a crafted EPUB document.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：39 | 回复：0
CVE-2021-45380

AppCMS 2.0.101 has a XSS injection vulnerability in \templates\m\inc_head.php……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：51 | 回复：0
CVE-2021-46024

Projectworlds online-shopping-webvsite-in-php 1.0 suffers from a SQL Injection vulnerability via the id parameter in cart_add.php, No login is required.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：48 | 回复：0
CVE-2021-26706

An issue was discovered in lib_mem.c in Micrium uC/OS uC/LIB 1.38.x and 1.39.00. The following memory allocation functions do not check for integer overflow when allocating a pool whose size exceeds t ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：49 | 回复：0
CVE-2021-30636

In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corruption due to an integer overflow during mishandled memory allocation by pvPortCalloc and pvPortRealloc.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：61 | 回复：0
CVE-2021-39293

In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exis ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：49 | 回复：0
CVE-2022-23852

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：40 | 回复：0
CVE-2022-23855

An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 SP2.x. An authentication bypass in ECM/maintenance/forgotpasswordstep1 allows an unauthenticated user to reset passwords and logi ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：40 | 回复：0
CVE-2022-23856

An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 SP2.x. An attacker can enumerate users by changing the id parameter, such as for the ECM/maintenance/forgotpasswordstep1 URI.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：49 | 回复：0
CVE-2022-23857

model/criteria/criteria.go in Navidrome before 0.47.5 is vulnerable to SQL injection attacks when processing crafted Smart Playlists. An authenticated user could abuse this to extract arbitrary data f ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：50 | 回复：0
CVE-2022-23858

In StarWind Command Center before V2 build 6021, an authenticated read-only user can elevate privileges to administrator through the REST API.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：53 | 回复：0
CVE-2021-24423

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.6.59 does not sanitise its updraft_service settings, allowing high privilege users to set malicious JavaScript payload in it and leadi ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：63 | 回复：0
CVE-2021-24694

The Simple Download Monitor WordPress plugin before 3.9.11 could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attack via 1) color or css_class argument of sdm_d ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：91 | 回复：0
CVE-2021-24696

The Simple Download Monitor WordPress plugin before 3.9.9 does not enforce nonce checks, which could allow attackers to perform CSRF attacks to 1) make admins export logs to exploit a separate log dis ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:09 | 阅读：90 | 回复：0