CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-46025

A Cross SIte Scripting (XSS) vulnerability exists in OneBlog = 2.2.8. via the add function in the operation tab list in the background.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：44 | 回复：0
CVE-2021-46027

mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, a blog tag will be added……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：50 | 回复：0
CVE-2021-4143

Cross-site Scripting (XSS) - Generic in GitHub repository bigbluebutton/bigbluebutton prior to 2.4.0.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：59 | 回复：0
CVE-2022-21704

log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable (in unix). This could ca ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：49 | 回复：0
CVE-2021-46026

mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting (XSS) via the add blog tag function in the blog tag in the background blog management.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：44 | 回复：0
CVE-2021-46028

In mblog = 3.5.0 there is a CSRF vulnerability in the background article management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, the article will be deleted.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：83 | 回复：0
CVE-2021-43269

In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy configuration to use a malicious proxy auto-config (PAC) file, leading to arbitrary code execution. This affec ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：51 | 回复：0
CVE-2022-0277

Improper Access Control in Packagist microweber/microweber prior to 1.2.11.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：52 | 回复：0
CVE-2022-0278

Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：71 | 回复：0
CVE-2021-3866

Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip more than and including 44f935695d452cc3fb16845a0c6af710438b153d and prior to 3eb2791c3e9695f7d37ffe84e0c2184fae665cb6.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：79 | 回复：0
CVE-2021-45230

In Apache Airflow prior to 2.2.0. This CVE applies to a specific case where a User who has can_create permissions on DAG Runs can create Dag Runs for dags that they don't have edit permissions for ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：111 | 回复：0
CVE-2022-0281

Exposure of Sensitive Information to an Unauthorized Actor in Packagist microweber/microweber prior to 1.2.11.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：137 | 回复：0
CVE-2022-22733

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：111 | 回复：0
CVE-2021-34600

Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for local authorization of users. This may lead to total l ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：77 | 回复：0
CVE-2022-0282

Code Injection in Packagist microweber/microweber prior to 1.2.11.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：39 | 回复：0
CVE-2022-22820

Due to the lack of media file checks before rendering, it was possible for an attacker to cause abnormal CPU consumption for message recipient by sending specially crafted gif image in LINE for Window ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：48 | 回复：0
CVE-2021-32039

Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. These credentials may be used by malicious attackers to p ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：45 | 回复：0
CVE-2022-0285

Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.9.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：31 | 回复：0
CVE-2021-44738

Buffer overflow vulnerability has been identified in Lexmark devices through 2021-12-07 in postscript interpreter.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：29 | 回复：0
CVE-2021-44734

Embedded web server input sanitization vulnerability in Lexmark devices through 2021-12-07, which can which can lead to remote code execution on the device.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：33 | 回复：0
CVE-2021-44735

Embedded web server command injection vulnerability in Lexmark devices through 2021-12-07.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：31 | 回复：0
CVE-2021-44736

The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the “out of service erase” feature.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：23 | 回复：0
CVE-2021-44737

PJL directory traversal vulnerability in Lexmark devices through 2021-12-07 that can be leveraged to overwrite internal configuration files.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：19 | 回复：0
CVE-2021-44829

Cross Site Scripting (XSS) vulnerability exists in index.html in AFI WebACMS through 2.1.0 via the the ID parameter.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：20 | 回复：0
CVE-2022-0219

Improper Restriction of XML External Entity Reference in GitHub repository skylot/jadx prior to 1.3.2.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：15 | 回复：0
CVE-2021-44091

A Cross-Site Scripting (XSS) vulnerability exists in Courcecodester Multi Restaurant Table Reservation System 1.0 in register.php via the (1) fullname, (2) phone, and (3) address parameters.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：15 | 回复：0
CVE-2021-45417

AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：16 | 回复：0
CVE-2022-21658

Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the `std::fs::remove_di ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：15 | 回复：0
CVE-2021-44090

An SQL Injection vulnerability exists in Sourcecodester Online Reviewer System 1.0 via the password parameter.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：14 | 回复：0
CVE-2021-44092

An SQL Injection vulnerability exists in code-projects Pharmacy Management 1.0 via the username parameter in the administer login form.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：15 | 回复：0
CVE-2021-44244

An SQL Injection vulnerabiity exists in Sourcecodester Logistic Hub Parcel's Management System 1.0 via the username parameter in login.php.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：15 | 回复：0
CVE-2021-44245

An SQL Injection vulnerability exists in Courcecodester COVID 19 Testing Management System (CTMS) 1.0 via the (1) username and (2) contactno parameters.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：15 | 回复：0
CVE-2022-23119

A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files from the file sy ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：14 | 回复：0
CVE-2022-23120

A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：15 | 回复：0
CVE-2021-29785

IBM Security SOAR V42 and V43could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vuln ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：14 | 回复：0
CVE-2021-46061

An SQL Injection vulnerability exists in Sourcecodester Computer and Mobile Repair Shop Management system (RSMS) 1.0 via the code parameter in /rsms/ node app.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：15 | 回复：0
CVE-2020-23315

There is an ASSERTION (pFuncBody-GetYieldRegister() == oldYieldRegister) failed in Js::DebugContext::RundownSourcesAndReparse in ChakraCore version 1.12.0.0-beta.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：14 | 回复：0
CVE-2021-46322

Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in duktape/duk_api_stack.c.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：15 | 回复：0
CVE-2021-46323

Espruino 2v11.251 was discovered to contain a SEGV vulnerability via src/jsinteractive.c in jsiGetDeviceFromClass.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：15 | 回复：0
CVE-2021-46324

Espruino 2v11.251 was discovered to contain a stack buffer overflow via src/jsvar.c in jsvNewFromString.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：15 | 回复：0