• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    公众号

CVE漏洞

RSS
  • CVE-2022-23132
    CVE-2022-23132
    During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute pe ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:03 | 阅读:7 | 回复:0
  • CVE-2022-23133
    CVE-2022-23133
    An authenticated user can create a hosts group from the configuration with XSS payload, which will be available for other users. When XSS is stored by an authenticated malicious actor and other users ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:03 | 阅读:6 | 回复:0
  • CVE-2022-23134
    CVE-2022-23134
    After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:03 | 阅读:10 | 回复:0
  • CVE-2022-22122
    CVE-2022-22122
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This candidate is a reservation duplicate of . Notes: All CVE users should reference instead of this candidate. All references ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:03 | 阅读:11 | 回复:0
  • CVE-2022-22123
    CVE-2022-22123
    In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article title. An authenticated attacker can inject arbitrary javascript code that will execute ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:03 | 阅读:11 | 回复:0
  • CVE-2022-22124
    CVE-2022-22124
    In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the profile image. An authenticated attacker can upload a carefully crafted SVG file that will trigg ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:03 | 阅读:11 | 回复:0
  • CVE-2022-22125
    CVE-2022-22125
    In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article tag. An authenticated admin attacker can inject arbitrary javascript code that will exec ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:03 | 阅读:11 | 回复:0
  • CVE-2021-39056
    CVE-2021-39056
    The IBM i 7.1, 7.2, 7.3, and 7.4 Extended Dynamic Remote SQL server (EDRSQL) could allow a remote authenticated user to send a specially crafted request and cause a denial of service. IBM X-Force ID: ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:03 | 阅读:11 | 回复:0
  • CVE-2021-40567
    CVE-2021-40567
    Segmentation fault vulnerability exists in Gpac through 1.0.1 via the gf_odf_size_descriptor function in desc_private.c when using mp4box, which causes a denial of service.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:03 | 阅读:11 | 回复:0
  • CVE-2021-40568
    CVE-2021-40568
    A buffer overflow vulnerability exists in Gpac through 1.0.1 via a malformed MP4 file in the svc_parse_slice function in av_parsers.c, which allows attackers to cause a denial of service, even code ex ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:03 | 阅读:11 | 回复:0
  • CVE-2021-40569
    CVE-2021-40569
    The binary MP4Box in Gpac through 1.0.1 has a double-free vulnerability in the iloc_entry_del funciton in box_code_meta.c, which allows attackers to cause a denial of service.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:03 | 阅读:12 | 回复:0
  • CVE-2021-40570
    CVE-2021-40570
    The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the avc_compute_poc function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:03 | 阅读:12 | 回复:0
  • CVE-2021-40571
    CVE-2021-40571
    The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ilst_box_read function in box_code_apple.c, which allows attackers to cause a denial of service, even code execution and escalati ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:03 | 阅读:15 | 回复:0
  • CVE-2021-40813
    CVE-2021-40813
    A cross-site scripting (XSS) vulnerability in the Zip content feature in Element-IT HTTP Commander 3.1.9 allows remote authenticated users to inject arbitrary web script or HTML via filenames.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:03 | 阅读:14 | 回复:0
  • CVE-2022-21678
    CVE-2022-21678
    Discourse is an open source discussion platform. Prior to version 2.8.0.beta11 in the `tests-passed` branch, version 2.8.0.beta11 in the `beta` branch, and version 2.7.13 in the `stable` branch, the b ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:03 | 阅读:17 | 回复:0
  • CVE-2021-40572
    CVE-2021-40572
    The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmx_finalize function in reframe_av1.c, which allows attackers to cause a denial of service.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:03 | 阅读:13 | 回复:0
  • CVE-2021-40573
    CVE-2021-40573
    The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_list_del function in list.c, which allows attackers to cause a denial of service.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:03 | 阅读:21 | 回复:0
  • CVE-2021-40574
    CVE-2021-40574
    The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_text_get_utf8_line function in load_text.c, which allows attackers to cause a denial of service, even code execution and escal ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:03 | 阅读:15 | 回复:0
  • CVE-2021-40575
    CVE-2021-40575
    The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the mpgviddmx_process function in reframe_mpgvid.c, which allows attackers to cause a denial of service. This vulnerabil ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:03 | 阅读:19 | 回复:0
  • CVE-2021-40576
    CVE-2021-40576
    The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the gf_isom_get_payt_count function in hint_track.c, which allows attackers to cause a denial of service.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:03 | 阅读:24 | 回复:0
  • CVE-2021-45422
    CVE-2021-45422
    Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability in the /goform/activate_process count parameter via GET. No authentication is required.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:03 | 阅读:26 | 回复:0
  • CVE-2021-45807
    CVE-2021-45807
    jpress v4.2.0 is vulnerable to command execution via io.jpress.web.admin._AddonController::doUploadAndInstall.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:03 | 阅读:32 | 回复:0
  • CVE-2021-23227
    CVE-2021-23227
    Cross-Site Request Forgery (CSRF) vulnerability discovered in PHP Everywhere (WordPress plugin) versions (= 2.0.2).……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:03 | 阅读:29 | 回复:0
  • CVE-2021-33046
    CVE-2021-33046
    Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:03 | 阅读:31 | 回复:0
  • CVE-2021-40722
    CVE-2021-40722
    AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by an XML External Entity (XXE) injection vulnerability that could be abused by an attacker to achieve RCE.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:03 | 阅读:20 | 回复:0
  • CVE-2021-43761
    CVE-2021-43761
    AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be a ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:03 | 阅读:20 | 回复:0
  • CVE-2021-43762
    CVE-2021-43762
    AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a dispatcher bypass vulnerability that could be abused to evade security controls. Sensitive areas of the web ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:03 | 阅读:18 | 回复:0
  • CVE-2021-43764
    CVE-2021-43764
    AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scri ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:03 | 阅读:13 | 回复:0
  • CVE-2021-43765
    CVE-2021-43765
    AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scri ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:03 | 阅读:17 | 回复:0
  • CVE-2021-44176
    CVE-2021-44176
    AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scri ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:03 | 阅读:16 | 回复:0
  • CVE-2021-44177
    CVE-2021-44177
    AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scri ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:03 | 阅读:16 | 回复:0
  • CVE-2021-44178
    CVE-2021-44178
    AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a reflected Cross-Site Scripting (XSS) vulnerability via the itemResourceType parameter. If an attacker is abl ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:03 | 阅读:17 | 回复:0
  • CVE-2021-45053
    CVE-2021-45053
    Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:03 | 阅读:14 | 回复:0
  • CVE-2021-45054
    CVE-2021-45054
    Adobe InCopy version 16.4 (and earlier) is affected by a use-after-free vulnerability in the processing of a JPEG2000 file that could lead to disclosure of sensitive memory. An attacker could leverage ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:03 | 阅读:13 | 回复:0
  • CVE-2021-45055
    CVE-2021-45055
    Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An a ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:03 | 阅读:12 | 回复:0
  • CVE-2021-45056
    CVE-2021-45056
    Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:03 | 阅读:13 | 回复:0
  • CVE-2021-45057
    CVE-2021-45057
    Adobe InDesign version 16.4 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this iss ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:03 | 阅读:13 | 回复:0
  • CVE-2021-45058
    CVE-2021-45058
    Adobe InDesign version 16.4 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this iss ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:03 | 阅读:11 | 回复:0
  • CVE-2021-45059
    CVE-2021-45059
    Adobe InDesign version 16.4 (and earlier) is affected by a use-after-free vulnerability in the processing of a JPEG2000 file that could lead to disclosure of sensitive memory. An attacker could levera ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:03 | 阅读:15 | 回复:0
  • CVE-2022-21682
    CVE-2022-21682
    Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6. flatpak-builder applies `finish-args` last ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:03 | 阅读:13 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
专题导读
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap