• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    公众号

CVE漏洞

RSS
  • CVE-2022-0015
    CVE-2022-0015
    A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables an authenticated local user to execute programs with elevated privileges. This issue impa ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:46 | 回复:0
  • CVE-2021-35500
    CVE-2021-35500
    The Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:160 | 回复:0
  • CVE-2021-36417
    CVE-2021-36417
    A heap-based buffer overflow vulnerability exists in GPAC v1.0.1 in the gf_isom_dovi_config_get function in MP4Box, which causes a denial of service or execute arbitrary code via a crafted file.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:63 | 回复:0
  • CVE-2021-42560
    CVE-2021-42560
    An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives base64 encoded SVG parameters when generating a PDF document. These SVG documents are parsed in an unsafe manner and can be levera ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:39 | 回复:0
  • CVE-2021-42561
    CVE-2021-42561
    An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized name parameter to a python os.system function. This allows attackers to use shell metacharacters (e.g. ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:35 | 回复:0
  • CVE-2021-42562
    CVE-2021-42562
    An issue was discovered in CALDERA 2.8.1. It does not properly segregate user privileges, resulting in non-admin users having access to read and modify configuration or other components that should on ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:48 | 回复:0
  • CVE-2021-43960
    CVE-2021-43960
    ** DISPUTED ** Lorensbergs Connect2 3.13.7647.20190 is affected by an XSS vulnerability. Exploitation requires administrator privileges and is performed through the Wizard editor of the application. T ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:26 | 回复:0
  • CVE-2022-21675
    CVE-2022-21675
    Bytecode Viewer (BCV) is a Java/Android reverse engineering suite. Versions of the package prior to 2.11.0 are vulnerable to Arbitrary File Write via Archive Extraction (AKA Zip Slip). The vulnerabili ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:25 | 回复:0
  • CVE-2022-21676
    CVE-2022-21676
    Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on th ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:29 | 回复:0
  • CVE-2021-41597
    CVE-2021-41597
    SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the UpgradeWizard functionality, if a PHP file is included in a ZIP archive.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:26 | 回复:0
  • CVE-2021-42558
    CVE-2021-42558
    An issue was discovered in CALDERA 2.8.1. It contains multiple reflected, stored, and self XSS vulnerabilities that may be exploited by authenticated and unauthenticated attackers.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:20 | 回复:0
  • CVE-2021-42559
    CVE-2021-42559
    An issue was discovered in CALDERA 2.8.1. It contains multiple startup requirements that execute commands when starting the server. Because these commands can be changed via the REST API, an authentic ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:13 | 回复:0
  • CVE-2021-45449
    CVE-2021-45449
    Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user's machine during login. This only affects users if they are on Docker Des ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:15 | 回复:0
  • CVE-2021-46225
    CVE-2021-46225
    A buffer overflow in the GmfOpenMesh() function of libMeshb v7.61 allows attackers to cause a Denial of Service (DoS) via a crafted MESH file.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:16 | 回复:0
  • CVE-2022-20612
    CVE-2022-20612
    A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:10 | 回复:0
  • CVE-2022-20613
    CVE-2022-20613
    A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specifie ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:13 | 回复:0
  • CVE-2022-20614
    CVE-2022-20614
    A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specif ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:13 | 回复:0
  • CVE-2022-20615
    CVE-2022-20615
    Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting (XSS) vulnerability explo ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:12 | 回复:0
  • CVE-2022-20616
    CVE-2022-20616
    Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credentia ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:18 | 回复:0
  • CVE-2022-20617
    CVE-2022-20617
    Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permissi ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:18 | 回复:0
  • CVE-2022-20618
    CVE-2022-20618
    A missing permission check in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenki ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:17 | 回复:0
  • CVE-2022-20619
    CVE-2022-20619
    A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specif ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:17 | 回复:0
  • CVE-2022-20620
    CVE-2022-20620
    Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:15 | 回复:0
  • CVE-2022-20621
    CVE-2022-20621
    Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins contro ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:15 | 回复:0
  • CVE-2022-23105
    CVE-2022-23105
    Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:15 | 回复:0
  • CVE-2022-23106
    CVE-2022-23106
    Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a val ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:16 | 回复:0
  • CVE-2022-23107
    CVE-2022-23107
    Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, allowing attackers with Item/Configure permission to write and read specific ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:15 | 回复:0
  • CVE-2022-23108
    CVE-2022-23108
    Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a badge, resulting in a stored cross-site scripting (XSS) vulnerability expl ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:15 | 回复:0
  • CVE-2022-23109
    CVE-2022-23109
    Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault credentials in Pipeline build logs or in Pipeline step descriptions when Pipeline: Groovy Plugin 2.85 or later is installed.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:17 | 回复:0
  • CVE-2022-23111
    CVE-2022-23111
    A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentia ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:17 | 回复:0
  • CVE-2022-23112
    CVE-2022-23112
    A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credent ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:18 | 回复:0
  • CVE-2022-23113
    CVE-2022-23113
    Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Ite ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:17 | 回复:0
  • CVE-2022-23114
    CVE-2022-23114
    Jenkins Publish Over SSH Plugin 1.22 and earlier stores password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins contr ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:26 | 回复:0
  • CVE-2022-23115
    CVE-2022-23115
    Cross-site request forgery (CSRF) vulnerabilities in Jenkins batch task Plugin 1.19 and earlier allows attackers with Overall/Read access to retrieve logs, build or delete a batch task.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:16 | 回复:0
  • CVE-2022-23116
    CVE-2022-23116
    Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:19 | 回复:0
  • CVE-2022-23117
    CVE-2022-23117
    Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins contr ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:17 | 回复:0
  • CVE-2022-23118
    CVE-2022-23118
    Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line `git` at an attacker-specified path on the controller, allowing attackers ab ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:17 | 回复:0
  • CVE-2021-37529
    CVE-2021-37529
    A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream function in readpics.c, which could cause a denial of service (context-dependent).……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:15 | 回复:0
  • CVE-2021-37530
    CVE-2021-37530
    A denial of service vulnerabiity exists in fig2dev through 3.28a due to a segfault in the open_stream function in readpics.c.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:15 | 回复:0
  • CVE-2021-40559
    CVE-2021-40559
    A null pointer deference vulnerability exists in gpac through 1.0.1 via the naludmx_parse_nal_avc function in reframe_nalu, which allows a denail of service.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:02 | 阅读:14 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
专题导读
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap