CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-36347

iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges could potentially ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：58 | 回复：0
CVE-2021-36348

iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：66 | 回复：0
CVE-2022-23959

In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can o ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：73 | 回复：0
CVE-2021-46559

The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm that allows an attacker to defeat an inspection mechanism for integrity protection.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：73 | 回复：0
CVE-2021-46560

The firmware on Moxa TN-5900 devices through 3.1 allows command injection that could lead to device damage.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：78 | 回复：0
CVE-2022-0355

Exposure of Sensitive Information to an Unauthorized Actor in NPM simple-get prior to 4.0.1.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：63 | 回复：0
CVE-2019-25056

In Bromite through 78.0.3904.130, there are adblock rules in the release APK; therefore, probing which resources are blocked and which aren't can identify the application version and defeat the Us ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：62 | 回复：0
CVE-2022-23968

Xerox VersaLink devices on specific versions of firmware before 2022-01-26 allow remote attackers to brick the device via a crafted TIFF file in an unauthenticated HTTP POST request. There is a perman ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：58 | 回复：0
CVE-2022-21944

A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd service file for watchman of openSUSE Backports SLE-15-SP3, Factory allows local attackers to escalate to root. This issue affects ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：64 | 回复：0
CVE-2022-0374

Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：64 | 回复：0
CVE-2022-0375

Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：48 | 回复：0
CVE-2021-41766

Apache Karaf allows monitoring of applications and the Java runtime by using the Java Management Extensions (JMX). JMX is a Java RMI based technology that relies on Java serialized objects for client ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：48 | 回复：0
CVE-2022-0251

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.10.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：57 | 回复：0
CVE-2022-22932

Apache Karaf obr:* commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected folder. The risk is low as obr:* commands are not very used and the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：54 | 回复：0
CVE-2021-44118

SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. The vulnerability allows an authenticated attacker to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：59 | 回复：0
CVE-2021-44120

SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable fields. An editor is able to modify his personal in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：53 | 回复：0
CVE-2021-44122

SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public/aiguiller.php, ecrire/public/balises.php, ecrire/balise/formulaire_.php. To exploit the vulnerability, a vi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：51 | 回复：0
CVE-2021-44123

SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability, an attacker must craft a malicious picture with a double extension, upload it and then click on it to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：46 | 回复：0
CVE-2022-0359

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：53 | 回复：0
CVE-2022-0203

Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：77 | 回复：0
CVE-2022-0361

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：77 | 回复：0
CVE-2022-0362

SQL Injection in Packagist showdoc/showdoc prior to 2.10.3.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：67 | 回复：0
CVE-2021-22570

Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting erro ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：54 | 回复：0
CVE-2021-22600

A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：76 | 回复：0
CVE-2021-45975

In ListCheck.exe in Acer Care Center 4.x before 4.00.3038, a vulnerability in the loading mechanism of Windows DLLs could allow a local attacker to perform a DLL hijacking attack. This vulnerability i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：55 | 回复：0
CVE-2021-43334

BuddyBoss Platform through 1.8.0 allows XSS via the Group Name or Group Description field.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：62 | 回复：0
CVE-2021-44692

BuddyBoss Platform through 1.8.0 allows remote attackers to obtain the email address of each user. When creating a new user, it generates a Unique ID for their profile. This UID is their private email ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：57 | 回复：0
CVE-2021-46117

jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.page.PageNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：44 | 回复：0
CVE-2022-0378

Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：69 | 回复：0
CVE-2022-0379

Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：60 | 回复：0
CVE-2022-22851

A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital's Patient Records Management System 1.0 via the specialization parameter in doctors.php……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：59 | 回复：0
CVE-2021-46115

jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile. The admin panel provides a function through which attackers can upload templates and inject some malicious c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：59 | 回复：0
CVE-2021-46116

jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController#doInstall. The admin panel provides a function through which attackers can install templates and inject ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：62 | 回复：0
CVE-2021-46118

jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.article.kit.ArticleNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：60 | 回复：0
CVE-2021-46383

https://gitee.com/mingSoft/MCMS MCMS =5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.web.DictAction#list. The att ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：69 | 回复：0
CVE-2021-46386

https://gitee.com/mingSoft/MCMS MCMS =5.2.5 is affected by: File Upload. The impact is: execute arbitrary code (remote). The component is: net.mingsoft.basic.action.web.FileAction#upload. The attack v ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：57 | 回复：0
CVE-2021-29838

IBM Security Guardium Insights 3.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit thi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：65 | 回复：0
CVE-2021-29845

IBM Security Guardium Insights 3.0 could allow an authenticated user to perform unauthorized actions due to improper input validation. IBM X-Force ID: 205255.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：63 | 回复：0
CVE-2021-29846

IBM Security Guardium Insights 3.0 could allow an authenticated user to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 205256.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：75 | 回复：0
CVE-2021-46561

controller/org.controller/org.controller.js in the CVE Services API 1.1.1 before 5c50baf3bda28133a3bc90b854765a64fb538304 allows an organizational administrator to transfer a user account to an arbitr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：74 | 回复：0