CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-32205

A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTT ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：387 | 回复：0
CVE-2022-32206

curl 7.84.0 supports chained HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable links in t ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：403 | 回复：0
CVE-2022-32207

When curl 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In th ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：394 | 回复：0
CVE-2022-32208

When curl 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：368 | 回复：0
CVE-2022-32441

A memory corruption in Hex Rays Ida Pro v6.6 allows attackers to cause a Denial of Service (DoS) via a crafted file. Related to Data from Faulting Address controls subsequent Write Address starting at ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：394 | 回复：0
CVE-2014-0024

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：355 | 回复：0
CVE-2014-1926

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：348 | 回复：0
CVE-2014-2887

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：350 | 回复：0
CVE-2014-2895

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：341 | 回复：0
CVE-2014-3516

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：366 | 回复：0
CVE-2014-3588

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：337 | 回复：0
CVE-2015-5236

It was discovered that the IcedTea-Web used codebase attribute of the applet tag on the HTML page that hosts Java applet in the Same Origin Policy (SOP) checks. As the specified codebase does not have ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：374 | 回复：0
CVE-2021-46825

Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：386 | 回复：0
CVE-2022-23744

Check Point Endpoint Security Client E83 through E86 before E86.50 does not protect against a specific registry modification, and thus allows a local administrator to disable endpoint protection.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：474 | 回复：0
CVE-2014-3644

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：372 | 回复：0
CVE-2014-3658

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：379 | 回复：0
CVE-2014-3705

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：373 | 回复：0
CVE-2014-3918

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：361 | 回复：0
CVE-2014-7854

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：403 | 回复：0
CVE-2014-8113

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：381 | 回复：0
CVE-2022-31121

Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：451 | 回复：0
CVE-2022-31133

HumHub is an Open Source Enterprise Social Network. Affected versions of HumHub are vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, the attacker would need a permiss ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：421 | 回复：0
CVE-2022-31135

Akashi is an open source server implementation of the Attorney Online video game based on the Ace Attorney universe. Affected versions of Akashi are subject to a denial of service attack. An attacker ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：415 | 回复：0
CVE-2022-31136

Bookwyrm is an open source social reading and reviewing program. Versions of Bookwyrm prior to 0.4.1 did not properly sanitize html being rendered to users. Unprivileged users are able to inject scrip ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：415 | 回复：0
CVE-2015-5298

The Google Login Plugin (versions 1.0 and 1.1) allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps d ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：430 | 回复：0
CVE-2021-31645

An issue was discovered in glFTPd 2.11a that allows remote attackers to cause a denial of service via exceeding the connection limit.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：454 | 回复：0
CVE-2021-44791

In Apache Druid 0.22.1 and earlier, certain specially-crafted links result in unescaped URL parameters being sent back in HTML responses. This makes it possible to execute reflected XSS attacks.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：485 | 回复：0
CVE-2022-28889

In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：572 | 回复：0
CVE-2022-32054

Tenda AC10 US_AC10V1.0RTL_V15.03.06.26_multi_TD01 was discovered to contain a remote code execution (RCE) vulnerability via the lanIp parameter.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：469 | 回复：0
CVE-2022-32055

Inout Homestay v2.2 was discovered to contain a SQL injection vulnerability via the guests parameter at /index.php?page=search/rentals.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：460 | 回复：0
CVE-2022-32056

Online Accreditation Management v1.0 was discovered to contain a SQL injection vulnerability via the USERNAME parameter at process.php.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：486 | 回复：0
CVE-2022-32058

An infinite loop in the function httpRpmPass of TP-Link TL-WR741N/TL-WR742N V1/V2/V3_130415 allows attackers to cause a Denial of Service (DoS) via a crafted packet.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：494 | 回复：0
CVE-2022-32449

TOTOLINK EX300_V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. This vulnerability is exploitable via a crafted MQ ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：556 | 回复：0
CVE-2022-33098

Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Contact function. This vulnerability allows attackers to execute arbitrary web scripts or HTML vi ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：865 | 回复：0
CVE-2022-34592

Wavlink WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability via the function obtw. This vulnerability allows attackers to execute arbitrary commands via a craft ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：696 | 回复：0
CVE-2022-33680

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33638, CVE-2022-33639.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：711 | 回复：0
CVE-2019-19152

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：711 | 回复：0
CVE-2019-19153

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：654 | 回复：0
CVE-2019-19154

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：645 | 回复：0
CVE-2019-19155

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：635 | 回复：0