• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    公众号

CVE漏洞

RSS
  • CVE-2021-3839
    CVE-2021-3839
    A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg-payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:25 | 阅读:556 | 回复:0
  • CVE-2021-3905
    CVE-2021-3905
    A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:25 | 阅读:931 | 回复:0
  • CVE-2022-24381
    CVE-2022-24381
    All versions of package asneg/opcuastack are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sess ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:24 | 阅读:527 | 回复:0
  • CVE-2022-25231
    CVE-2022-25231
    The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation excee ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:24 | 阅读:541 | 回复:0
  • CVE-2022-25304
    CVE-2022-25304
    All versions of package opcua; all versions of package asyncua are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total f ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:24 | 阅读:553 | 回复:0
  • CVE-2022-25761
    CVE-2022-25761
    The package open62541/open62541 before 1.2.5, from 1.3-rc1 and before 1.3.1 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:24 | 阅读:631 | 回复:0
  • CVE-2022-2796
    CVE-2022-2796
    Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.4.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:24 | 阅读:658 | 回复:0
  • CVE-2022-1989
    CVE-2022-1989
    All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:24 | 阅读:531 | 回复:0
  • CVE-2022-37199
    CVE-2022-37199
    JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:24 | 阅读:528 | 回复:0
  • CVE-2020-36274
    CVE-2020-36274
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:23 | 阅读:546 | 回复:0
  • CVE-2020-36275
    CVE-2020-36275
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:23 | 阅读:497 | 回复:0
  • CVE-2020-35992
    CVE-2020-35992
    Fiserv Prologue through 2020-12-16 does not properly protect the database password. If an attacker were to gain access to the configuration file (specifically, the LogPassword attribute within appconf ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:23 | 阅读:689 | 回复:0
  • CVE-2022-21208
    CVE-2022-21208
    The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:23 | 阅读:550 | 回复:0
  • CVE-2022-35223
    CVE-2022-35223
    EasyUse MailHunter Ultimate’s cookie deserialization function has an inadequate validation vulnerability. Deserializing a cookie containing malicious payload will trigger this insecure deserializatio ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:22 | 阅读:1726 | 回复:0
  • CVE-2020-36271
    CVE-2020-36271
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:22 | 阅读:1857 | 回复:0
  • CVE-2020-36272
    CVE-2020-36272
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:22 | 阅读:759 | 回复:0
  • CVE-2020-36273
    CVE-2020-36273
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:22 | 阅读:596 | 回复:0
  • CVE-2021-3601
    CVE-2021-3601
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. OpenSSL does not class this issue as a security vulnerability. The trusted CA store sh ...……
    作者:菜鸟教程小白 | 时间:2022-8-12 22:21 | 阅读:1823 | 回复:0
  • CVE-2022-1799
    CVE-2022-1799
    Incorrect signature trust exists within Google Play services SDK play-services-basement. A debug version of Google Play services is trusted by the SDK for devices that are non-GMS. We recommend upgrad ...……
    作者:菜鸟教程小白 | 时间:2022-8-12 22:21 | 阅读:1491 | 回复:0
  • CVE-2022-24912
    CVE-2022-24912
    The package github.com/runatlantis/atlantis/server/controllers/events before 0.19.7 are vulnerable to Timing Attack in the webhook event validator code, which does not use a constant-time comparison f ...……
    作者:菜鸟教程小白 | 时间:2022-8-12 22:21 | 阅读:1523 | 回复:0
  • CVE-2022-1277
    CVE-2022-1277
    Inavitas Solar Log product has an unauthenticated SQL Injection vulnerability.……
    作者:菜鸟教程小白 | 时间:2022-8-12 22:21 | 阅读:1285 | 回复:0
  • CVE-2022-2576
    CVE-2022-2576
    In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if ...……
    作者:菜鸟教程小白 | 时间:2022-8-12 22:21 | 阅读:1023 | 回复:0
  • CVE-2022-35643
    CVE-2022-35643
    IBM PowerVM VIOS 3.1 could allow a remote attacker to tamper with system configuration or cause a denial of service. IBM X-Force ID: 230956.……
    作者:菜鸟教程小白 | 时间:2022-8-12 22:21 | 阅读:1178 | 回复:0
  • CVE-2022-36123
    CVE-2022-36123
    The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges.……
    作者:菜鸟教程小白 | 时间:2022-8-12 22:21 | 阅读:1157 | 回复:0
  • CVE-2016-4981
    CVE-2016-4981
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-4982. Reason: This candidate is a duplicate of CVE-2016-4982. Notes: All CVE users should reference CVE-2016-4982 instead of this ca ...……
    作者:菜鸟教程小白 | 时间:2022-8-12 22:21 | 阅读:1099 | 回复:0
  • CVE-2022-27873
    CVE-2022-27873
    An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. The vulnerability exists in th ...……
    作者:菜鸟教程小白 | 时间:2022-8-12 22:21 | 阅读:1531 | 回复:0
  • CVE-2022-2577
    CVE-2022-2577
    A vulnerability classified as critical was found in SourceCodester Garage Management System 1.0. This vulnerability affects unknown code of the file /edituser.php. The manipulation of the argument id ...……
    作者:菜鸟教程小白 | 时间:2022-8-12 22:21 | 阅读:990 | 回复:0
  • CVE-2022-2578
    CVE-2022-2578
    A vulnerability, which was classified as critical, has been found in SourceCodester Garage Management System 1.0. This issue affects some unknown processing of the file /php_action/createUser.php. The ...……
    作者:菜鸟教程小白 | 时间:2022-8-12 22:21 | 阅读:1080 | 回复:0
  • CVE-2022-2579
    CVE-2022-2579
    A vulnerability, which was classified as problematic, was found in SourceCodester Garage Management System 1.0. Affected is an unknown function of the file /php_action/createUser.php. The manipulation ...……
    作者:菜鸟教程小白 | 时间:2022-8-12 22:21 | 阅读:1323 | 回复:0
  • CVE-2022-33881
    CVE-2022-33881
    Parsing a maliciously crafted PRT file can force Autodesk AutoCAD 2023 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in ...……
    作者:菜鸟教程小白 | 时间:2022-8-12 22:21 | 阅读:1214 | 回复:0
  • CVE-2022-35629
    CVE-2022-35629
    Due to a bug in the handling of the communication between the client and server, it was possible for one client, already registered with their own client ID, to send messages to the server claiming to ...……
    作者:菜鸟教程小白 | 时间:2022-8-12 22:21 | 阅读:1541 | 回复:0
  • CVE-2022-35630
    CVE-2022-35630
    A cross-site scripting (XSS) issue in generating a collection report made it possible for malicious clients to inject JavaScript code into the static HTML file. This issue was resolved in Velociraptor ...……
    作者:菜鸟教程小白 | 时间:2022-8-12 22:21 | 阅读:1400 | 回复:0
  • CVE-2022-35631
    CVE-2022-35631
    On MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable file name with a symlink to another file and have the Velociraptor client overwrite the other file. Thi ...……
    作者:菜鸟教程小白 | 时间:2022-8-12 22:21 | 阅读:1431 | 回复:0
  • CVE-2022-35632
    CVE-2022-35632
    The Velociraptor GUI contains an editor suggestion feature that can display the description field of a VQL function, plugin or artifact. This field was not properly sanitized and can lead to cross-sit ...……
    作者:菜鸟教程小白 | 时间:2022-8-12 22:21 | 阅读:1807 | 回复:0
  • CVE-2022-23001
    CVE-2022-23001
    When compressing or decompressing elliptic curve points using the Sweet B library, an incorrect choice of sign bit is used. An attacker with user level privileges and no other user's assistance ca ...……
    作者:菜鸟教程小白 | 时间:2022-8-12 22:21 | 阅读:1384 | 回复:0
  • CVE-2022-23002
    CVE-2022-23002
    When compressing or decompressing a point on the NIST P-256 elliptic curve with an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The r ...……
    作者:菜鸟教程小白 | 时间:2022-8-12 22:21 | 阅读:1291 | 回复:0
  • CVE-2022-23003
    CVE-2022-23003
    When computing a shared secret or point multiplication on the NIST P-256 curve that results in an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is ...……
    作者:菜鸟教程小白 | 时间:2022-8-12 22:21 | 阅读:1982 | 回复:0
  • CVE-2022-23004
    CVE-2022-23004
    When computing a shared secret or point multiplication on the NIST P-256 curve using a public key with an X coordinate of zero, an error is returned from the library, and an invalid unreduced value is ...……
    作者:菜鸟教程小白 | 时间:2022-8-12 22:21 | 阅读:1435 | 回复:0
  • CVE-2022-2414
    CVE-2022-2414
    Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sendi ...……
    作者:菜鸟教程小白 | 时间:2022-8-12 22:21 | 阅读:1745 | 回复:0
  • CVE-2022-36378
    CVE-2022-36378
    Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking Floating Div plugin = 3.0 at WordPress.……
    作者:菜鸟教程小白 | 时间:2022-8-12 22:21 | 阅读:1408 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
专题导读
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap