CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-31093

NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid `callbackUrl` qu ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:43 | 阅读：53 | 回复：0
CVE-2022-31081

HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison inter ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:42 | 阅读：72 | 回复：0
CVE-2022-31082

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. glpi-inventory-plugin is a plugin for GLPI to handle invent ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:42 | 阅读：51 | 回复：0
CVE-2022-31084

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 There are cases where LAM instantiates object ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:42 | 阅读：51 | 回复：0
CVE-2022-31085

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:42 | 阅读：49 | 回复：0
CVE-2022-31086

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 incorrect regular expressions allow to upload ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:42 | 阅读：49 | 回复：0
CVE-2022-31087

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the tmp directory, which is accessible by /la ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:42 | 阅读：60 | 回复：0
CVE-2022-31088

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the user name field at login could be used to ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:42 | 阅读：55 | 回复：0
CVE-2022-31089

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions certain types of invalid files requests are not handled properly and can cr ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:42 | 阅读：61 | 回复：0
CVE-2022-31039

Greenlight is a simple front-end interface for your BigBlueButton server. In affected versions an attacker can view any room's settings even though they are not authorized to do so. Only the room ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:41 | 阅读：64 | 回复：0
CVE-2022-31057

Shopware is an open source e-commerce software made in Germany. Versions of Shopware 5 prior to version 5.7.12 are subject to an authenticated Stored XSS in Administration. Users are advised to upgrad ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:41 | 阅读：51 | 回复：0
CVE-2022-31064

BigBlueButton is an open source web conferencing system. Users in meetings with private chat enabled are vulnerable to a cross site scripting attack in affected versions. The attack occurs when the at ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:41 | 阅读：64 | 回复：0
CVE-2022-31065

BigBlueButton is an open source web conferencing system. In affected versions an attacker can embed malicious JS in their username and have it executed on the victim's client. When a user receives ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:41 | 阅读：50 | 回复：0
CVE-2022-31076

KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message can crash CloudCore by ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:41 | 阅读：55 | 回复：0
CVE-2021-40942

In GPAC MP4Box v1.1.0, there is a heap-buffer-overflow in the function filter_parse_dyn_args function in filter_core/filter.c:1454, as demonstrated by GPAC. This can cause a denial of service (DOS).……

作者：菜鸟教程小白 | 时间：2022-7-7 08:41 | 阅读：60 | 回复：0
CVE-2022-31077

KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message response from KubeEdge ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:41 | 阅读：52 | 回复：0
CVE-2022-28172

The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to XSS ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:40 | 阅读：47 | 回复：0
CVE-2017-20098

A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting (Persistent ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:40 | 阅读：39 | 回复：0
CVE-2017-20099

A vulnerability was found in Analytics Stats Counter Statistics Plugin 1.2.2.5 and classified as critical. This issue affects some unknown processing. The manipulation leads to code injection. The att ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:40 | 阅读：46 | 回复：0
CVE-2022-28622

A potential security vulnerability has been identified in HPE StoreOnce Software. The SSH server supports weak key exchange algorithms which could lead to remote unauthorized access. HPE has made the ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:40 | 阅读：49 | 回复：0
CVE-2022-2221

Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. This issue affects: Dev ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:40 | 阅读：51 | 回复：0
CVE-2022-31034

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v0.11.0 are vulnerable to a variety of attacks when an SSO login is initiated from the A ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:40 | 阅读：47 | 回复：0
CVE-2022-31035

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting (XSS) bug allowing a malicious user to i ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:40 | 阅读：52 | 回复：0
CVE-2022-31036

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.3.0 are vulnerable to a symlink following bug allowing a malicious user with reposito ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:40 | 阅读：72 | 回复：0
CVE-2022-2140

Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an authenticated user to inject arbitrary code into specific parameters.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:39 | 阅读：42 | 回复：0
CVE-2021-40941

In Bento4 1.6.0-638, there is an allocator is out of memory in the function AP4_ArrayAP4_TrunAtom::Entry::EnsureCapacity in Ap4Array.h:172, as demonstrated by GPAC. This can cause a denial of service ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:39 | 阅读：47 | 回复：0
CVE-2022-26477

The Security Team noticed that the termination condition of the for loop in the readExternal method is a controllable variable, which, if tampered with, may lead to CPU exhaustion. As a fix, we added ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:39 | 阅读：52 | 回复：0
CVE-2022-28166

In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 18082 ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:39 | 阅读：42 | 回复：0
CVE-2022-28167

Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log……

作者：菜鸟教程小白 | 时间：2022-7-7 08:39 | 阅读：47 | 回复：0
CVE-2022-28168

In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to eas ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:39 | 阅读：41 | 回复：0
CVE-2022-28171

The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to exec ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:39 | 阅读：44 | 回复：0
CVE-2021-33650

When performing the inference shape operation of the SparseToDense operator, if the number of inputs is less than three, it will access data outside of bounds of inputs which allocated from heap buffe ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:38 | 阅读：35 | 回复：0
CVE-2021-33651

When performing the analytical operation of the DepthwiseConv2D operator, if the attribute depth_multiplier is 0, it will cause a division by 0 exception.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:38 | 阅读：36 | 回复：0
CVE-2021-33652

When the Reduce operator run operation is executed, if there is a value of 0 in the parameter axis_sizes element, it will cause a division by 0 exception.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:38 | 阅读：37 | 回复：0
CVE-2021-33653

When performing the derivation shape operation of the SpaceToBatch operator, if there is a value of 0 in the parameter block_shape element, it will cause a division by 0 exception.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:38 | 阅读：48 | 回复：0
CVE-2021-33654

When performing the initialization operation of the Split operator, if a dimension in the input shape is 0, it will cause a division by 0 exception.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:38 | 阅读：45 | 回复：0
CVE-2022-2088

An authenticated user with admin privileges may be able to terminate any process on the system running Elcomplus SmartICS v2.3.4.0.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:38 | 阅读：44 | 回复：0
CVE-2022-2106

Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specify arbitrary files.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:38 | 阅读：41 | 回复：0
CVE-2013-2084

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-2069. Reason: This candidate is a reservation duplicate of CVE-2013-2069. Notes: All CVE users should reference CVE-2013-2069 instea ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:37 | 阅读：43 | 回复：0
CVE-2013-2180

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent acciden ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:37 | 阅读：44 | 回复：0