CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-3631

A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：66 | 回复：0
CVE-2021-3654

A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：86 | 回复：0
CVE-2021-3658

bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be dis ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：70 | 回复：0
CVE-2021-3667

An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not prope ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：73 | 回复：0
CVE-2021-3677

A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：99 | 回复：0
CVE-2021-3715

A flaw was found in the Routing decision classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：79 | 回复：0
CVE-2021-3716

A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY befo ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：126 | 回复：0
CVE-2021-3738

In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called 'association groups'. These handles can reference connections to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：175 | 回复：0
CVE-2021-3772

A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used an ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：274 | 回复：0
CVE-2021-4076

A flaw exists in tang, a network-based cryptographic binding server, which could result in leak of private keys.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：171 | 回复：0
CVE-2022-24722

VIewComponent is a framework for building view components in Ruby on Rails. Versions prior to 2.31.2 and 2.49.1 contain a cross-site scripting vulnerability that has the potential to impact anyone usi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：145 | 回复：0
CVE-2022-25114

Event Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the full_name parameter under register.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：125 | 回复：0
CVE-2022-25115

A remote code execution (RCE) vulnerability in the Avatar parameter under /admin/?page=user/manage_user of Home Owners Collection Management System v1.0 allows attackers to execute arbitrary code via ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：136 | 回复：0
CVE-2022-25393

Simple Bakery Shop Management v1.0 was discovered to contain a SQL injection vulnerability via the username parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：168 | 回复：0
CVE-2022-25394

Medical Store Management System v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter under customer-add.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：197 | 回复：0
CVE-2022-25395

Cosmetics and Beauty Product Online Store v1.0 was discovered to contain multiple reflected cross-site scripting (XSS) attacks via the search parameter under the /cbpos/ app.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：170 | 回复：0
CVE-2022-25396

Cosmetics and Beauty Product Online Store v1.0 was discovered to contain a SQL injection vulnerability via the search parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：169 | 回复：0
CVE-2022-25398

Auto Spare Parts Management v1.0 was discovered to contain a SQL injection vulnerability via the user parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：182 | 回复：0
CVE-2022-25399

Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：133 | 回复：0
CVE-2022-26169

Air Cargo Management System v1.0 was discovered to contain a SQL injection vulnerability via the ref_code parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：155 | 回复：0
CVE-2022-26170

Simple Mobile Comparison Website v1.0 was discovered to contain a SQL injection vulnerability via the search parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：229 | 回复：0
CVE-2022-26171

Bank Management System v1.o was discovered to contain a SQL injection vulnerability via the email parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：186 | 回复：0
CVE-2021-38263

Cross-site scripting (XSS) vulnerability in the Server module's script console in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 20 and 7.2 before f ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：332 | 回复：0
CVE-2021-38264

Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 and 7.4.1 allows remote attackers to inject arbitrary web script or HTML into the management toolbar sear ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：189 | 回复：0
CVE-2021-38265

Cross-site scripting (XSS) vulnerability in the Asset module in Liferay Portal 7.3.4 through 7.3.6 allow remote attackers to inject arbitrary web script or HTML when creating a collection page via the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：209 | 回复：0
CVE-2021-38267

Cross-site scripting (XSS) vulnerability in the Blogs module's edit blog entry page in Liferay Portal 7.3.2 through 7.3.6, and Liferay DXP 7.3 before fix pack 2 allows remote attackers to inject a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：264 | 回复：0
CVE-2021-38269

Cross-site scripting (XSS) vulnerability in the Gogo Shell module in Liferay Portal 7.1.0 through 7.3.6 and 7.4.0, and Liferay DXP 7.1 before fix pack 23, 7.2 before fix pack 13, and 7.3 before fix pa ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：192 | 回复：0
CVE-2021-44335

David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurs in function ok_png_transform_scanline() ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：173 | 回复：0
CVE-2021-44343

David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurred in function ok_png_read_data() in /ok ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：152 | 回复：0
CVE-2022-22909

HotelDruid v3.0.3 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room mod ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：208 | 回复：0
CVE-2022-25089

Printix Secure Cloud Print Management through 1.3.1106.0 incorrectly uses Privileged APIs to modify values in HKEY_LOCAL_MACHINE via UITasks.PersistentRegistryData.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：134 | 回复：0
CVE-2022-25146

The Remote App module in Liferay Portal through v7.4.3.8 and Liferay DXP through v7.4 does not check if the origin of event messages it receives matches the origin of the Remote App, allowing attacker ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：115 | 回复：0
CVE-2022-25471

An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any authenticated attacker to access and modify unauthorized areas via a crafted POST request to /modules/zend_modules/ ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：159 | 回复：0
CVE-2022-24563

In Genixcms v1.1.11, a stored Cross-Site Scripting (XSS) vulnerability exists in /gxadmin/index.php?page=themesview=options via the intro_title and intro_image parameters.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：114 | 回复：0
CVE-2022-24573

A stored cross-site scripting (XSS) vulnerability in the admin interface in Element-IT HTTP Commander 7.0.0 allows unauthenticated users to get admin access by injecting a malicious script in the User ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：135 | 回复：0
CVE-2021-42950

Remote Code Execution (RCE) vulnerability exists in Zepl Notebooks all previous versions before October 25 2021. Users can register for an account and are allocated a set number of credits to try the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：189 | 回复：0
CVE-2022-23849

The biometric lock in Devolutions Password Hub for iOS before 2021.3.4 allows attackers to access the application because of authentication bypass. An attacker must rapidly make failed biometric authe ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：138 | 回复：0
CVE-2022-0528

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository transloadit/uppy prior to 3.3.1.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：147 | 回复：0
CVE-2021-40635

OS4ED openSIS 8.0 is affected by SQL injection in ChooseCpSearch.php, ChooseRequestSearch.php. An attacker can inject a SQL query to extract information from the database.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：90 | 回复：0
CVE-2021-40636

OS4ED openSIS 8.0 is affected by SQL Injection in CheckDuplicateName.php, which can extract information from the database.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：79 | 回复：0