CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-43290

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into a directory of a GoCD server. They can control the filename bu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：26 | 回复：0
CVE-2021-43633

Sourcecodester Messaging Web Application 1.0 is vulnerable to stored XSS. If a sender inserts valid scripts into the chat, the script will be executed on the receiver chat.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：36 | 回复：0
CVE-2022-26507

** UNSUPPORTED WHEN ASSIGNED ** A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in ATT Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：24 | 回复：0
CVE-2022-27444

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：27 | 回复：0
CVE-2022-27445

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：29 | 回复：0
CVE-2022-27446

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：43 | 回复：0
CVE-2022-27447

MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：31 | 回复：0
CVE-2022-27448

There is an Assertion failure in MariaDB Server v10.9 and below via 'node-pcur-rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：28 | 回复：0
CVE-2022-27449

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：27 | 回复：0
CVE-2022-27451

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：26 | 回复：0
CVE-2022-27452

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：19 | 回复：0
CVE-2022-27455

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：25 | 回复：0
CVE-2022-27456

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：24 | 回复：0
CVE-2022-27457

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：23 | 回复：0
CVE-2022-27458

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：24 | 回复：0
CVE-2021-45227

An issue was discovered in COINS Construction Cloud 11.12. Due to an inappropriate use of HTML IFRAME elements, the file upload functionality is vulnerable to a persistent Cross-Site Scripting (XSS) a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：32 | 回复：0
CVE-2021-45228

An XSS issue was discovered in COINS Construction Cloud 11.12. Due to insufficient neutralization of user input in the description of a task, it is possible to store malicious JavaScript code in the t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：31 | 回复：0
CVE-2022-1256

A local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privileged user to gain system privileges through running the repair functionality. Temporary file action ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：26 | 回复：0
CVE-2022-1257

Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db. The sen ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：29 | 回复：0
CVE-2022-1258

A blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) extension of MA prior to 5.7.6 can be exploited by an authenticated administrator on ePO to perform arbitrary SQL queries in the b ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：32 | 回复：0
CVE-2022-27007

nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a restored frame saved with njs_function_frame_save().……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：53 | 回复：0
CVE-2022-27008

nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Array.prototype.concat() when a slow array appended element is fast array.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：35 | 回复：0
CVE-2022-22181

A reflected Cross-site Scripting (XSS) vulnerability in J-Web of Juniper Networks Junos OS allows a network-based authenticated attacker to run malicious scripts reflected off J-Web to the victim' ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：38 | 回复：0
CVE-2022-22182

A Cross-site Scripting (XSS) vulnerability in Juniper Networks Junos OS J-Web allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：36 | 回复：0
CVE-2022-22183

An Improper Access Control vulnerability in Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker who is able to connect to a specific open IPv4 port, which in affected rel ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：53 | 回复：0
CVE-2022-22185

A vulnerability in Juniper Networks Junos OS on SRX Series, allows a network-based unauthenticated attacker to cause a Denial of Service (DoS) by sending a specific fragmented packet to the device, re ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：107 | 回复：0
CVE-2022-22186

Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on EX4650 devices, packets received on the management interface (em0) but not destined to the device, may be improperly for ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：113 | 回复：0
CVE-2022-22187

An Improper Privilege Management vulnerability in the Windows Installer framework used in the Juniper Networks Juniper Identity Management Service (JIMS) allows an unprivileged user to trigger a repai ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：80 | 回复：0
CVE-2022-22188

An Uncontrolled Memory Allocation vulnerability leading to a Heap-based Buffer Overflow in the packet forwarding engine (PFE) of Juniper Networks Junos OS allows a network-based unauthenticated attack ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：88 | 回复：0
CVE-2022-22189

An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration (CSO) allows a locally authenticated user to have their permissions elevated without authentication t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：58 | 回复：0
CVE-2022-22190

An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated attacker to leverage a crafted URL to generate PDF reports, potential ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：68 | 回复：0
CVE-2022-22191

A Denial of Service (DoS) vulnerability in the processing of a flood of specific ARP traffic in Juniper Networks Junos OS on the EX4300 switch, sent from the local broadcast domain, may allow an unaut ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：58 | 回复：0
CVE-2022-22193

An Improper Handling of Unexpected Data Type vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：46 | 回复：0
CVE-2022-22194

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packetIO daemon of Juniper Networks Junos OS Evolved on PTX10003, PTX10004, and PTX10008 allows an unauthenticated, network ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：28 | 回复：0
CVE-2022-22195

An Improper Update of Reference Count vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to trigger a counter overflow, eventually causi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：37 | 回复：0
CVE-2022-22196

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacke ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：46 | 回复：0
CVE-2022-22197

An Operation on a Resource after Expiration or Release vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based atta ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：48 | 回复：0
CVE-2022-22198

An Access of Uninitialized Pointer vulnerability in the SIP ALG of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). Continued receipt of t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：60 | 回复：0
CVE-2022-25165

An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU race condition exists during the validation of VPN configuration files. This allows parameters outside of the AWS VPN Client allow list ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：74 | 回复：0
CVE-2022-25166

An issue was discovered in Amazon AWS VPN Client 2.0.0. It is possible to include a UNC path in the OpenVPN configuration file when referencing file paths for parameters (such as auth-user-pass). When ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：68 | 回复：0