CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-28471

In ffjpeg (commit hash: caade60), the function bmp_load() in bmp.c contains an integer overflow vulnerability, which eventually results in the heap overflow in jfif_encode() in jfif.c. This is due to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：12 | 回复：0
CVE-2022-29339

In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils/bitstream.c has a failed assertion, which causes a Denial of Service. This vulnerability was fixed in commit 9ea93a2.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：13 | 回复：0
CVE-2022-29340

GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gf_isom_parse_movie_boxes_internal due to improper return value handling of GF_SKIP_BOX, which causes a Denial of Se ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：9 | 回复：0
CVE-2021-42183

MasaCMS 7.2.1 is affected by a path traversal vulnerability in /index.cfm/_api/asset/image/.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：12 | 回复：0
CVE-2022-1464

Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can view the report and when open the attachment then xss is executed. This bug allow executed any javas ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：13 | 回复：0
CVE-2022-1516

A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：15 | 回复：0
CVE-2021-39020

IBM Guardium Data Encryption (GDE) 4.0.0.7 and lower stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：15 | 回复：0
CVE-2022-22415

A vulnerability exists where an IBM Robotic Process Automation 21.0.1 regular user is able to obtain view-only access to some admin pages in the Control Center IBM X-Force ID: 223029.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：16 | 回复：0
CVE-2022-22433

IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulner ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：18 | 回复：0
CVE-2022-22434

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user with physical access to create an API request modified to create additional objects. IBM X-Force ID: 224159.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：18 | 回复：0
CVE-2021-38423

All versions of GurumDDS improperly calculate the size to be used when allocating the buffer, which may result in a buffer overflow.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：17 | 回复：0
CVE-2021-38425

eProsima Fast DDS versions prior to 2.4.0 (#2269) are susceptible to exploitation when an attacker sends a specially crafted packet to flood a target device with unwanted traffic, which may result in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：15 | 回复：0
CVE-2021-38427

RTI Connext DDS Professional and Connext DDS Secure Versions 4.2.x to 6.1.0 are vulnerable to a stack-based buffer overflow, which may allow a local attacker to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：20 | 回复：0
CVE-2021-38429

OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic, which may result in a denial-of-service condition a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：19 | 回复：0
CVE-2021-38433

RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6.1.0 vulnerable to a stack-based buffer overflow, which may allow a local attacker to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：27 | 回复：0
CVE-2021-38435

RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6.1.0 not correctly calculate the size when allocating the buffer, which may result in a buffer overflow.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：22 | 回复：0
CVE-2021-38439

All versions of GurumDDS are vulnerable to heap-based buffer overflow, which may cause a denial-of-service condition or remotely execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：36 | 回复：0
CVE-2021-38441

Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：46 | 回复：0
CVE-2021-38443

Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：49 | 回复：0
CVE-2021-38445

OCI OpenDDS versions prior to 3.18.1 do not handle a length parameter consistent with the actual length of the associated data, which may allow an attacker to remotely execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：57 | 回复：0
CVE-2021-38447

OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic, which may result in a denial-of-service condition.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：72 | 回复：0
CVE-2021-38487

RTI Connext DDS Professional, Connext DDS Secure versions 4.2x to 6.1.0, and Connext DDS Micro versions 2.4 and later are vulnerable when an attacker sends a specially crafted packet to flood target d ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：111 | 回复：0
CVE-2021-38693

A path traversal vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, QTS, QVR Pro Appliance. If exploited, this vulnerability allows attackers to read the contents of u ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：90 | 回复：0
CVE-2021-43547

TwinOaks Computing CoreDX DDS versions prior to 5.9.1 are susceptible to exploitation when an attacker sends a specially crafted packet to flood target devices with unwanted traffic. This may result i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：52 | 回复：0
CVE-2021-44051

A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：56 | 回复：0
CVE-2021-44052

An improper link resolution before file access ('Link Following') vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, and QTS. If exploited, this vulnerability ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：54 | 回复：0
CVE-2021-44053

A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious co ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：37 | 回复：0
CVE-2021-44054

An open redirect vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows attackers to redirect users to an untrusted page th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：30 | 回复：0
CVE-2021-44055

An missing authorization vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows remote attackers to access data or perform actions that th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：31 | 回复：0
CVE-2021-44056

An improper authentication vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We h ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：64 | 回复：0
CVE-2021-44057

An improper authentication vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We h ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：46 | 回复：0
CVE-2022-1388

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed r ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：26 | 回复：0
CVE-2022-1389

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP (fixed in 17.0.0), a cross-site request forgery (CSRF) vulnerability exists in an undisclosed page of the BIG-IP Conf ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：26 | 回复：0
CVE-2022-1468

On all versions of 17.0.x, 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x on F5 BIG-IP, an authenticated iControl REST user with at least guest role privileges can cause processing delays to iCont ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：28 | 回复：0
CVE-2022-25946

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Applia ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：23 | 回复：0
CVE-2022-25990

On 1.0.x versions prior to 1.0.1, systems running F5OS-A software may expose certain registry ports externally. Note: Software versions which have reached End of Technical Support (EoTS) are not evalu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：23 | 回复：0
CVE-2022-26071

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, a flaw in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：20 | 回复：0
CVE-2022-26130

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when an Active mode-enabled FTP profile is co ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：40 | 回复：0
CVE-2022-26340

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：34 | 回复：0
CVE-2022-26370

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, and 14.1.x versions prior to 14.1.4.6, when a Session Initiation Protocol (SIP) message routing framework (MRF) applica ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：36 | 回复：0