CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-0015

A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables an authenticated local user to execute programs with elevated privileges. This issue impa ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：45 | 回复：0
CVE-2021-35500

The Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：159 | 回复：0
CVE-2021-36417

A heap-based buffer overflow vulnerability exists in GPAC v1.0.1 in the gf_isom_dovi_config_get function in MP4Box, which causes a denial of service or execute arbitrary code via a crafted file.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：62 | 回复：0
CVE-2021-42560

An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives base64 encoded SVG parameters when generating a PDF document. These SVG documents are parsed in an unsafe manner and can be levera ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：38 | 回复：0
CVE-2021-42561

An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized name parameter to a python os.system function. This allows attackers to use shell metacharacters (e.g. ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：34 | 回复：0
CVE-2021-42562

An issue was discovered in CALDERA 2.8.1. It does not properly segregate user privileges, resulting in non-admin users having access to read and modify configuration or other components that should on ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：47 | 回复：0
CVE-2021-43960

** DISPUTED ** Lorensbergs Connect2 3.13.7647.20190 is affected by an XSS vulnerability. Exploitation requires administrator privileges and is performed through the Wizard editor of the application. T ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：25 | 回复：0
CVE-2022-21675

Bytecode Viewer (BCV) is a Java/Android reverse engineering suite. Versions of the package prior to 2.11.0 are vulnerable to Arbitrary File Write via Archive Extraction (AKA Zip Slip). The vulnerabili ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：24 | 回复：0
CVE-2022-21676

Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on th ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：28 | 回复：0
CVE-2021-41597

SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the UpgradeWizard functionality, if a PHP file is included in a ZIP archive.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：24 | 回复：0
CVE-2021-42558

An issue was discovered in CALDERA 2.8.1. It contains multiple reflected, stored, and self XSS vulnerabilities that may be exploited by authenticated and unauthenticated attackers.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：19 | 回复：0
CVE-2021-42559

An issue was discovered in CALDERA 2.8.1. It contains multiple startup requirements that execute commands when starting the server. Because these commands can be changed via the REST API, an authentic ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：12 | 回复：0
CVE-2021-45449

Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user's machine during login. This only affects users if they are on Docker Des ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：14 | 回复：0
CVE-2021-46225

A buffer overflow in the GmfOpenMesh() function of libMeshb v7.61 allows attackers to cause a Denial of Service (DoS) via a crafted MESH file.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：15 | 回复：0
CVE-2022-20612

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：9 | 回复：0
CVE-2022-20613

A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specifie ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：12 | 回复：0
CVE-2022-20614

A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specif ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：12 | 回复：0
CVE-2022-20615

Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting (XSS) vulnerability explo ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：11 | 回复：0
CVE-2022-20616

Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credentia ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：17 | 回复：0
CVE-2022-20617

Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permissi ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：17 | 回复：0
CVE-2022-20618

A missing permission check in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenki ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：16 | 回复：0
CVE-2022-20619

A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specif ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：16 | 回复：0
CVE-2022-20620

Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：14 | 回复：0
CVE-2022-20621

Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins contro ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：14 | 回复：0
CVE-2022-23105

Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：14 | 回复：0
CVE-2022-23106

Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a val ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：15 | 回复：0
CVE-2022-23107

Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, allowing attackers with Item/Configure permission to write and read specific ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：14 | 回复：0
CVE-2022-23108

Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a badge, resulting in a stored cross-site scripting (XSS) vulnerability expl ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：14 | 回复：0
CVE-2022-23109

Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault credentials in Pipeline build logs or in Pipeline step descriptions when Pipeline: Groovy Plugin 2.85 or later is installed.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：16 | 回复：0
CVE-2022-23111

A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentia ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：16 | 回复：0
CVE-2022-23112

A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credent ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：17 | 回复：0
CVE-2022-23113

Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Ite ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：16 | 回复：0
CVE-2022-23114

Jenkins Publish Over SSH Plugin 1.22 and earlier stores password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins contr ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：25 | 回复：0
CVE-2022-23115

Cross-site request forgery (CSRF) vulnerabilities in Jenkins batch task Plugin 1.19 and earlier allows attackers with Overall/Read access to retrieve logs, build or delete a batch task.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：15 | 回复：0
CVE-2022-23116

Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：18 | 回复：0
CVE-2022-23117

Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins contr ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：16 | 回复：0
CVE-2022-23118

Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line `git` at an attacker-specified path on the controller, allowing attackers ab ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：16 | 回复：0
CVE-2021-37529

A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream function in readpics.c, which could cause a denial of service (context-dependent).……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：14 | 回复：0
CVE-2021-37530

A denial of service vulnerabiity exists in fig2dev through 3.28a due to a segfault in the open_stream function in readpics.c.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：14 | 回复：0
CVE-2021-40559

A null pointer deference vulnerability exists in gpac through 1.0.1 via the naludmx_parse_nal_avc function in reframe_nalu, which allows a denail of service.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：13 | 回复：0