CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-21668

pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a special ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：22 | 回复：0
CVE-2022-21670

markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12 ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：20 | 回复：0
CVE-2022-21672

make-ca is a utility to deliver and manage a complete PKI configuration for workstations and servers. Starting with version 0.9 and prior to version 1.10, make-ca misinterprets Mozilla certdata.txt an ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：16 | 回复：0
CVE-2020-25427

A Null pointer dereference vulnerability exits in MP4Box - GPAC version 0.8.0-rev177-g51a8ef874-master via the gf_isom_get_track_id function, which causes a denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：18 | 回复：0
CVE-2021-35452

An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：18 | 回复：0
CVE-2021-36408

An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decoding file using dec265.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：20 | 回复：0
CVE-2021-36409

There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the ap ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：16 | 回复：0
CVE-2021-36410

A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback when running program dec265.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：17 | 回复：0
CVE-2021-36411

An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory access in function derive_boundaryStrength of deblock.cc has occurred. The vulnerability caus ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：18 | 回复：0
CVE-2021-36412

A heap-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via the gp_rtp_builder_do_mpeg12_video function, which allows attackers to possibly have unspecified other impact via a crafte ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：16 | 回复：0
CVE-2021-36414

A heab-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via media.c, which allows attackers to cause a denial of service or execute arbitrary code via a crafted file.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：14 | 回复：0
CVE-2022-0144

shelljs is vulnerable to Improper Privilege Management……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：14 | 回复：0
CVE-2021-37195

A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions V10.3.3.3 only if web components are used), COMOS V10.4 (All versions V10 ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：16 | 回复：0
CVE-2021-37196

A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions V10.3.3.3 only if web components are used), COMOS V10.3 (All versions = V1 ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：22 | 回复：0
CVE-2021-37197

A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions V10.3.3.3 only if web components are used), COMOS V10.4 (All versions V10 ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：23 | 回复：0
CVE-2021-37198

A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions V10.3.3.3 only if web components are used), COMOS V10.4 (All versions V10 ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：20 | 回复：0
CVE-2021-41769

A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions V8.83), SIPROTEC 5 6MD89 devices ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：16 | 回复：0
CVE-2021-45033

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions V16.20), CP-8021 MASTER MODULE (All ve ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：13 | 回复：0
CVE-2021-45034

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions V16.20), CP-8021 MASTER MODULE (All ve ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：15 | 回复：0
CVE-2021-45460

A vulnerability has been identified in SICAM PQ Analyzer (All versions V3.18). A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：9 | 回复：0
CVE-2021-44647

Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：8 | 回复：0
CVE-2022-21669

PuddingBot is a group management bot. In version 0.0.6-b933652 and prior, the bot token is publicly exposed in main.py, making it accessible to malicious actors. The bot token has been revoked and new ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：7 | 回复：0
CVE-2022-21671

@replit/crosis is a JavaScript client that speaks Replit's container protocol. A vulnerability that involves exposure of sensitive information exists in versions prior to 7.3.1. When using this li ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：7 | 回复：0
CVE-2020-28102

cscms v4.1 allows for SQL injection via the js_del function.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：8 | 回复：0
CVE-2020-28103

cscms v4.1 allows for SQL injection via the page_del function.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：10 | 回复：0
CVE-2021-43566

All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the sha ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：10 | 回复：0
CVE-2022-0170

peertube is vulnerable to Improper Access Control……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：10 | 回复：0
CVE-2021-29701

IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6.0.6 and 6.0.6.1 could allow an authneticated attacker to obtain sensitive information from build defini ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：7 | 回复：0
CVE-2021-38991

IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the lscore command which could lead to code execution. IBM X-Force ID: 212953.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：6 | 回复：0
CVE-2022-0129

Uncontrolled search path element vulnerability in McAfee TechCheck prior to 4.0.0.2 allows a local administrator to load their own Dynamic Link Library (DLL) gaining elevation of privileges to system ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：6 | 回复：0
CVE-2022-0173

radare2 is vulnerable to Out-of-bounds Read……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：6 | 回复：0
CVE-2021-1573

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to t ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：5 | 回复：0
CVE-2021-34704

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to t ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：6 | 回复：0
CVE-2021-43052

The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability th ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：6 | 回复：0
CVE-2021-43053

The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a difficult to exploit vulnerability t ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：6 | 回复：0
CVE-2021-43054

The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：6 | 回复：0
CVE-2021-43055

The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：6 | 回复：0
CVE-2021-43971

A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to execute arbitrary SQL commands via the filterText parameter.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：6 | 回复：0
CVE-2021-43972

An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web ro ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：6 | 回复：0
CVE-2021-43973

An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to upload an arbitrary file via the file parameter in the HTTP POST bod ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：5 | 回复：0