CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-28711

Rogue backends can cause DoS of guests via high frequency events T Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as driver domains. Running PV backend ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：13 | 回复：0
CVE-2021-28712

Rogue backends can cause DoS of guests via high frequency events T Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as driver domains. Running PV backend ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：13 | 回复：0
CVE-2021-28713

Rogue backends can cause DoS of guests via high frequency events T Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as driver domains. Running PV backend ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：12 | 回复：0
CVE-2021-38918

IBM PowerVM Hypervisor FW860, FW940, FW950, and FW1010, through a specific sequence of VM management operations could lead to a violation of the isolation between peer VMs. IBM X-Force ID: 210019.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：12 | 回复：0
CVE-2021-43779

GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions 2.9.1 suffers from authenticated Remote Code Execution vulnerability, ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：13 | 回复：0
CVE-2021-43816

containerd is an open source container runtime. On installations using SELinux, such as EL8 (CentOS, RHEL), Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtim ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：12 | 回复：0
CVE-2022-21642

Discourse is an open source platform for community discussion. In affected versions when composing a message from topic the composer user suggestions reveals whisper participants. The issue has been p ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：12 | 回复：0
CVE-2021-45830

A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via H5F_addr_decode_len in /hdf5/src/H5Fint.c, which could cause a Denial of Service.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：13 | 回复：0
CVE-2021-45831

A Null Pointer Dereference vulnerability exitgs in GPAC 1.0.1 in MP4Box via __strlen_avx2, which causes a Denial of Service.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：15 | 回复：0
CVE-2022-21651

Shopware is an open source e-commerce software platform. An open redirect vulnerability has been discovered. Users may be arbitrary redirected due to incomplete URL handling in the shopware router. Th ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：16 | 回复：0
CVE-2022-21652

Shopware is an open source e-commerce software platform. In affected versions shopware would not invalidate a user session in the event of a password change. With version 5.7.7 the session validation ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：17 | 回复：0
CVE-2021-45832

A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at at hdf5/src/H5Eint.c, which causes a Denial of Service (context-dependent).……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：25 | 回复：0
CVE-2021-45833

A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 via the H5D__create_chunk_file_map_hyper function in /hdf5/src/H5Dchunk.c, which causes a Denial of Service (context-dependent).……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：16 | 回复：0
CVE-2022-21653

Jawn is an open source JSON parser. Extenders of the `org.typelevel.jawn.SimpleFacade` and `org.typelevel.jawn.MutableFacade` who don't override `objectContext()` are vulnerable to a hash collisio ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：15 | 回复：0
CVE-2020-5956

An issue was discovered in SdLegacySmm in Insyde InsydeH2O with kernel 5.1 before 05.15.11, 5.2 before 05.25.11, 5.3 before 05.34.11, and 5.4 before 05.42.11. The software SMI handler allows untrusted ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：21 | 回复：0
CVE-2021-45969

An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exist ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：21 | 回复：0
CVE-2021-45970

An issue was discovered in IdeBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：22 | 回复：0
CVE-2021-46038

A Pointer Dereference vulnerability exists in GPAC 1.0.1 in unlink_chunk.isra, which causes a Denial of Service (context-dependent).……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：23 | 回复：0
CVE-2020-23986

Github Read Me Stats commit 3c7220e4f7144f6cb068fd433c774f6db47ccb95 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the function renderError.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：22 | 回复：0
CVE-2020-27428

A DOM-based cross-site scripting (XSS) vulnerability in Scratch-Svg-Renderer v0.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted sb3 file.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：24 | 回复：0
CVE-2021-41842

An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08.46, 5.1 before 05.16.46, 5.2 before 05.26.46, 5.3 before 05.35.46, 5.4 before 05.43.46, and 5.5 before 05.51.45 in Insyde InsydeH ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：26 | 回复：0
CVE-2021-45971

An issue was discovered in SdHostDriver in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exi ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：42 | 回复：0
CVE-2021-43947

Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code via a Remote Code Execution (RCE) vulnerability in the Email T ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：28 | 回复：0
CVE-2022-0121

hoppscotch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：32 | 回复：0
CVE-2021-46141

An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：53 | 回复：0
CVE-2021-46142

An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：105 | 回复：0
CVE-2021-46143

In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：64 | 回复：0
CVE-2021-46144

Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：64 | 回复：0
CVE-2022-0122

forge is vulnerable to URL Redirection to Untrusted Site……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：47 | 回复：0
CVE-2022-22704

The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the co ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：65 | 回复：0
CVE-2021-46145

The keyfob subsystem in Honda Civic 2012 vehicles allows a replay attack for unlocking. This is related to a non-expiring rolling code and counter resynchronization.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：54 | 回复：0
CVE-2022-22707

In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of s ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：59 | 回复：0
CVE-2021-36737

The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the v3-demo-portlet.war artifact……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：31 | 回复：0
CVE-2021-36738

The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the applicant-mvcbe ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：51 | 回复：0
CVE-2021-36739

The first name and last name fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site Scripting (XSS) attacks.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：34 | 回复：0
CVE-2021-44351

An arbitrary file read vulnerability exists in NavigateCMS 2.9 via /navigate/navigate_download.php id parameter.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：38 | 回复：0
CVE-2021-44564

A security vulnerability originally reported in the SYNC2101 product, and applicable to specific sub-families of SYNC devices, allows an attacker to download the configuration file used in the device ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：33 | 回复：0
CVE-2021-27738

All request mappings in `StreamingCoordinatorController.java` handling `/kylin/api/streaming_coordinator/*` REST API endpoints did not include any security checks, which allowed an unauthenticated use ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：22 | 回复：0
CVE-2021-31522

Kylin can receive user input and load any class through Class.forName(...). This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：40 | 回复：0
CVE-2021-36774

Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：28 | 回复：0