CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-44584

Cross-site scripting (XSS) vulnerability in index.php in emlog version = pro-1.0.7 allows remote attackers to inject arbitrary web script or HTML via the s parameter.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：19 | 回复：0
CVE-2021-44878

If an OpenID Connect provider supports the none algorithm (i.e., tokens with no signature), pac4j v5.3.0 (and prior) does not refuse it without an explicit configuration on its side or for the idtoken ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：21 | 回复：0
CVE-2021-45456

Apache kylin checks the legitimacy of the project before executing some commands with the project name passed in by the user. There is a mismatch between what is being checked and what is being used a ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：23 | 回复：0
CVE-2021-45457

In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and pri ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：16 | 回复：0
CVE-2021-45458

Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：19 | 回复：0
CVE-2021-44590

In libming 0.4.8, a memory exhaustion vulnerability exist in the function cws2fws in util/main.c. Remote attackers could launch denial of service attacks by submitting a crafted SWF file that exploits ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：20 | 回复：0
CVE-2021-44591

In libming 0.4.8, the parseSWF_DEFINELOSSLESS2 function in util/parser.c lacks a boundary check that would lead to denial-of-service attacks via a crafted SWF file.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：19 | 回复：0
CVE-2021-46076

Sourcecodester Vehicle Service Management System 1.0 is vulnerable to File upload. An attacker can upload a malicious php file in multiple endpoints it leading to Code Execution.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：18 | 回复：0
CVE-2021-46080

A Cross Site Request Forgery (CSRF) vulnerability exists in Vehicle Service Management System 1.0. An successful CSRF attacks leads to Stored Cross Site Scripting Vulnerability.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：17 | 回复：0
CVE-2021-45744

A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.13.1 via the TAGS section in login panel.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：17 | 回复：0
CVE-2021-45745

A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin in login panel.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：15 | 回复：0
CVE-2021-46067

In Vehicle Service Management System 1.0 an attacker can steal the cookies leading to Full Account Takeover.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：13 | 回复：0
CVE-2021-46068

A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the My Account Section in login panel.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：13 | 回复：0
CVE-2021-46069

A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Mechanic List Section in login panel.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：13 | 回复：0
CVE-2021-46070

A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Service Requests Section in login panel.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：11 | 回复：0
CVE-2021-46071

A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Category List Section in login panel.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：9 | 回复：0
CVE-2021-46072

A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Service List Section in login panel.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：7 | 回复：0
CVE-2021-46073

A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the User List Section in login panel.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：5 | 回复：0
CVE-2021-46074

A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the Settings Section in login panel.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：5 | 回复：0
CVE-2021-46075

A Privilege Escalation vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. Staff account users can access the admin resources and perform CRUD Operations.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：5 | 回复：0
CVE-2021-46078

An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to a Stored Cross-Site Scripting vulnerab ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：5 | 回复：0
CVE-2021-46079

An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to Html Injection.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：5 | 回复：0
CVE-2022-0128

vim is vulnerable to Out-of-bounds Read……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：6 | 回复：0
CVE-2021-28714

Guest can force Linux netback driver to hog large amounts of kernel memory T Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：9 | 回复：0
CVE-2021-28715

Guest can force Linux netback driver to hog large amounts of kernel memory T Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：9 | 回复：0
CVE-2021-43045

A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avr ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：8 | 回复：0
CVE-2021-4194

bookstack is vulnerable to Improper Access Control……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：9 | 回复：0
CVE-2021-46039

A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the shift_chunk_offsets.part function, which causes a Denial of Service (context-dependent).……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：10 | 回复：0
CVE-2021-46040

A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the finplace_shift_moov_meta_offsets function, which causes a Denial of Servie (context-dependent).……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：9 | 回复：0
CVE-2021-46041

A Segmentation Fault Vulnerability exists in GPAC 1.0.1 via the co64_box_new function, which causes a Denial of Service.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：11 | 回复：0
CVE-2021-46042

A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the _fseeko function, which causes a Denial of Service.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：10 | 回复：0
CVE-2021-42841

Insta HMS before 12.4.10 is vulnerable to XSS because of improper validation of user-supplied input by multiple scripts. A remote attacker could exploit this vulnerability via a crafted URL to execute ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：11 | 回复：0
CVE-2021-46043

A Pointer Dereference Vulnerability exits in GPAC 1.0.1 in the gf_list_count function, which causes a Denial of Service.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：11 | 回复：0
CVE-2021-46044

A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1via ShiftMetaOffset.isra, which causes a Denial of Service (context-dependent).……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：11 | 回复：0
CVE-2022-21661

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is pos ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：11 | 回复：0
CVE-2022-21662

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users (like author) in WordPress core are able to execute ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：14 | 回复：0
CVE-2022-21663

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening un ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：10 | 回复：0
CVE-2022-21664

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for uni ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：12 | 回复：0
CVE-2021-25743

kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：10 | 回复：0
CVE-2021-38674

A cross-site scripting (XSS) vulnerability has been reported to affect QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：11 | 回复：0