CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-36349

Dell EMC Data Protection Central versions 19.5 and prior contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user could potentially exploit this vu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：53 | 回复：0
CVE-2021-43588

Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：54 | 回复：0
CVE-2021-43589

Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior to 5.1.2.0.5.007 contain an operating system (OS) command injection Vulnerability. A locally authenticated user with high privile ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：71 | 回复：0
CVE-2021-45222

An issue was discovered in COINS Construction Cloud 11.12. Due to logical flaws in the human ressources interface, it is vulnerable to privilege escalation by HR personnel.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：53 | 回复：0
CVE-2021-45223

An issue was discovered in COINS Construction Cloud 11.12. Due to insufficient input neutralization, it is vulnerable to denial of service attacks via forced server crashes.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：59 | 回复：0
CVE-2021-45224

An issue was discovered in COINS Construction Cloud 11.12. In several locations throughout the application, JavaScript code is passed as a URL parameter. Attackers can trivially alter this code to cau ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：54 | 回复：0
CVE-2021-45225

An issue was discovered in COINS Construction Cloud 11.12. Due to improper input neutralization, it is vulnerable to reflected cross-site scripting (XSS) via malicious links (affecting the search wind ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：40 | 回复：0
CVE-2021-45226

An issue was discovered in COINS Construction Cloud 11.12. Due to improper validation of user-controlled HTTP headers, attackers can cause it to send password-reset e-mails pointing to arbitrary websi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：36 | 回复：0
CVE-2021-46451

An SQL Injection vulnerabilty exists in Sourcecodester Online Project Time Management System 1.0 via the pid parameter in the load_file function.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：40 | 回复：0
CVE-2022-21710

ShortDescription is a MediaWiki extension that provides local short description support. A cross-site scripting (XSS) vulnerability exists in versions prior to 2.3.4. On a wiki that has the ShortDescr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：41 | 回复：0
CVE-2022-21711

elfspirit is an ELF static analysis and injection framework that parses, manipulates, and camouflages ELF files. When analyzing the ELF file format in versions prior to 1.1, there is an out-of-bounds ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：43 | 回复：0
CVE-2022-21715

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A cross-site scripting (XSS) vulnerability was found in `API\ResponseTrait` in Codeigniter4 prior to version 4.1.8. Attac ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：59 | 回复：0
CVE-2022-22554

Dell EMC System Update, version 1.9.2 and prior, contain an Unprotected Storage of Credentials vulnerability. A local attacker with user privleges could potentially exploit this vulnerability leading ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：56 | 回复：0
CVE-2022-0177

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent acciden ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：41 | 回复：0
CVE-2021-43394

Unisys OS 2200 Messaging Integration Services (NTSI) 7R3B IC3 and IC4, 7R3C, and 7R3D has an Incorrect Implementation of an Authentication Algorithm. An LDAP password is not properly validated.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：59 | 回复：0
CVE-2021-44988

Jerryscript v3.0.0 and below was discovered to contain a stack overflow via ecma_find_named_property in ecma-helpers.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：45 | 回复：0
CVE-2021-44992

There is an Assertion ''ecma_object_is_typedarray (obj_p)'' failed at /jerry-core/ecma/operations/ecma-typedarray-object.c in Jerryscript 3.0.0.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：46 | 回复：0
CVE-2021-44993

There is an Assertion ''ecma_is_value_boolean (base_value)'' failed at /jerry-core/ecma/operations/ecma-get-put-value.c in Jerryscript 3.0.0.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：48 | 回复：0
CVE-2021-44994

There is an Assertion ''JERRY_CONTEXT (jmem_heap_allocated_size) == 0'' failed at /jerry-core/jmem/jmem-heap.c in Jerryscript 3.0.0.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：31 | 回复：0
CVE-2021-46474

Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiEvalCodeSub in src/jsiEval.c. This vulnerability can lead to a Denial of Service (DoS).……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：32 | 回复：0
CVE-2021-46475

Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsi_ArraySliceCmd in src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS).……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：28 | 回复：0
CVE-2021-46477

Jsish v3.5.0 was discovered to contain a heap buffer overflow via RegExp_constructor in src/jsiRegexp.c. This vulnerability can lead to a Denial of Service (DoS).……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：29 | 回复：0
CVE-2021-46478

Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiClearStack in src/jsiEval.c. This vulnerability can lead to a Denial of Service (DoS).……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：45 | 回复：0
CVE-2021-46480

Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiValueObjDelete in src/jsiEval.c. This vulnerability can lead to a Denial of Service (DoS).……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：34 | 回复：0
CVE-2021-46481

Jsish v3.5.0 was discovered to contain a memory leak via linenoise at src/linenoise.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：31 | 回复：0
CVE-2021-46482

Jsish v3.5.0 was discovered to contain a heap buffer overflow via NumberConstructor at src/jsiNumber.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：32 | 回复：0
CVE-2021-46483

Jsish v3.5.0 was discovered to contain a heap buffer overflow via BooleanConstructor at src/jsiBool.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：37 | 回复：0
CVE-2022-23935

lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\|$/ check.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：37 | 回复：0
CVE-2022-0338

Improper Privilege Management in Conda loguru prior to 0.5.3.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：40 | 回复：0
CVE-2022-0268

Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav prior to 1.7.28.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：37 | 回复：0
CVE-2021-45340

In Libsixel prior to and including v1.10.3, a NULL pointer dereference in the stb_image.h component of libsixel allows attackers to cause a denial of service (DOS) via a crafted PICT file.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：34 | 回复：0
CVE-2021-45341

A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：35 | 回复：0
CVE-2021-45029

Groovy Code Injection SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：61 | 回复：0
CVE-2021-45342

A buffer overflow vulnerability in CDataList of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：45 | 回复：0
CVE-2021-45343

In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of libdxfrw allows an attacker to crash the application using a crafted DXF document.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：43 | 回复：0
CVE-2021-45802

MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because the email and phone parameter values are added to the SQL query without any verification at the time of membe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：35 | 回复：0
CVE-2021-45803

MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because this view parameter value is added to the SQL query without additional verification when viewing reservation.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：46 | 回复：0
CVE-2021-45844

Improper sanitization in the invocation of ODA File Converter from FreeCAD 0.19 allows an attacker to inject OS commands via a crafted filename.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：39 | 回复：0
CVE-2021-45845

The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS command injection, allowing an attacker to execute arbitrary commands via a crafted FCStd document.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：45 | 回复：0
CVE-2021-46113

In MartDevelopers KEA-Hotel-ERP open source as of 12-31-2021, a remote code execution vulnerability can be exploited by uploading PHP files using the file upload vulnerability in this service.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：45 | 回复：0