CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-23223

The HTTP response will disclose the user password. This issue affected Apache ShenYu 2.4.0 and 2.4.1.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：88 | 回复：0
CVE-2022-23944

User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：35 | 回复：0
CVE-2022-23945

Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：41 | 回复：0
CVE-2021-45846

A flaw in the AMF parser of Slic3r libslic3r 1.3.0 allows an attacker to cause an application crash using a crafted AMF document, where a metadata tag lacks a type attribute.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：28 | 回复：0
CVE-2021-45847

Several missing input validations in the 3MF parser component of Slic3r libslic3r 1.3.0 can each allow an attacker to cause an application crash using a crafted 3MF input file.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：43 | 回复：0
CVE-2022-21697

Jupyter Server Proxy is a Jupyter notebook server extension to proxy web services. Versions of Jupyter Server Proxy prior to 3.2.1 are vulnerable to Server-Side Request Forgery (SSRF). Any user deploy ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：47 | 回复：0
CVE-2022-23033

arm: guest_physmap_remove_page not removing the p2m mappings The functions to remove one or more entries from a guest p2m pagetable on Arm (p2m_remove_mapping, guest_physmap_remove_page, and p2m_set_e ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：48 | 回复：0
CVE-2022-23034

A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where a PV guest would have the IOMMU enabled. PV guests can requ ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：53 | 回复：0
CVE-2022-23035

Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up afte ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：52 | 回复：0
CVE-2021-3850

Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：71 | 回复：0
CVE-2022-0274

Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：44 | 回复：0
CVE-2021-38789

Allwinner R818 SoC Android Q SDK V1.0 is affected by an incorrect access control vulnerability that does not check the caller's permission, in which a third-party app could change system settings. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：36 | 回复：0
CVE-2022-0243

Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：48 | 回复：0
CVE-2022-22769

The Web server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, TIBCO EBX Add-ons, TIBCO EBX Add-ons, TIBCO EBX Add-ons, and TIBCO Product and Service Catalog powered by TIBCO E ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：43 | 回复：0
CVE-2021-23225

Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the new_username field during creation of a new user via Copy method at user_admin.ph ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：57 | 回复：0
CVE-2021-23842

Communication to the AMC2 uses a state-of-the-art cryptographic algorithm for symmetric encryption called Blowfish. An attacker could retrieve the key from the firmware to decrypt network traffic betw ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：41 | 回复：0
CVE-2021-23843

The Bosch software tools AccessIPConfig.exe and AmcIpConfig.exe are used to configure certains settings in AMC2 devices. The tool allows putting a password protection on configured devices to restrict ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：31 | 回复：0
CVE-2021-26247

As an unauthenticated remote user, visit http://CACTI_SERVER/auth_changepassword.php?ref=scriptalert(1)/script to successfully execute the JavaScript payload present in the ref URL parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：48 | 回复：0
CVE-2021-3816

Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the group_prefix field during the creation of a new group via Copy method at user_group_admin.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：39 | 回复：0
CVE-2021-44777

Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or bulk e-mail entries deletion discovered in Email Tracker WordPress plugin (versions = 5.2.6).……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：34 | 回复：0
CVE-2022-23045

PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent JavaScript code inside the Site title parameter while updating the site settings. The Site title setting is injected in several l ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：27 | 回复：0
CVE-2022-23046

PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the subnet parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：45 | 回复：0
CVE-2022-21679

Istio is an open platform to connect, manage, and secure microservices. In Istio 1.12.0 and 1.12.1 The authorization policy with hosts and notHosts might be accidentally bypassed for ALLOW action or r ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：42 | 回复：0
CVE-2022-21699

IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：28 | 回复：0
CVE-2022-21701

Istio is an open platform to connect, manage, and secure microservices. In versions 1.12.0 and 1.12.1 Istio is vulnerable to a privilege escalation attack. Users who have `CREATE` permission for `gate ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：29 | 回复：0
CVE-2021-46025

A Cross SIte Scripting (XSS) vulnerability exists in OneBlog = 2.2.8. via the add function in the operation tab list in the background.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：34 | 回复：0
CVE-2021-46027

mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, a blog tag will be added……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：35 | 回复：0
CVE-2021-4143

Cross-site Scripting (XSS) - Generic in GitHub repository bigbluebutton/bigbluebutton prior to 2.4.0.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：32 | 回复：0
CVE-2022-21704

log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable (in unix). This could ca ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：34 | 回复：0
CVE-2021-46026

mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting (XSS) via the add blog tag function in the blog tag in the background blog management.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：33 | 回复：0
CVE-2021-46028

In mblog = 3.5.0 there is a CSRF vulnerability in the background article management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, the article will be deleted.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：32 | 回复：0
CVE-2021-43269

In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy configuration to use a malicious proxy auto-config (PAC) file, leading to arbitrary code execution. This affec ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：34 | 回复：0
CVE-2022-0277

Improper Access Control in Packagist microweber/microweber prior to 1.2.11.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：47 | 回复：0
CVE-2022-0278

Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：42 | 回复：0
CVE-2021-3866

Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip more than and including 44f935695d452cc3fb16845a0c6af710438b153d and prior to 3eb2791c3e9695f7d37ffe84e0c2184fae665cb6.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：35 | 回复：0
CVE-2021-45230

In Apache Airflow prior to 2.2.0. This CVE applies to a specific case where a User who has can_create permissions on DAG Runs can create Dag Runs for dags that they don't have edit permissions for ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：32 | 回复：0
CVE-2022-0281

Exposure of Sensitive Information to an Unauthorized Actor in Packagist microweber/microweber prior to 1.2.11.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：38 | 回复：0
CVE-2022-22733

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：43 | 回复：0
CVE-2021-34600

Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for authorization of users.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：35 | 回复：0
CVE-2022-0282

Code Injection in Packagist microweber/microweber prior to 1.2.11.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：37 | 回复：0