CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-46019

An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：16 | 回复：0
CVE-2021-46020

An untrusted pointer dereference in mrb_vm_exec() of mruby v3.0.0 can lead to a segmentation fault or application crash.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：20 | 回复：0
CVE-2021-46021

An Use-After-Free vulnerability in rec_record_destroy() at rec-record.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：23 | 回复：0
CVE-2021-46022

An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：18 | 回复：0
CVE-2021-46195

GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：17 | 回复：0
CVE-2022-0130

Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remote code execution vulnerability which could allow a remote, unauthenticated attacker to execute code under special circumstances. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：19 | 回复：0
CVE-2022-21137

Omron CX-One Versions 4.60 and prior are vulnerable to a stack-based buffer overflow while processing specific project files, which may allow an attacker to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：22 | 回复：0
CVE-2022-22290

Incorrect download source UI in Downloads in Samsung Internet prior to 16.0.6.23 allows attackers to perform domain spoofing via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：33 | 回复：0
CVE-2022-22529

SAP Enterprise Threat Detection (ETD) - version 2.0, does not sufficiently encode user-controlled inputs which may lead to an unauthorized attacker possibly exploit XSS vulnerability. The UIs in ETD a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：25 | 回复：0
CVE-2022-22530

The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：16 | 回复：0
CVE-2022-22531

The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：28 | 回复：0
CVE-2021-46168

Spin v6.5.1 was discovered to contain an out-of-bounds write in lex() at spinlex.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：15 | 回复：0
CVE-2021-46169

Modex v2.11 was discovered to contain an Use-After-Free vulnerability via the component tcache.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：17 | 回复：0
CVE-2021-46170

An issue was discovered in JerryScript commit a6ab5e9. There is an Use-After-Free in lexer_compare_identifier_to_string in js-lexer.c file.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：14 | 回复：0
CVE-2021-46171

Modex v2.11 was discovered to contain a NULL pointer dereference in set_create_id() at xtract.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：17 | 回复：0
CVE-2021-24044

By passing invalid javascript code where await and yield were called upon non-async and non-generator getter/setter functions, Hermes would invoke generator functions and error out on invalid await/yi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：18 | 回复：0
CVE-2022-23094

Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：24 | 回复：0
CVE-2021-33963

China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ZRMacClone/mac_addr_clone receives parameters by POST request, and the parameter macType has a command injection vulnerability. An ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：10 | 回复：0
CVE-2021-44049

CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 2021-12-20 allows a local user to gain elevated privileges via a Trojan horse Procmon64.exe in the user's Temp directory.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：10 | 回复：0
CVE-2022-23095

Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files. Unchecked input data from a crafted JPG file leads to memory corruption. An attacker can leverage this vulnerabi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：13 | 回复：0
CVE-2022-23178

An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are va ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：47 | 回复：0
CVE-2020-28919

A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an authenticated remote attacker to inject arbitrary JavaScript via a javascript: URL in a view title.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：10 | 回复：0
CVE-2021-32545

Pexip Infinity before 26 allows remote denial of service because of missing RTMP input validation.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：9 | 回复：0
CVE-2021-33498

Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 1 of 2).……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：9 | 回复：0
CVE-2021-33499

Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 2 of 2).……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：4 | 回复：0
CVE-2021-35969

Pexip Infinity before 26 allows temporary remote Denial of Service (abort) because of missing call-setup input validation.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：6 | 回复：0
CVE-2021-42555

Pexip Infinity before 26.2 allows temporary remote Denial of Service (abort) because of missing call-setup input validation.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：10 | 回复：0
CVE-2021-33827

The files_antivirus component before 1.0.0 for ownCloud allows OS Command Injection via the administration settings.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：8 | 回复：0
CVE-2021-33828

The files_antivirus component before 1.0.0 for ownCloud mishandles the protection mechanism by which malicious files (that have been uploaded to a public share) are supposed to be deleted upon detecti ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：13 | 回复：0
CVE-2021-44537

ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：9 | 回复：0
CVE-2022-0238

phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：6 | 回复：0
CVE-2022-0235

node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：5 | 回复：0
CVE-2021-4170

calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：11 | 回复：0
CVE-2022-23303

The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an inco ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：7 | 回复：0
CVE-2022-23304

The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：8 | 回复：0
CVE-2022-0239

corenlp is vulnerable to Improper Restriction of XML External Entity Reference……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：10 | 回复：0
CVE-2021-4171

calibre-web is vulnerable to Business Logic Errors……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：8 | 回复：0
CVE-2022-0131

Jimoty App for Android versions prior to 3.7.42 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：26 | 回复：0
CVE-2022-0180

Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to hijack the authentication of administrators and conduct arbitrary operatio ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：16 | 回复：0
CVE-2022-0181

Reflected cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to inject an arbitrary script via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：5 | 回复：0