CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-24042

The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsA ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：3 | 回复：0
CVE-2021-41141

PJSIP is a free and open source multimedia communication library written in the C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In various parts of PJSIP, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：3 | 回复：0
CVE-2021-41236

OroPlatform is a PHP Business Application Platform. In affected versions the email template preview is vulnerable to XSS payload added to email template content. An attacker must have permission to cr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-41610

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-27339. Reason: This candidate is a reservation duplicate of CVE-2020-27339. Notes: All CVE users should reference CVE-2020-27339 ins ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：3 | 回复：0
CVE-2021-43677

Fluxbb v1.4.12 is affected by a Cross Site Scripting (XSS) vulnerability.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：3 | 回复：0
CVE-2021-43832

Spinnaker is an open source, multi-cloud continuous delivery platform. Spinnaker has improper permissions allowing pipeline creation execution. This lets an arbitrary user with access to the gate end ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-43850

Discourse is an open source platform for community discussion. In affected versions admins users can trigger a Denial of Service attack via the `/message-bus/_diagnostics` path. The impact of this vul ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：3 | 回复：0
CVE-2021-43852

OroPlatform is a PHP Business Application Platform. In affected versions by sending a specially crafted request, an attacker could inject properties into existing JavaScript language construct prototy ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2022-21643

USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via register.php. In particular usernames, email addresses, and passwords provided by the user ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：3 | 回复：0
CVE-2022-21644

USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via usersearch.php. In search terms provided by the user were not sanitized and were used dire ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：3 | 回复：0
CVE-2022-21647

CodeIgniter is an open source PHP full-stack web framework. Deserialization of Untrusted Data was found in the `old()` function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary obj ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：3 | 回复：0
CVE-2022-21648

Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a sandbox escape exists allowing for injecti ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：3 | 回复：0
CVE-2022-21649

Convos is an open source multi-user chat that runs in a web browser. Characters starting with https:// in the chat window create an a tag. Stored XSS vulnerability using onfocus and autofocus occurs b ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：3 | 回复：0
CVE-2022-21650

Convos is an open source multi-user chat that runs in a web browser. You can't use SVG extension in Convos' chat window, but you can upload a file with an .html extension. By uploading an SVG ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：3 | 回复：0
CVE-2021-22045

VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device e ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-41388

Netskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability. The XPC implementation of nsAuxiliarySvc process does not perform validation on new connections before ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-45115

An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：3 | 回复：0
CVE-2021-45116

An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filt ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：3 | 回复：0
CVE-2021-45452

Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：3 | 回复：0
CVE-2021-43946

Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /se ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：3 | 回复：0
CVE-2021-22567

Bidirectional Unicode text can be interpreted and compiled differently than how it appears in editors which can be exploited to get nefarious code passed a code review by appearing benign. An attacker ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：3 | 回复：0
CVE-2020-15933

A exposure of sensitive information to an unauthorized actor in Fortinet FortiMail versions 6.0.9 and below, FortiMail versions 6.2.4 and below FortiMail versions 6.4.1 and 6.4.0 allows attacker to ob ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：3 | 回复：0
CVE-2021-31589

A cross-site scripting (XSS) vulnerability has been reported and confirmed for BeyondTrust Secure Remote Access Base Software version 6.0.1 and older, which allows the injection of unauthenticated, sp ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：3 | 回复：0
CVE-2021-41043

Use after free in tcpslice triggers AddressSanitizer, no other confirmed impact.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2022-22107

In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the appointments of all users i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2022-22108

In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the absences of all users in th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：3 | 回复：0
CVE-2022-22109

In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2022-22110

In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：3 | 回复：0
CVE-2022-22111

In DayByDay CRM, version 2.2.0 is vulnerable to missing authorization. Any application user in the application who has update user permission enabled is able to change the password of other users, inc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：3 | 回复：0
CVE-2021-28711

Rogue backends can cause DoS of guests via high frequency events T Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as driver domains. Running PV backend ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-28712

Rogue backends can cause DoS of guests via high frequency events T Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as driver domains. Running PV backend ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：3 | 回复：0
CVE-2021-28713

Rogue backends can cause DoS of guests via high frequency events T Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as driver domains. Running PV backend ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-38918

IBM PowerVM Hypervisor FW860, FW940, FW950, and FW1010, through a specific sequence of VM management operations could lead to a violation of the isolation between peer VMs. IBM X-Force ID: 210019.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-43779

GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions 2.9.1 suffers from authenticated Remote Code Execution vulnerability, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：3 | 回复：0
CVE-2021-43816

containerd is an open source container runtime. On installations using SELinux, such as EL8 (CentOS, RHEL), Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtim ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2022-21642

Discourse is an open source platform for community discussion. In affected versions when composing a message from topic the composer user suggestions reveals whisper participants. The issue has been p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：3 | 回复：0
CVE-2021-45830

A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via H5F_addr_decode_len in /hdf5/src/H5Fint.c, which could cause a Denial of Service.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：3 | 回复：0
CVE-2021-45831

A Null Pointer Dereference vulnerability exitgs in GPAC 1.0.1 in MP4Box via __strlen_avx2, which causes a Denial of Service.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：3 | 回复：0
CVE-2022-21651

Shopware is an open source e-commerce software platform. An open redirect vulnerability has been discovered. Users may be arbitrary redirected due to incomplete URL handling in the shopware router. Th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：3 | 回复：0
CVE-2022-21652

Shopware is an open source e-commerce software platform. In affected versions shopware would not invalidate a user session in the event of a password change. With version 5.7.7 the session validation ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0