CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-45832

A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at at hdf5/src/H5Eint.c, which causes a Denial of Service (context-dependent).……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-45833

A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 via the H5D__create_chunk_file_map_hyper function in /hdf5/src/H5Dchunk.c, which causes a Denial of Service (context-dependent).……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2022-21653

Jawn is an open source JSON parser. Extenders of the `org.typelevel.jawn.SimpleFacade` and `org.typelevel.jawn.MutableFacade` who don't override `objectContext()` are vulnerable to a hash collisio ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：5 | 回复：0
CVE-2020-5956

An issue was discovered in SdLegacySmm in Insyde InsydeH2O with kernel 5.1 before 05.15.11, 5.2 before 05.25.11, 5.3 before 05.34.11, and 5.4 before 05.42.11. The software SMI handler allows untrusted ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：7 | 回复：0
CVE-2021-45969

An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exist ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-45970

An issue was discovered in IdeBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-46038

A Pointer Dereference vulnerability exists in GPAC 1.0.1 in unlink_chunk.isra, which causes a Denial of Service (context-dependent).……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：5 | 回复：0
CVE-2020-23986

Github Read Me Stats commit 3c7220e4f7144f6cb068fd433c774f6db47ccb95 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the function renderError.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2020-27428

A DOM-based cross-site scripting (XSS) vulnerability in Scratch-Svg-Renderer v0.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted sb3 file.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-41842

An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08.46, 5.1 before 05.16.46, 5.2 before 05.26.46, 5.3 before 05.35.46, 5.4 before 05.43.46, and 5.5 before 05.51.45 in Insyde InsydeH ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：5 | 回复：0
CVE-2021-45971

An issue was discovered in SdHostDriver in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：5 | 回复：0
CVE-2021-43947

Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code via a Remote Code Execution (RCE) vulnerability in the Email T ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2022-0121

hoppscotch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-46141

An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：5 | 回复：0
CVE-2021-46142

An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-46143

In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-46144

Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2022-0122

forge is vulnerable to URL Redirection to Untrusted Site……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2022-22704

The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-46145

The keyfob subsystem in Honda Civic 2012 vehicles allows a replay attack for unlocking. This is related to a non-expiring rolling code and counter resynchronization.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2022-22707

In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-36737

The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the v3-demo-portlet.war artifact……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：5 | 回复：0
CVE-2021-36738

The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the applicant-mvcbe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：5 | 回复：0
CVE-2021-36739

The first name and last name fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site Scripting (XSS) attacks.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-44351

An arbitrary file read vulnerability exists in NavigateCMS 2.9 via /navigate/navigate_download.php id parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-44564

A security vulnerability originally reported in the SYNC2101 product, and applicable to specific sub-families of SYNC devices, allows an attacker to download the configuration file used in the device ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：5 | 回复：0
CVE-2021-27738

All request mappings in `StreamingCoordinatorController.java` handling `/kylin/api/streaming_coordinator/*` REST API endpoints did not include any security checks, which allowed an unauthenticated use ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-31522

Kylin can receive user input and load any class through Class.forName(...). This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-36774

Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：5 | 回复：0
CVE-2021-44584

Cross-site scripting (XSS) vulnerability in index.php in emlog version = pro-1.0.7 allows remote attackers to inject arbitrary web script or HTML via the s parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-44878

Pac4j v5.1 and earlier allows (by default) clients to accept and successfully validate ID Tokens with none algorithm (i.e., tokens with no signature) which is not secure and violates the OpenID Core S ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-45456

Apache kylin checks the legitimacy of the project before executing some commands with the project name passed in by the user. There is a mismatch between what is being checked and what is being used a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-45457

In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and pri ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-45458

Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-44590

In libming 0.4.8, a memory exhaustion vulnerability exist in the function cws2fws in util/main.c. Remote attackers could launch denial of service attacks by submitting a crafted SWF file that exploits ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-44591

In libming 0.4.8, the parseSWF_DEFINELOSSLESS2 function in util/parser.c lacks a boundary check that would lead to denial-of-service attacks via a crafted SWF file.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-46076

Sourcecodester Vehicle Service Management System 1.0 is vulnerable to File upload. An attacker can upload a malicious php file in multiple endpoints it leading to Code Execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-46080

A Cross Site Request Forgery (CSRF) vulnerability exists in Vehicle Service Management System 1.0. An successful CSRF attacks leads to Stored Cross Site Scripting Vulnerability.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-45744

A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.13.1 via the TAGS section in login panel.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：5 | 回复：0
CVE-2021-45745

A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin in login panel.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：5 | 回复：0