CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-46067

In Vehicle Service Management System 1.0 an attacker can steal the cookies leading to Full Account Takeover.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：5 | 回复：0
CVE-2021-46068

A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the My Account Section in login panel.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-46069

A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Mechanic List Section in login panel.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-46070

A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Service Requests Section in login panel.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-46071

A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Category List Section in login panel.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-46072

A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Service List Section in login panel.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-46073

A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the User List Section in login panel.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：5 | 回复：0
CVE-2021-46074

A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the Settings Section in login panel.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-46075

A Privilege Escalation vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. Staff account users can access the admin resources and perform CRUD Operations.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-46078

An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to a Stored Cross-Site Scripting vulnerab ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-46079

An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to Html Injection.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：5 | 回复：0
CVE-2022-0128

vim is vulnerable to Out-of-bounds Read……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：5 | 回复：0
CVE-2021-28714

Guest can force Linux netback driver to hog large amounts of kernel memory T Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-28715

Guest can force Linux netback driver to hog large amounts of kernel memory T Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：5 | 回复：0
CVE-2021-43045

A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-4194

bookstack is vulnerable to Improper Access Control……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-46039

A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the shift_chunk_offsets.part function, which causes a Denial of Service (context-dependent).……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-46040

A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the finplace_shift_moov_meta_offsets function, which causes a Denial of Servie (context-dependent).……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-46041

A Segmentation Fault Vulnerability exists in GPAC 1.0.1 via the co64_box_new function, which causes a Denial of Service.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-46042

A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the _fseeko function, which causes a Denial of Service.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-42841

Insta HMS before 12.4.10 is vulnerable to XSS because of improper validation of user-supplied input by multiple scripts. A remote attacker could exploit this vulnerability via a crafted URL to execute ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：5 | 回复：0
CVE-2021-46043

A Pointer Dereference Vulnerability exits in GPAC 1.0.1 in the gf_list_count function, which causes a Denial of Service.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-46044

A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1via ShiftMetaOffset.isra, which causes a Denial of Service (context-dependent).……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：5 | 回复：0
CVE-2022-21661

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is pos ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2022-21662

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users (like author) in WordPress core are able to execute ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2022-21663

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening un ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2022-21664

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for uni ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-25743

kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-38674

A cross-site scripting (XSS) vulnerability has been reported to affect QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：5 | 回复：0
CVE-2020-10137

Z-Wave devices based on Silicon Labs 700 series chipsets using S2 do not adequately authenticate or encrypt FIND_NODE_IN_RANGE frames, allowing a remote, unauthenticated attacker to inject a FIND_NODE ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：5 | 回复：0
CVE-2020-29050

SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2020-9057

Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerabl ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2020-9058

Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 versi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2020-9059

Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 ve ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：5 | 回复：0
CVE-2020-9060

Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited to the ZooZ ZST10 version 6.04, ZooZ ZEN20 version 5.03, ZooZ ZEN25 version 5.03, Aeon Labs ZW090-A ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：5 | 回复：0
CVE-2020-9061

Z-Wave devices using Silicon Labs 500 and 700 series chipsets, including but not likely limited to the SiLabs UZB-7 version 7.00, ZooZ ZST10 version 6.04, Aeon Labs ZW090-A version 3.95, and Samsung S ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-20046

A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-20048

A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the fir ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-22060

In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-22569

An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0