CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-22688

Improper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-2 allow ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：88 | 回复：0
CVE-2018-25032

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：104 | 回复：0
CVE-2021-44751

A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website attached with USSD code in JavaScript or iFrame can trigger dialer application from F-Secure browser which ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：136 | 回复：0
CVE-2022-1040

An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：248 | 回复：0
CVE-2022-1064

SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：145 | 回复：0
CVE-2022-27227

In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：120 | 回复：0
CVE-2020-21554

A File Deletion vulnerability exists in TinyShop 3.1.1 in the back_list parameter in controllers\admin.php, which could let a malicious user delete any file such as install.lock to reinstall cms.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：158 | 回复：0
CVE-2021-43090

An XML External Entity (XXE) vulnerability exists in soa-model before 1.6.4 in the WSDLParser function.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：84 | 回复：0
CVE-2021-46426

phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：73 | 回复：0
CVE-2022-25574

A stored cross-site scripting (XSS) vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：64 | 回复：0
CVE-2021-43091

An SQL Injection vlnerability exits in Yeswiki doryphore 20211012 via the email parameter in the registration form.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：61 | 回复：0
CVE-2022-24777

grpc-swift is the Swift language implementation of gRPC, a remote procedure call (RPC) framework. Prior to version 1.7.2, a grpc-swift server is vulnerable to a denial of service attack via a reachabl ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：51 | 回复：0
CVE-2022-25577

ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite database containing the user's data. Attackers who are able to gain remote or local access to the system ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：66 | 回复：0
CVE-2022-25582

A stored cross-site scripting (XSS) vulnerability in the Column module of ClassCMS v2.5 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：74 | 回复：0
CVE-2022-26263

Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability via the component /u8sl/WebHelp.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：57 | 回复：0
CVE-2021-43636

Two Buffer Overflow vulnerabilities exists in T10 V2_Firmware V4.1.8cu.5207_B20210320 in the http_request_parse function when processing host data in the HTTP request process.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：64 | 回复：0
CVE-2022-24778

The imgcrypt library provides API exensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for use by containerd to decrypt encrypted container i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：66 | 回复：0
CVE-2022-27881

engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has a buffer overflow triggerable by an IPv6 router advertisement with more than seven nameservers. NOTE: privilege separation and pledge ca ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：67 | 回复：0
CVE-2022-27882

slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedness error and resultant heap-based buffer overflow triggerable by a crafted IPv6 router advertisement. NOTE: privilege separation ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：62 | 回复：0
CVE-2021-20290

An improper authorization handling flaw was found in Foreman. The OpenSCAP plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：78 | 回复：0
CVE-2021-20323

A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：67 | 回复：0
CVE-2021-22100

In cloud foundry CAPI versions prior to 1.122, a denial-of-service attack in which a developer can push a service broker that (accidentally or maliciously) causes CC instances to timeout and fail is p ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：122 | 回复：0
CVE-2021-26620

An improper authentication vulnerability leading to information leakage was discovered in iptime NAS2dual. Remote attackers are able to steal important information in the server by exploiting vulnerab ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：57 | 回复：0
CVE-2021-26621

An Buffer Overflow vulnerability leading to remote code execution was discovered in MEX01. Remote attackers can use this vulnerability by using the property that the target program copies parameter va ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：58 | 回复：0
CVE-2021-26622

An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：53 | 回复：0
CVE-2021-35254

SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this input field to prevent the misuse of this input in the future.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：48 | 回复：0
CVE-2021-3422

The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial-of-service in Splunk Enterprise instances configured to index Universal Forwarder traffic. The vulnerab ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：49 | 回复：0
CVE-2021-3567

A flaw was found in Caribou due to a regression of CVE-2020-25712 fix. An attacker could use this flaw to bypass screen-locking applications that leverage Caribou as an input mechanism. The highest th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：51 | 回复：0
CVE-2021-3582

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. The issue occurs while handling a PVRDMA_CMD_CREATE_MR command due to improper memory remapping (mremap). This flaw ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：43 | 回复：0
CVE-2021-3814

It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. This conceivably bypasses access controls and permits unauthorize ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：51 | 回复：0
CVE-2021-3933

An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：49 | 回复：0
CVE-2021-3941

In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` bu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：64 | 回复：0
CVE-2021-44462

This vulnerability can be exploited by parsing maliciously crafted project files with Horner Automation Cscape EnvisionRV v4.50.3.1 and prior. The issues result from the lack of proper validation of u ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：40 | 回复：0
CVE-2021-44477

GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity (XXE) vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：52 | 回复：0
CVE-2021-44768

Delta Electronics CNCSoft (Version 1.01.30) and prior) is vulnerable to an out-of-bounds read while processing a specific project file, which may allow an attacker to disclose information.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：43 | 回复：0
CVE-2021-4147

A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：40 | 回复：0
CVE-2021-4157

An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：33 | 回复：0
CVE-2021-4202

A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：50 | 回复：0
CVE-2021-4203

A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：36 | 回复：0
CVE-2022-0322

A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：46 | 回复：0