CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-24223

AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:40 | 阅读：205 | 回复：0
CVE-2022-24196

iText v7.1.17 was discovered to contain an out-of-memory error via the component readStreamBytesRaw, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:40 | 阅读：421 | 回复：0
CVE-2022-24197

iText v7.1.17 was discovered to contain a stack-based buffer overflow via the component ByteBuffer.append, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:40 | 阅读：217 | 回复：0
CVE-2022-24198

iText v7.1.17 was discovered to contain an out-of-bounds exception via the component ARCFOUREncryption.encryptARCFOUR, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:40 | 阅读：187 | 回复：0
CVE-2021-42638

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not sanitize user input resulting in pre-auth remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:40 | 阅读：186 | 回复：0
CVE-2022-24300

Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:40 | 阅读：176 | 回复：0
CVE-2022-24301

In Minetest before 5.4.0, players can add or subtract items from a different player's inventory.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:40 | 阅读：180 | 回复：0
CVE-2021-36177

An improper access control vulnerability in FortiAuthenticator HA service 6.3.2 and below, 6.2.x, 6.1.x, 6.0.x may allow an attacker on the same vlan as the HA management interface to make an unauthe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:40 | 阅读：175 | 回复：0
CVE-2021-41016

A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiExtender version 7.0.1 and below, 4.2.3 and below, 4.1.7 and below allows an authenticate ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:40 | 阅读：172 | 回复：0
CVE-2021-42753

An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.x, 6.1.x, 6.0.x, 5.9.x ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:40 | 阅读：175 | 回复：0
CVE-2021-43062

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below, version 6.3.7 and below, version ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:40 | 阅读：182 | 回复：0
CVE-2021-43073

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below all ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:40 | 阅读：205 | 回复：0
CVE-2020-26208

JHEAD is a simple command line tool for displaying and some manipulation of EXIF header data embedded in Jpeg images from digital cameras. In affected versions there is a heap-buffer-overflow on jhead ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:40 | 阅读：180 | 回复：0
CVE-2021-24043

A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2, WhatsApp for iOS v2.21.230.6, WhatsApp Business for iOS 2.21.230.7, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:40 | 阅读：179 | 回复：0
CVE-2021-36193

Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted commands.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:40 | 阅读：170 | 回复：0
CVE-2021-39044

IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:40 | 阅读：170 | 回复：0
CVE-2021-39066

IBM Financial Transaction Manager 3.2.4 does not invalidate session any existing session identifier gives an attacker the opportunity to steal authenticated sessions. IBM X-Force ID: 215040.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:40 | 阅读：166 | 回复：0
CVE-2021-39070

IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control authentication service enabled could allow an attacker to authenticate as any user on the system. IBM X-Forc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:40 | 阅读：177 | 回复：0
CVE-2021-41018

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthori ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:40 | 阅读：195 | 回复：0
CVE-2022-0366

An authenticated and authorized agent user could potentially gain administrative access via an SQLi vulnerability to Capsule8 Console between versions 4.6.0 and 4.9.1.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:40 | 阅读：204 | 回复：0
CVE-2022-21724

pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attack ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:40 | 阅读：175 | 回复：0
CVE-2022-21817

NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can get user to browse malicious site, to acquire acces ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:40 | 阅读：168 | 回复：0
CVE-2022-22509

In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an incorrect privilege assignment allows an low privileged user to enable full access to the device configuration.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:40 | 阅读：176 | 回复：0
CVE-2022-22510

Codesys Profinet in version V4.2.0.0 is prone to null pointer dereference that allows a denial of service (DoS) attack of an unauthenticated user via SNMP.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:40 | 阅读：190 | 回复：0
CVE-2021-42633

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to SQL Injection, which may allow an attacker to access additional audit records.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:40 | 阅读：209 | 回复：0
CVE-2021-42637

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use user-controlled input to craft a URL, resulting in a Server Side Request Forgery (SSRF) vulnerability.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:40 | 阅读：184 | 回复：0
CVE-2021-42639

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to multiple reflected cross site scripting vulnerabilities. Attacker controlled input is reflected back in the page without sanit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:40 | 阅读：192 | 回复：0
CVE-2021-42640

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to reassign drivers for any p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:40 | 阅读：193 | 回复：0
CVE-2021-42641

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to disclose the username and ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:40 | 阅读：193 | 回复：0
CVE-2021-42642

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to disclose the plaintext con ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:40 | 阅读：167 | 回复：0
CVE-2021-39021

IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which could facilitate u ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:40 | 阅读：175 | 回复：0
CVE-2022-0443

Use After Free in Conda vim prior to 8.2.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:40 | 阅读：168 | 回复：0
CVE-2022-0432

Prototype Pollution in GitHub repository mastodon/mastodon prior to 3.5.0.……

作者：菜鸟教程小白 | 时间：2022-2-5 08:40 | 阅读：178 | 回复：0
CVE-2021-43522

An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 2021-11-08, 5.2 through 2021-11-08, and 5.3 through 2021-11-08. A StorageSecurityCommandDxe SMM memory corruption vulnerability allo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:40 | 阅读：163 | 回复：0
CVE-2022-24069

An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.0 before 05.08.41, 5.1 before 05.16.29, 5.2 before 05.26.29, 5.3 before 05.35.29, 5.4 before 05.43.29, and 5.5 before 05.51.29. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 08:40 | 阅读：172 | 回复：0
CVE-2019-0203Apache Subversion svnserve servers 代码问题漏洞-CVE漏洞库

Apache Subversion是美国阿帕奇（Apache）软件基金会的一套开源的版本控制系统。该系统可兼容并发版本系统(CVS)。svnserve servers是其中的一个轻量级的独立服务器。Apache Subversion svnserve servers中存在代码问 ...……

作者：菜鸟教程小白 | 时间：2022-2-4 19:14 | 阅读：193 | 回复：0
CVE-2019-0202Apache Storm 信息泄露漏洞-CVE漏洞库

Apache Storm是美国阿帕奇（Apache）软件基金会的一套采用Clojure（并发编程语言）开发的开源分布式实时计算系统。Apache Storm 0.9.1-incubating版本至1.2.2版本中存在日志信息泄露漏洞。该漏洞源于网络系统或产品 ...……

作者：菜鸟教程小白 | 时间：2022-2-4 19:14 | 阅读：201 | 回复：0
CVE-2019-0201Apache Zookeeper 授权问题漏洞-CVE漏洞库

Apache Zookeeper是美国阿帕奇（Apache）软件基金会的一个软件项目，它能够为大型分布式计算提供开源的分布式配置服务、同步服务和命名注册等功能。Apache ZooKeeper 1.0.0版本至3.4.13版本和3.5.0-alpha版本至3.5.4 ...……

作者：菜鸟教程小白 | 时间：2022-2-4 19:14 | 阅读：219 | 回复：0
CVE-2019-0200Apache Qpid Broker-J 安全漏洞-CVE漏洞库

Apache Qpid是美国阿帕奇（Apache）软件基金会的一款面向对象的消息中间件。该产品是一个AMQP（高级消息队列协议）的实现，可以和符合AMQP协议的系统进行通信，并提供了C++、Python、Java、C#等编程语言的客户端库。 ...……

作者：菜鸟教程小白 | 时间：2022-2-4 19:14 | 阅读：198 | 回复：0
CVE-2019-0199Apache Tomcat 安全漏洞-CVE漏洞库

Apache Tomcat是美国阿帕奇（Apache）软件基金会的一款轻量级Web应用服务器。该程序实现了对Servlet和JavaServer Page（JSP）的支持。Apache Tomcat中存在安全漏洞。攻击者可利用该漏洞造成拒绝服务。The HTTP/2 imp ...……

作者：菜鸟教程小白 | 时间：2022-2-4 19:14 | 阅读：215 | 回复：0