漏洞 - 第132页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-0855

Improper Resolution of Path Equivalence in GitHub repository microweber-dev/whmcs_plugin prior to 0.0.4.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-3737

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：47 | 回复：0
CVE漏洞

CVE-2021-3656

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：56 | 回复：0
CVE漏洞

CVE-2021-27757

Insecure password storage issue.The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.Since the information is stored in cleart ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：54 | 回复：0
CVE漏洞

CVE-2022-26318

On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：70 | 回复：0
CVE漏洞

CVE-2022-23233

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS) of the Local Distributio ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：57 | 回复：0
CVE漏洞

CVE-2022-23232

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could allow disabled, expired, or locked external user account ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：76 | 回复：0
CVE漏洞

CVE-2021-3575

A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：77 | 回复：0
CVE漏洞

CVE-2021-3428

A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent. Fabricating an ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：78 | 回复：0
CVE漏洞

CVE-2021-20319

An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：129 | 回复：0
CVE漏洞

CVE-2021-20303

A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an ou ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：86 | 回复：0
CVE漏洞

CVE-2021-20302

A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exce ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：74 | 回复：0
CVE漏洞

CVE-2021-20300

A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integ ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：74 | 回复：0
CVE漏洞

CVE-2022-25623

The Symantec Management Agent is susceptible to a privilege escalation vulnerability. A low privilege local account can be elevated to the SYSTEM level through registry manipulations.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：74 | 回复：0
CVE漏洞

CVE-2022-24727

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-23915. Reason: This candidate is a reservation duplicate of CVE-2022-23915. Notes: All CVE users should reference CVE-2022-23915 ins ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：63 | 回复：0
CVE漏洞

CVE-2022-21828

A user with high privilege access to the Incapptic Connect web console can remotely execute code on the Incapptic Connect server using a unspecified attack vector in Incapptic Connect version 1.40.0, ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：58 | 回复：0
CVE漏洞

CVE-2022-26336

A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files (Microsoft Outlook and Microsoft Exchan ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：67 | 回复：0
CVE漏洞

CVE-2022-23729

When the device is in factory state, it can be access the shell without adb authentication process. The LG ID is LVE-SMP-210010.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：78 | 回复：0
CVE漏洞

CVE-2022-22946

In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：76 | 回复：0
CVE漏洞

CVE-2021-46382

Unauthenticated cross-site scripting (XSS) in Netgear WAC120 AC Access Point may lead to mulitple attacks like session hijacking even clipboard hijacking.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：82 | 回复：0
CVE漏洞

CVE-2021-46381

Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading and .……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：116 | 回复：0
CVE漏洞

CVE-2021-46380

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: Reason: This is a duplicate to CVE-2022-22511 Notes:……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：102 | 回复：0
CVE漏洞

CVE-2021-46379

DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：158 | 回复：0
CVE漏洞

CVE-2021-3744

A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This v ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：142 | 回复：0
CVE漏洞

CVE-2021-3743

An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leadin ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：182 | 回复：0
CVE漏洞

CVE-2021-23214

When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：143 | 回复：0
CVE漏洞

CVE-2022-23397

The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messages to users which does not properly sanitize data sent in through a URL parameter. This leads to a Reflected Cross- ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：117 | 回复：0
CVE漏洞

CVE-2022-0839

Improper Restriction of XML External Entity Reference in GitHub repository liquibase/liquibase prior to 4.8.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：101 | 回复：0
CVE漏洞

CVE-2021-46378

DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：99 | 回复：0
CVE漏洞

CVE-2020-18327

Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.2……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：95 | 回复：0
CVE漏洞

CVE-2020-18326

Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authori ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：92 | 回复：0
CVE漏洞

CVE-2020-18325

Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：88 | 回复：0
CVE漏洞

CVE-2020-18324

Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：140 | 回复：0
CVE漏洞

CVE-2022-26201

Victor CMS v1.0 was discovered to contain a SQL injection vulnerability.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：198 | 回复：0
CVE漏洞

CVE-2022-0832

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：111 | 回复：0
CVE漏洞

CVE-2022-0831

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：101 | 回复：0
CVE漏洞

CVE-2021-46394

There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v13 variable is directly retrieved from the http request parameter startIp. Th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：87 | 回复：0
CVE漏洞

CVE-2021-46393

There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v10 variable is directly retrieved from the http request parameter startIp. Th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：79 | 回复：0
CVE漏洞

CVE-2021-44321

Mini-Inventory-and-Sales-Management-System is affected by Cross Site Request Forgery (CSRF), where an attacker can update/delete items in the inventory. The attacker must be logged into the applicatio ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：65 | 回复：0
CVE漏洞

CVE-2021-43393

STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：56 | 回复：0