漏洞 - 第133页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-43392

STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain information on cryptographic secrets. This is associated with the ECDSA signature algorithm on the Java ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：65 | 回复：0
CVE漏洞

CVE-2022-23328

A design flaw in all versions of Go-Ethereum allows an attacker node to send 5120 pending transactions of a high gas price from one account that all fully spend the full balance of the account to a vi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：79 | 回复：0
CVE漏洞

CVE-2022-23327

A design flaw in Go-Ethereum 1.10.12 and older versions allows an attacker node to send 5120 future transactions with a high gas price in one message, which can purge all of pending transactions in a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：72 | 回复：0
CVE漏洞

CVE-2022-0752

Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：87 | 回复：0
CVE漏洞

CVE-2022-0848

OS Command Injection in GitHub repository part-db/part-db prior to 0.5.11.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：112 | 回复：0
CVE漏洞

CVE-2022-0838

Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：102 | 回复：0
CVE漏洞

CVE-2022-0730

Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：101 | 回复：0
CVE漏洞

CVE-2021-3640

A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_de ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：84 | 回复：0
CVE漏洞

CVE-2021-3638

An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：79 | 回复：0
CVE漏洞

CVE-2021-26948

Null pointer dereference in the htmldoc v1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service via a crafted html file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：86 | 回复：0
CVE漏洞

CVE-2021-26259

A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in render_table_row(),in ps-pdf.cxx may lead to arbitrary code execution and denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：111 | 回复：0
CVE漏洞

CVE-2022-25220

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：122 | 回复：0
CVE漏洞

CVE-2022-24725

Shescape is a shell escape package for JavaScript. An issue in versions 1.4.0 to 1.5.1 allows for exposure of the home directory on Unix systems when using Bash with the `escape` or `escapeAll` functi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：242 | 回复：0
CVE漏洞

CVE-2022-23710

A cross-site-scripting (XSS) vulnerability was discovered in the Data Preview Pane (previously known as Index Pattern Preview Pane) which could allow arbitrary JavaScript to be executed in a victim’s ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：125 | 回复：0
CVE漏洞

CVE-2022-23709

A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. A user with this privilege would be able to create new alerting rules or overwrite ex ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：123 | 回复：0
CVE漏洞

CVE-2022-23708

A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated user ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：93 | 回复：0
CVE漏洞

CVE-2022-23052

PeteReport Version 0.5 contains a Cross Site Request Forgery (CSRF) vulnerability allowing an attacker to trick users into deleting users, products, reports and findings on the application.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：111 | 回复：0
CVE漏洞

CVE-2022-23051

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svg_file' parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：118 | 回复：0
CVE漏洞

CVE-2022-22947

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote atta ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：122 | 回复：0
CVE漏洞

CVE-2022-22943

VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vulnerability. A malicious actor with local administrative privileges in the Windows guest OS, where V ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：154 | 回复：0
CVE漏洞

CVE-2022-0265

Improper Restriction of XML External Entity Reference in GitHub repository hazelcast/hazelcast in 5.1-BETA-1.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：142 | 回复：0
CVE漏洞

CVE-2021-4002

A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：145 | 回复：0
CVE漏洞

CVE-2021-3762

A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary f ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：172 | 回复：0
CVE漏洞

CVE-2021-38578

Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：135 | 回复：0
CVE漏洞

CVE-2021-38577

Heap Overflow in BaseBmpSupportLib.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：209 | 回复：0
CVE漏洞

CVE-2021-22695

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：120 | 回复：0
CVE漏洞

CVE-2021-22694

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：91 | 回复：0
CVE漏洞

CVE-2021-22693

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：77 | 回复：0
CVE漏洞

CVE-2021-22692

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：75 | 回复：0
CVE漏洞

CVE-2021-22691

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：71 | 回复：0
CVE漏洞

CVE-2021-22690

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：80 | 回复：0
CVE漏洞

CVE-2021-22689

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：84 | 回复：0
CVE漏洞

CVE-2021-22688

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：88 | 回复：0
CVE漏洞

CVE-2021-22687

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：69 | 回复：0
CVE漏洞

CVE-2021-22686

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：62 | 回复：0
CVE漏洞

CVE-2022-24723

URI.js is a Javascript URL mutation library. Before version 1.19.9, whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly. This issue has been patch ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：71 | 回复：0
CVE漏洞

CVE-2022-21716

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the pee ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：65 | 回复：0
CVE漏洞

CVE-2022-24724

cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing ` ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：69 | 回复：0
CVE漏洞

CVE-2022-25125

MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：82 | 回复：0
CVE漏洞

CVE-2022-23899

MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：90 | 回复：0