漏洞 - 第187页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-22570

A buffer overflow vulnerability found in the UniFi Door Access Reader Lite’s (UA Lite) firmware (Version 3.8.28.24 and earlier) allows a malicious actor who has gained access to a network to control ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：39 | 回复：0
CVE漏洞

CVE-2022-21830

A blind self XSS vulnerability exists in RocketChat LiveChat v1.9 that could allow an attacker to trick a victim pasting malicious code in their chat instance.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：49 | 回复：0
CVE漏洞

CVE-2022-1159

Rockwell Automation Studio 5000 Logix Designer (all versions) are vulnerable when an attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject control ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：37 | 回复：0
CVE漏洞

CVE-2022-1068

Modbus Tools Modbus Slave (versions 7.4.2 and prior) is vulnerable to a stack-based buffer overflow in the registration field. This may cause the program to crash when a long character string is used.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：42 | 回复：0
CVE漏洞

CVE-2022-1018

When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within a dynamic link library file. An attacker ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：58 | 回复：0
CVE漏洞

CVE-2022-0922

The software does not perform any authentication for critical system functionality.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：68 | 回复：0
CVE漏洞

CVE-2022-0741

Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：93 | 回复：0
CVE漏洞

CVE-2022-0489

An issue has been discovered in GitLab CE/EE affecting all versions starting with 8.15 . It was possible to trigger a DOS by using the math feature with a specific formula in issue comments.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：167 | 回复：0
CVE漏洞

CVE-2022-0425

A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE/EE since version 7.9 allows an attacker to trigger Server Side Request Forgery (SSRF) attacks.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：143 | 回复：0
CVE漏洞

CVE-2022-0390

Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1 allowed for project non-members to retrieve issue details when it was linked to an item from the vul ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：60 | 回复：0
CVE漏洞

CVE-2022-0373

Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 to 14.6.4, and 12.6 to 14.7.1 allows project non-members to retrieve the service desk email address……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：62 | 回复：0
CVE漏洞

CVE-2021-3847

An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into anot ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：44 | 回复：0
CVE漏洞

CVE-2021-3461

A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute .……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-39908

In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 certain Unicode characters can be ab ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-33657

There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this lib ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：37 | 回复：0
CVE漏洞

CVE-2021-33024

Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or retrieval.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-33022

Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：46 | 回复：0
CVE漏洞

CVE-2021-33020

Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attac ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：52 | 回复：0
CVE漏洞

CVE-2021-33018

The use of a broken or risky cryptographic algorithm in Philips Vue PACS versions 12.2.x.x and prior is an unnecessary risk that may result in the exposure of sensitive information.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：55 | 回复：0
CVE漏洞

CVE-2021-32976

Five buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to initiate a denial-of-service attack and execute arbitr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：84 | 回复：0
CVE漏洞

CVE-2021-32974

Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to execute commands.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：78 | 回复：0
CVE漏洞

CVE-2021-32970

Data can be copied without validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier, which may allow a remote attacker to cause denial-of-service conditi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：94 | 回复：0
CVE漏洞

CVE-2021-32968

Two buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O Series firmware version 2.2 or earlier may allow a remote attacker to cause a denial-of-service condition.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：108 | 回复：0
CVE漏洞

CVE-2021-32961

A getfile function in MDT AutoSave versions prior to v6.02.06 enables a user to supply an optional parameter, resulting in the processing of a request in a special manner. This can result in the execu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：100 | 回复：0
CVE漏洞

CVE-2021-32960

Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated attacker to bypass ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：74 | 回复：0
CVE漏洞

CVE-2021-32957

A function in MDT AutoSave versions prior to v6.02.06 is used to retrieve system information for a specific process, and this information collection executes multiple commands and summarizes the infor ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：64 | 回复：0
CVE漏洞

CVE-2021-32953

An attacker could utilize SQL commands to create a new user MDT AutoSave versions prior to v6.02.06 and update the user’s permissions, granting the attacker the ability to login.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：73 | 回复：0
CVE漏洞

CVE-2021-32949

An attacker could utilize a function in MDT AutoSave versions prior to v6.02.06 that permits changing a designated path to another path and traversing the directory, allowing the replacement of an exi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：87 | 回复：0
CVE漏洞

CVE-2021-32945

An attacker could decipher the encryption and gain access to MDT AutoSave versions prior to v6.02.06.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：62 | 回复：0
CVE漏洞

CVE-2021-32937

An attacker can gain knowledge of a session temporary working folder where the getfile and putfile commands are used in MDT AutoSave versions prior to v6.02.06. An attacker can leverage this knowledge ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：64 | 回复：0
CVE漏洞

CVE-2021-32933

An attacker could leverage an API to pass along a malicious file that could then manipulate the process creation command line in MDT AutoSave versions prior to v6.02.06 and run a command line argument ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：45 | 回复：0
CVE漏洞

CVE-2021-32503

Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch fu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：46 | 回复：0
CVE漏洞

CVE-2021-28504

On Arista Strata family products which have “TCAM profile” feature enabled when Port IPv4 access-list has a rule which matches on “vxlan” as protocol then that rule and subsequent rules ( rules de ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：43 | 回复：0
CVE漏洞

CVE-2021-27501

Philips Vue PACS versions 12.2.x.x and prior does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabilities.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-27497

Philips Vue PACS versions 12.2.x.x and prior does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-27493

Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an u ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-27223

A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-26624

An local privilege escalation vulnerability due to a runasroot command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to runasroot co ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-26623

A remote code execution vulnerability due to incomplete check for 'xheader_decode_path_record' function's parameter length value in the ark library. Remote attackers can induce exploit mal ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-23288

The vulnerability exists due to insufficient validation of input from certain resources by the IPP software. The attacker would need access to the local Subnet and an administrator interaction to comp ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：29 | 回复：0