漏洞 - 第232页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-38435

RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6.1.0 not correctly calculate the size when allocating the buffer, which may result in a buffer overflow.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-38433

RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6.1.0 vulnerable to a stack-based buffer overflow, which may allow a local attacker to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-38429

OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic, which may result in a denial-of-service condition a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-38427

RTI Connext DDS Professional and Connext DDS Secure Versions 4.2.x to 6.1.0 are vulnerable to a stack-based buffer overflow, which may allow a local attacker to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-38425

eProsima Fast DDS versions prior to 2.4.0 (#2269) are susceptible to exploitation when an attacker sends a specially crafted packet to flood a target device with unwanted traffic, which may result in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-38423

All versions of GurumDDS improperly calculate the size to be used when allocating the buffer, which may result in a buffer overflow.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：17 | 回复：0
CVE漏洞

CVE-2022-22434

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user with physical access to create an API request modified to create additional objects. IBM X-Force ID: 224159.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：18 | 回复：0
CVE漏洞

CVE-2022-22433

IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulner ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：18 | 回复：0
CVE漏洞

CVE-2022-22415

A vulnerability exists where an IBM Robotic Process Automation 21.0.1 regular user is able to obtain view-only access to some admin pages in the Control Center IBM X-Force ID: 223029.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-39020

IBM Guardium Data Encryption (GDE) 4.0.0.7 and lower stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：15 | 回复：0
CVE漏洞

CVE-2022-1516

A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：15 | 回复：0
CVE漏洞

CVE-2022-1464

Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can view the report and when open the attachment then xss is executed. This bug allow executed any javas ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-42183

MasaCMS 7.2.1 is affected by a path traversal vulnerability in /index.cfm/_api/asset/image/.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：12 | 回复：0
CVE漏洞

CVE-2022-29340

GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gf_isom_parse_movie_boxes_internal due to improper return value handling of GF_SKIP_BOX, which causes a Denial of Se ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：9 | 回复：0
CVE漏洞

CVE-2022-29339

In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils/bitstream.c has a failed assertion, which causes a Denial of Service. This vulnerability was fixed in commit 9ea93a2.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：13 | 回复：0
CVE漏洞

CVE-2022-28471

In ffjpeg (commit hash: caade60), the function bmp_load() in bmp.c contains an integer overflow vulnerability, which eventually results in the heap overflow in jfif_encode() in jfif.c. This is due to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：13 | 回复：0
CVE漏洞

CVE-2022-28462

novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：18 | 回复：0
CVE漏洞

CVE-2022-28461

mingyuefusu Library Management System all versions as of 03-27-2022 is vulnerable to SQL Injection.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-42242

A command execution vulnerability exists in jfinal_cms 5.0.1 via com.jflyfox.component.controller.Ueditor.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：15 | 回复：0
CVE漏洞

CVE-2022-29940

In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface\orders\find_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：18 | 回复：0
CVE漏洞

CVE-2022-29939

In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\billing\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：20 | 回复：0
CVE漏洞

CVE-2022-29938

In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\billing\new_payment.php via interface\billing\payment_master.inc.php leads to SQL injection.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：18 | 回复：0
CVE漏洞

CVE-2022-1575

Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. - Arbitrary (remote) code execution in the desktop app. - Stored XSS in the web app.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：19 | 回复：0
CVE漏洞

CVE-2022-1592

Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：24 | 回复：0
CVE漏洞

CVE-2022-1411

Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web applicatio ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-45783

Bookeen Notea Firmware BK_R_1.0.5_20210608 is affected by a directory traversal vulnerability that allows an attacker to obtain sensitive information.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-41739

A OS Command Injection vulnerability was discovered in Artica Proxy 4.30.000000. Attackers can execute OS commands in cyrus.events.php with GET param logs and POST param rp.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：20 | 回复：0
CVE漏洞

CVE-2022-1590

A vulnerability was found in Bludit 3.13.1. It has been declared as problematic. This vulnerability affects the endpoint /admin/new-content of the New Content module. The manipulation of the argument ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：23 | 回复：0
CVE漏洞

CVE-2022-28890

A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：23 | 回复：0
CVE漏洞

CVE-2022-1588

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent acciden ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：22 | 回复：0
CVE漏洞

CVE-2022-30292

Heap-based buffer overflow in sqbaselib.cpp in SQUIRREL 3.2 due to lack of a certain sq_reservestack call.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：23 | 回复：0
CVE漏洞

CVE-2022-30288

** DISPUTED ** Agoo before 2.14.3 does not reject GraphQL fragment spreads that form cycles, leading to an application crash. NOTE: the vendor has disputed this on the grounds that it is not the serve ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：24 | 回复：0
CVE漏洞

CVE-2022-30284

** DISPUTED ** In the python-libnmap package through 0.7.2 for Python, remote command execution can occur (if used in a client application that does not validate arguments). NOTE: the vendor believes ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：26 | 回复：0
CVE漏洞

CVE-2022-29155

In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur durin ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：26 | 回复：0
CVE漏洞

CVE-2022-30241

The jquery.json-viewer library through 1.4.0 for Node.js does not properly escape characters such as in a JSON object, as demonstrated by a SCRIPT element.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：28 | 回复：0
CVE漏洞

CVE-2022-29943

Talend Administration Center has a vulnerability that allows an authenticated user to use XML External Entity (XXE) processing to achieve read access as root on the remote filesystem. The issue is fix ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：28 | 回复：0
CVE漏洞

CVE-2022-29942

Talend Administration Center has a vulnerability that allows an authenticated user to use the Service Registry 'Add' functionality to perform SSRF HTTP GET requests on URLs in the internal net ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：34 | 回复：0
CVE漏洞

CVE-2022-25786

Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. This issue affects: GateManager all versions prior to 9.7.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：42 | 回复：0
CVE漏洞

CVE-2022-1584

Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：47 | 回复：0
CVE漏洞

CVE-2022-23724

Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：36 | 回复：0