漏洞 - 第376页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-0173

radare2 is vulnerable to Out-of-bounds Read……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：6 | 回复：0
CVE漏洞

CVE-2022-0129

Uncontrolled search path element vulnerability in McAfee TechCheck prior to 4.0.0.2 allows a local administrator to load their own Dynamic Link Library (DLL) gaining elevation of privileges to system ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-38991

IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the lscore command which could lead to code execution. IBM X-Force ID: 212953.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-29701

IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6.0.6 and 6.0.6.1 could allow an authneticated attacker to obtain sensitive information from build defini ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：7 | 回复：0
CVE漏洞

CVE-2022-0170

peertube is vulnerable to Improper Access Control……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-43566

All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the sha ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：11 | 回复：0
CVE漏洞

CVE-2020-28103

cscms v4.1 allows for SQL injection via the page_del function.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：11 | 回复：0
CVE漏洞

CVE-2020-28102

cscms v4.1 allows for SQL injection via the js_del function.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：8 | 回复：0
CVE漏洞

CVE-2022-21671

@replit/crosis is a JavaScript client that speaks Replit's container protocol. A vulnerability that involves exposure of sensitive information exists in versions prior to 7.3.1. When using this li ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：7 | 回复：0
CVE漏洞

CVE-2022-21669

PuddingBot is a group management bot. In version 0.0.6-b933652 and prior, the bot token is publicly exposed in main.py, making it accessible to malicious actors. The bot token has been revoked and new ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-44647

Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-45460

A vulnerability has been identified in SICAM PQ Analyzer (All versions V3.18). A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-45034

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions V16.20), CP-8021 MASTER MODULE (All ve ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-45033

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions V16.20), CP-8021 MASTER MODULE (All ve ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-41769

A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions V8.83), SIPROTEC 5 6MD89 devices ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-37198

A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions V10.3.3.3 only if web components are used), COMOS V10.4 (All versions V10 ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-37197

A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions V10.3.3.3 only if web components are used), COMOS V10.4 (All versions V10 ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-37196

A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions V10.3.3.3 only if web components are used), COMOS V10.3 (All versions = V1 ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-37195

A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions V10.3.3.3 only if web components are used), COMOS V10.4 (All versions V10 ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：16 | 回复：0
CVE漏洞

CVE-2022-0144

shelljs is vulnerable to Improper Privilege Management……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-36414

A heab-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via media.c, which allows attackers to cause a denial of service or execute arbitrary code via a crafted file.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-36412

A heap-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via the gp_rtp_builder_do_mpeg12_video function, which allows attackers to possibly have unspecified other impact via a crafte ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-36411

An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory access in function derive_boundaryStrength of deblock.cc has occurred. The vulnerability caus ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-36410

A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback when running program dec265.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-36409

There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the ap ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-36408

An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decoding file using dec265.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-35452

An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：18 | 回复：0
CVE漏洞

CVE-2020-25427

A Null pointer dereference vulnerability exits in MP4Box - GPAC version 0.8.0-rev177-g51a8ef874-master via the gf_isom_get_track_id function, which causes a denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：18 | 回复：0
CVE漏洞

CVE-2022-21672

make-ca is a utility to deliver and manage a complete PKI configuration for workstations and servers. Starting with version 0.9 and prior to version 1.10, make-ca misinterprets Mozilla certdata.txt an ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：17 | 回复：0
CVE漏洞

CVE-2022-21670

markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12 ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：20 | 回复：0
CVE漏洞

CVE-2022-21668

pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a special ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：23 | 回复：0
CVE漏洞

CVE-2022-21666

Useful Simple Open-Source CMS (USOC) is a content management system (CMS) for programmers. Versions prior to Pb2.4Bfx3 allowed Sql injection in usersearch.php only for users with administrative privil ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：24 | 回复：0
CVE漏洞

CVE-2022-0155

follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-29454

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-21408

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：21 | 回复：0
CVE漏洞

CVE-2022-0174

dolibarr is vulnerable to Business Logic Errors……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：19 | 回复：0
CVE漏洞

CVE-2020-28679

A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：16 | 回复：0
CVE漏洞

CVE-2022-22121

In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). A low privileged attacker can create a new table to inject payloads in the table rows. When a ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：17 | 回复：0
CVE漏洞

CVE-2022-22120

In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：15 | 回复：0
CVE漏洞

CVE-2022-22117

In Directus, versions 9.0.0-alpha.4 through 9.4.1 allow unrestricted file upload of .html files in the media upload functionality, which leads to Cross-Site Scripting vulnerability. A low privileged a ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：17 | 回复：0