漏洞 - 第382页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-36738

The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the applicant-mvcbe ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：51 | 回复：0
CVE漏洞

CVE-2021-36737

The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the v3-demo-portlet.war artifact……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：31 | 回复：0
CVE漏洞

CVE-2022-22707

In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of s ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：60 | 回复：0
CVE漏洞

CVE-2021-46145

The keyfob subsystem in Honda Civic 2012 vehicles allows a replay attack for unlocking. This is related to a non-expiring rolling code and counter resynchronization.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：54 | 回复：0
CVE漏洞

CVE-2022-22704

The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the co ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：65 | 回复：0
CVE漏洞

CVE-2022-0122

forge is vulnerable to URL Redirection to Untrusted Site……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：48 | 回复：0
CVE漏洞

CVE-2021-46144

Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：65 | 回复：0
CVE漏洞

CVE-2021-46143

In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：65 | 回复：0
CVE漏洞

CVE-2021-46142

An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：105 | 回复：0
CVE漏洞

CVE-2021-46141

An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：53 | 回复：0
CVE漏洞

CVE-2022-0121

hoppscotch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-43947

Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code via a Remote Code Execution (RCE) vulnerability in the Email T ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-45971

An issue was discovered in SdHostDriver in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exi ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：43 | 回复：0
CVE漏洞

CVE-2021-41842

An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08.46, 5.1 before 05.16.46, 5.2 before 05.26.46, 5.3 before 05.35.46, 5.4 before 05.43.46, and 5.5 before 05.51.45 in Insyde InsydeH ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：26 | 回复：0
CVE漏洞

CVE-2020-27428

A DOM-based cross-site scripting (XSS) vulnerability in Scratch-Svg-Renderer v0.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted sb3 file.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：25 | 回复：0
CVE漏洞

CVE-2020-23986

Github Read Me Stats commit 3c7220e4f7144f6cb068fd433c774f6db47ccb95 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the function renderError.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-46038

A Pointer Dereference vulnerability exists in GPAC 1.0.1 in unlink_chunk.isra, which causes a Denial of Service (context-dependent).……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-45970

An issue was discovered in IdeBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-45969

An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exist ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：22 | 回复：0
CVE漏洞

CVE-2020-5956

An issue was discovered in SdLegacySmm in Insyde InsydeH2O with kernel 5.1 before 05.15.11, 5.2 before 05.25.11, 5.3 before 05.34.11, and 5.4 before 05.42.11. The software SMI handler allows untrusted ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：22 | 回复：0
CVE漏洞

CVE-2022-21653

Jawn is an open source JSON parser. Extenders of the `org.typelevel.jawn.SimpleFacade` and `org.typelevel.jawn.MutableFacade` who don't override `objectContext()` are vulnerable to a hash collisio ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-45833

A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 via the H5D__create_chunk_file_map_hyper function in /hdf5/src/H5Dchunk.c, which causes a Denial of Service (context-dependent).……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-45832

A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at at hdf5/src/H5Eint.c, which causes a Denial of Service (context-dependent).……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：25 | 回复：0
CVE漏洞

CVE-2022-21652

Shopware is an open source e-commerce software platform. In affected versions shopware would not invalidate a user session in the event of a password change. With version 5.7.7 the session validation ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：18 | 回复：0
CVE漏洞

CVE-2022-21651

Shopware is an open source e-commerce software platform. An open redirect vulnerability has been discovered. Users may be arbitrary redirected due to incomplete URL handling in the shopware router. Th ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-45831

A Null Pointer Dereference vulnerability exitgs in GPAC 1.0.1 in MP4Box via __strlen_avx2, which causes a Denial of Service.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-45830

A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via H5F_addr_decode_len in /hdf5/src/H5Fint.c, which could cause a Denial of Service.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：13 | 回复：0
CVE漏洞

CVE-2022-21642

Discourse is an open source platform for community discussion. In affected versions when composing a message from topic the composer user suggestions reveals whisper participants. The issue has been p ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-43816

containerd is an open source container runtime. On installations using SELinux, such as EL8 (CentOS, RHEL), Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtim ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-43779

GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions 2.9.1 suffers from authenticated Remote Code Execution vulnerability, ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-38918

IBM PowerVM Hypervisor FW860, FW940, FW950, and FW1010, through a specific sequence of VM management operations could lead to a violation of the isolation between peer VMs. IBM X-Force ID: 210019.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-28713

Rogue backends can cause DoS of guests via high frequency events T Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as driver domains. Running PV backend ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-28712

Rogue backends can cause DoS of guests via high frequency events T Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as driver domains. Running PV backend ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-28711

Rogue backends can cause DoS of guests via high frequency events T Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as driver domains. Running PV backend ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：13 | 回复：0
CVE漏洞

CVE-2022-22111

In DayByDay CRM, version 2.2.0 is vulnerable to missing authorization. Any application user in the application who has update user permission enabled is able to change the password of other users, inc ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：13 | 回复：0
CVE漏洞

CVE-2022-22110

In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：14 | 回复：0
CVE漏洞

CVE-2022-22109

In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：13 | 回复：0
CVE漏洞

CVE-2022-22108

In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the absences of all users in th ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：10 | 回复：0
CVE漏洞

CVE-2022-22107

In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the appointments of all users i ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-41043

Use after free in tcpslice triggers AddressSanitizer, no other confirmed impact.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：14 | 回复：0