漏洞 - 第97页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-3941

In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` bu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：65 | 回复：0
CVE漏洞

CVE-2021-3933

An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：50 | 回复：0
CVE漏洞

CVE-2021-3814

It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. This conceivably bypasses access controls and permits unauthorize ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：52 | 回复：0
CVE漏洞

CVE-2021-3582

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. The issue occurs while handling a PVRDMA_CMD_CREATE_MR command due to improper memory remapping (mremap). This flaw ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：44 | 回复：0
CVE漏洞

CVE-2021-3567

A flaw was found in Caribou due to a regression of CVE-2020-25712 fix. An attacker could use this flaw to bypass screen-locking applications that leverage Caribou as an input mechanism. The highest th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：52 | 回复：0
CVE漏洞

CVE-2021-3422

The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial-of-service in Splunk Enterprise instances configured to index Universal Forwarder traffic. The vulnerab ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：50 | 回复：0
CVE漏洞

CVE-2021-35254

SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this input field to prevent the misuse of this input in the future.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：49 | 回复：0
CVE漏洞

CVE-2021-26622

An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：54 | 回复：0
CVE漏洞

CVE-2021-26621

An Buffer Overflow vulnerability leading to remote code execution was discovered in MEX01. Remote attackers can use this vulnerability by using the property that the target program copies parameter va ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：59 | 回复：0
CVE漏洞

CVE-2021-26620

An improper authentication vulnerability leading to information leakage was discovered in iptime NAS2dual. Remote attackers are able to steal important information in the server by exploiting vulnerab ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：58 | 回复：0
CVE漏洞

CVE-2021-22100

In cloud foundry CAPI versions prior to 1.122, a denial-of-service attack in which a developer can push a service broker that (accidentally or maliciously) causes CC instances to timeout and fail is p ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：123 | 回复：0
CVE漏洞

CVE-2021-20323

A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：68 | 回复：0
CVE漏洞

CVE-2021-20290

An improper authorization handling flaw was found in Foreman. The OpenSCAP plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：79 | 回复：0
CVE漏洞

CVE-2022-27882

slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedness error and resultant heap-based buffer overflow triggerable by a crafted IPv6 router advertisement. NOTE: privilege separation ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：63 | 回复：0
CVE漏洞

CVE-2022-27881

engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has a buffer overflow triggerable by an IPv6 router advertisement with more than seven nameservers. NOTE: privilege separation and pledge ca ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：68 | 回复：0
CVE漏洞

CVE-2022-24778

The imgcrypt library provides API exensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for use by containerd to decrypt encrypted container i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：67 | 回复：0
CVE漏洞

CVE-2021-43636

Two Buffer Overflow vulnerabilities exists in T10 V2_Firmware V4.1.8cu.5207_B20210320 in the http_request_parse function when processing host data in the HTTP request process.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：65 | 回复：0
CVE漏洞

CVE-2022-26263

Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability via the component /u8sl/WebHelp.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：58 | 回复：0
CVE漏洞

CVE-2022-25582

A stored cross-site scripting (XSS) vulnerability in the Column module of ClassCMS v2.5 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：75 | 回复：0
CVE漏洞

CVE-2022-25577

ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite database containing the user's data. Attackers who are able to gain remote or local access to the system ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：67 | 回复：0
CVE漏洞

CVE-2022-24777

grpc-swift is the Swift language implementation of gRPC, a remote procedure call (RPC) framework. Prior to version 1.7.2, a grpc-swift server is vulnerable to a denial of service attack via a reachabl ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：52 | 回复：0
CVE漏洞

CVE-2021-43091

An SQL Injection vlnerability exits in Yeswiki doryphore 20211012 via the email parameter in the registration form.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：62 | 回复：0
CVE漏洞

CVE-2022-25574

A stored cross-site scripting (XSS) vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：65 | 回复：0
CVE漏洞

CVE-2021-46426

phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：74 | 回复：0
CVE漏洞

CVE-2021-43090

An XML External Entity (XXE) vulnerability exists in soa-model before 1.6.4 in the WSDLParser function.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：85 | 回复：0
CVE漏洞

CVE-2020-21554

A File Deletion vulnerability exists in TinyShop 3.1.1 in the back_list parameter in controllers\admin.php, which could let a malicious user delete any file such as install.lock to reinstall cms.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：159 | 回复：0
CVE漏洞

CVE-2022-27227

In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：121 | 回复：0
CVE漏洞

CVE-2022-1064

SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：146 | 回复：0
CVE漏洞

CVE-2022-1040

An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：249 | 回复：0
CVE漏洞

CVE-2021-44751

A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website attached with USSD code in JavaScript or iFrame can trigger dialer application from F-Secure browser which ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：137 | 回复：0
CVE漏洞

CVE-2018-25032

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：105 | 回复：0
CVE漏洞

CVE-2022-22688

Improper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-2 allow ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：89 | 回复：0
CVE漏洞

CVE-2022-22687

Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote at ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：95 | 回复：0
CVE漏洞

CVE-2022-25576

Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component anchor/routes/posts.php. This vulnerability allows attackers to arbitrarily delete posts.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：52 | 回复：0
CVE漏洞

CVE-2022-26301

TuziCMS v2.0.6 was discovered to contain a SQL injection vulnerability via the component App\Manage\Controller\ZhuantiController.class.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：34 | 回复：0
CVE漏洞

CVE-2022-26279

EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：42 | 回复：0
CVE漏洞

CVE-2022-26272

A remote code execution (RCE) vulnerability in Ionize v1.0.8.1 allows attackers to execute arbitrary code via a crafted string written to the file application/config/config.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：38 | 回复：0
CVE漏洞

CVE-2022-26249

Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：47 | 回复：0
CVE漏洞

CVE-2022-25575

Multiple cross-site scripting (XSS) vulnerabilities in Parking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via crafted payloads injected into the user name, passwo ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：40 | 回复：0
CVE漏洞

CVE-2022-25571

Bluedon Information Security Technologies Co.,Ltd Internet Access Detector v1.0 was discovered to contain an information leak which allows attackers to access the contents of the password file via uns ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：42 | 回复：0