请选择 进入手机版 | 继续访问电脑版
  • 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

CVE漏洞

RSS
  • CVE-2022-0487
    CVE-2022-0487
    A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impa ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:152 | 回复:0
  • CVE-2022-0498
    CVE-2022-0498
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:162 | 回复:0
  • CVE-2022-22150
    CVE-2022-22150
    A memory corruption vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. A specially-crafted PDF document can trigger an exception which is improperly h ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:149 | 回复:0
  • CVE-2022-22689
    CVE-2022-22689
    CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileg ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:152 | 回复:0
  • CVE-2022-22722
    CVE-2022-22722
    A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information disclosure. If an attacker were to obtain the SSH cryptographic key for the device and take active contro ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:149 | 回复:0
  • CVE-2022-22723
    CVE-2022-22723
    A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary code execution when specially crafted packets are ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:153 | 回复:0
  • CVE-2022-22724
    CVE-2022-22724
    A CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of service on ports 80 (HTTP) and 502 (Modbus), when sending a large number of TCP RST or FIN packets to any ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:165 | 回复:0
  • CVE-2022-22725
    CVE-2022-22725
    A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary code execution when specially crafted packets are ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:191 | 回复:0
  • CVE-2022-22726
    CVE-2022-22726
    A CWE-20: Improper Input Validation vulnerability exists that could allow arbitrary files on the server to be read by authenticated users through a limited operating system service account. Affected P ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:195 | 回复:0
  • CVE-2022-22727
    CVE-2022-22727
    A CWE-20: Improper Input Validation vulnerability exists that could allow an unauthenticated attacker to view data, change settings, impact availability of the software, or potentially impact a user?s ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:261 | 回复:0
  • CVE-2022-22804
    CVE-2022-22804
    A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could allow an authenticated attacker to view data, change settings, or ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:248 | 回复:0
  • CVE-2022-22939
    CVE-2022-22939
    VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. A malicious actor with root access o ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:252 | 回复:0
  • CVE-2022-22987
    CVE-2022-22987
    The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions.……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:245 | 回复:0
  • CVE-2022-23379
    CVE-2022-23379
    Emlog v6.0 was discovered to contain a SQL injection vulnerability via the $TagID parameter of getblogidsfromtagid().……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:285 | 回复:0
  • CVE-2022-23557
    CVE-2022-23557
    Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would trigger a division by zero in `BiasAndClamp` implementation. There is no check that the `bias_s ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:248 | 回复:0
  • CVE-2022-23558
    CVE-2022-23558
    Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in `TfLiteIntArrayCreate`. The `TfLiteIntArrayGetSizeInBytes` returns ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:227 | 回复:0
  • CVE-2022-23559
    CVE-2022-23559
    Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both `embedding_size` and `lookup_siz ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:223 | 回复:0
  • CVE-2022-23560
    CVE-2022-23560
    Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:230 | 回复:0
  • CVE-2022-23561
    CVE-2022-23561
    Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the l ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:238 | 回复:0
  • CVE-2022-23562
    CVE-2022-23562
    Tensorflow is an Open Source Machine Learning Framework. The implementation of `Range` suffers from integer overflows. These can trigger undefined behavior or, in some scenarios, extremely large alloc ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:226 | 回复:0
  • CVE-2022-23563
    CVE-2022-23563
    Tensorflow is an Open Source Machine Learning Framework. In multiple places, TensorFlow uses `tempfile.mktemp` to create temporary files. While this is acceptable in testing, in utilities and librarie ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:236 | 回复:0
  • CVE-2021-3534
    CVE-2021-3534
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-34981. Reason: This candidate is a reservation duplicate of CVE-2021-34981. Notes: All CVE users should reference CVE-2021-34981 ins ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:40 | 阅读:105 | 回复:0
  • CVE-2022-23774
    CVE-2022-23774
    Docker Desktop before 4.4.4 on Windows allows attackers to move arbitrary files.……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:40 | 阅读:100 | 回复:0
  • CVE-2020-8562
    CVE-2020-8562
    As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Servic ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:40 | 阅读:99 | 回复:0
  • CVE-2022-0419
    CVE-2022-0419
    NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 6.0.0.……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:40 | 阅读:97 | 回复:0
  • CVE-2022-23602
    CVE-2022-23602
    Nimforum is a lightweight alternative to Discourse written in Nim. In versions prior to 2.2.0 any forum user can create a new thread/post with an include referencing a file local to the host operating ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:40 | 阅读:105 | 回复:0
  • CVE-2022-23603
    CVE-2022-23603
    iTunesRPC-Remastered is a discord rich presence application for use with iTunes Apple Music. In code before commit 24f43aa user input is not properly sanitized and code injection is possible. Users a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:40 | 阅读:101 | 回复:0
  • CVE-2022-23607
    CVE-2022-23607
    treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request methods (`treq.get`, `treq.post`, etc.) and `treq.client.HTTPClient` constructor accept cook ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:40 | 阅读:106 | 回复:0
  • CVE-2021-41040
    CVE-2021-41040
    In Eclipse Wakaama, ever since its inception until 2021-01-14, the CoAP parsing code does not properly sanitize network-received data.……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:40 | 阅读:106 | 回复:0
  • CVE-2021-43859
    CVE-2021-43859
    XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:40 | 阅读:99 | 回复:0
  • CVE-2022-21687
    CVE-2022-21687
    gh-ost is a triggerless online schema migration solution for MySQL. Versions prior to 1.1.3 are subject to an arbitrary file read vulnerability. The attacker must have access to the target host or tri ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:40 | 阅读:108 | 回复:0
  • CVE-2022-23596
    CVE-2022-23596
    Junrar is an open source java RAR archive library. In affected versions A carefully crafted RAR archive can trigger an infinite loop while extracting said archive. The impact depends solely on how the ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:40 | 阅读:110 | 回复:0
  • CVE-2022-23597
    CVE-2022-23597
    Element Desktop is a Matrix client for desktop platforms with Element Web at its core. Element Desktop before 1.9.7 is vulnerable to a remote program execution bug with user interaction. The exploit i ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:40 | 阅读:98 | 回复:0
  • CVE-2021-24648
    CVE-2021-24648
    The RegistrationMagic WordPress plugin before 5.0.1.9 does not sanitise and escape the rm_search_value parameter before outputting back in an attribute, leading to a Reflected Cross-Site Scripting……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:40 | 阅读:108 | 回复:0
  • CVE-2021-24686
    CVE-2021-24686
    The SVG Support WordPress plugin before 2.3.20 does not escape the CSS Class to target setting before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Script ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:40 | 阅读:110 | 回复:0
  • CVE-2021-24707
    CVE-2021-24707
    The Learning Courses WordPress plugin before 5.0 does not sanitise and escape the Email PDT identity token settings, which could allow high privilege users to perform cross-Site Scripting attacks even ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:40 | 阅读:109 | 回复:0
  • CVE-2021-24761
    CVE-2021-24761
    The Error Log Viewer WordPress plugin through 1.1.1 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:40 | 阅读:113 | 回复:0
  • CVE-2021-24762
    CVE-2021-24762
    The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:40 | 阅读:104 | 回复:0
  • CVE-2021-24763
    CVE-2021-24763
    The Perfect Survey WordPress plugin before 1.5.2 does not have proper authorisation nor CSRF checks in the save_global_setting AJAX action, allowing unauthenticated users to edit surveys and modify se ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:40 | 阅读:116 | 回复:0
  • CVE-2021-24764
    CVE-2021-24764
    The Perfect Survey WordPress plugin before 1.5.2 does not sanitise and escape multiple parameters (id and filters of single_statistics page, type and message of importexport page) before outputting th ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:40 | 阅读:121 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
专题导读
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap