有新的漏洞组件被发现啦,组件ID:Jboss
All versions of yongyou PLM are affected by a command injection issue. UFIDA PLM (Product Life Cycle Management) is a strategic management method. It applies a series of enterprise application systems to support the entire process from conceptual design to the end of product life, and the collaborative creation, distribution, application and management of product information across organizations. Yonyou PLM uses jboss by default, and you can access the management control background without authorization An attacker can use this vulnerability to gain server permissions.

所有版本的永优 PLM 都受到命令注入问题的影响。产品生命周期管理是一种战略管理方法。它应用一系列的企业应用系统来支持从楚格设计到产品生命周期结束的整个过程，以及跨组织的产品信息的协作创建、分发、应用和管理。默认情况下，Yonyou PLM 使用 jboss，你可以在没有授权的情况下访问管理控制背景。攻击者可以利用这个漏洞获得服务器权限。

有新的漏洞组件被发现啦,组件ID:DedeCMS
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component makehtml_homepage.php via the `filename`, `mid`, `userid`, and `templet' parameters.

DedeCMS v7.5 SP2通过‘ filename’、‘ mid’、‘ userid’和‘ templet’参数发现组件 makehtml _ homepage.php 中包含多个跨网站脚本漏洞。

有新的漏洞组件被发现啦,组件ID:DedeCMS
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component sys_admin_user_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters.

发现 DedeCMS v7.5 SP2通过文件名、中间名、用户标识和模板参数包含了组件 sys admin/user/edit.php 中的多个跨网站脚本漏洞。

有新的漏洞组件被发现啦,组件ID:DedeCMS
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `filename`, `mid`, `userid`, and `templet' parameters.

发现 DedeCMS v7.5 SP2包含了组件文件 manage _ view.php 中的多个跨网站脚本漏洞，这些漏洞通过‘ filename’、‘ mid’、‘ userid’和‘ temapplet’参数进行管理。

有新的漏洞组件被发现啦,组件ID:DedeCMS
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component mychannel_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters.

DedeCMS v7.5 SP2通过‘ filename’、‘ mid’、‘ userid’和‘ temapplet’参数在组件 mychannel edit.php 中发现了多个跨网站脚本漏洞。

有新的漏洞组件被发现啦,组件ID:DedeCMS
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component media_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.

DedeCMS v 7.5 SP2通过‘ activepath’、‘ keyword’、‘ tag’、‘ fmdo = x & filename’、‘ CKEditor’和‘ ckeditorfunc’参数被发现在组件 media _ main.php 中包含多个跨网站脚本漏洞。

有新的漏洞组件被发现啦,组件ID:DedeCMS
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component select_media.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.

DedeCMS v7.5 SP2被发现包含组件中的多个跨网站脚本(XSS)漏洞，通过‘ activepath’、‘ keyword’、‘ tag’、‘ fmdo = x & filename’、‘ CKEditor’和‘ CKEditorFuncNum’参数选择 media.php。

有新的漏洞组件被发现啦,组件ID:DedeCMS
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tags_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.

DedeCMS v 7.5 SP2通过‘ activepath’、‘ keyword’、‘ tag’、‘ fmdo = x & filename’、‘ CKEditor’和‘ ckeditorfunc’参数在组件标签 main.php 中包含多个跨网站脚本漏洞。

有新的漏洞组件被发现啦,组件ID:DedeCMS
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.

DedeCMS v 7.5 SP2被发现在组件文件 manage _ view.php 中通过‘ activepath’、‘ keyword’、‘ tag’、‘ fmdo = x & filename’、‘ CKEditor’和‘ CKEditorFuncNum’参数包含多个跨网站脚本漏洞。

有新的漏洞组件被发现啦,组件ID:DedeCMS
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tpl.php via the `filename`, `mid`, `userid`, and `templet' parameters.

DedeCMS v7.5 SP2通过‘ filename’、‘ mid’、‘ userid’和‘ temapplet’参数被发现包含组件 tpl.php 中的多个跨网站脚本漏洞。

有新的漏洞组件被发现啦,组件ID:DedeCMS
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_pic_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.

DedeCMS v 7.5 SP2通过‘ activepath’、‘ keyword’、‘ tag’、‘ fmdo = x & filename’、‘ CKEditor’和‘ CKEditorFuncNum’参数在组件文件‘ pic _ view.php’中发现了多个跨网站脚本漏洞。

有新的漏洞组件被发现啦,组件ID:Apache
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not allocated) region. This issue has been patched in FreeRDP 2.4.1.

FreeRDP 是远程桌面协议(Remote Desktop Protocol，RDP)的一个免费实现，它是在 Apache 许可下发布的。在受影响的版本中，恶意服务器可能在连接的客户端中触发超出绑定范围的写操作。使用 GDI 或 SurfaceCommands 向客户端发送图形更新的连接可能会发送“0”宽/高或超出绑定矩形来触发超出绑定的写操作。如果是“0”宽或“0”高，内存分配将是“0”，但是缺少的边界检查允许在这个(未分配的)区域写入指针。这个问题已经在 FreeRDP 2.4.1中得到了修补。

有新的漏洞组件被发现啦,组件ID:Apache
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections (`/gt:rpc`) fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update then use `/gt:http` rather than /gt:rdp connections if possible or use a direct connection without a gateway.

FreeRDP 是远程桌面协议(Remote Desktop Protocol，RDP)的一个免费实现，它是在 Apache 许可下发布的。在版本2.4.1之前，所有使用网关连接(‘/gt: rpc’)的 FreeRDP 客户机都无法验证输入数据。恶意网关可能允许将客户端内存写入到界限之外。这个问题已经在2.4.1版本中解决了。如果无法更新，那么尽可能使用‘/gt: http’而不是/gt: rdp 连接，或者使用没有网关的直接连接。

有新的漏洞组件被发现啦,组件ID:Jira
有新的漏洞组件被发现啦,组件ID:Atlassian Jira
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a Broken Access Control vulnerability (BAC) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1.

受影响的 Atlassian Jira Server 和数据中心版本允许匿名远程攻击者通过一个破坏访问控制漏洞(Broken Access Control vulnerability，BAC)攻击查询组件 JQL 端点。受影响的版本是在8.5.10版本之前，以及8.13.1版本之前的8.6.0版本。

有新的漏洞组件被发现啦,组件ID:Jira
有新的漏洞组件被发现啦,组件ID:Atlassian Jira
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request Forgery (CSRF) vulnerability, following an Information Disclosure vulnerability in the referrer headers which discloses a user's CSRF token. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.2.

受影响的 Atlassian Jira Server 和数据中心版本允许远程攻击者通过一个跨站请求伪造安全漏洞(CSRF)修改各种资源，在引用者头部的信息披露漏洞披露了用户的 CSRF 令牌。受影响的版本是在8.5.10版本之前，以及8.13.2版本之前的8.6.0版本。

有新的漏洞组件被发现啦,组件ID:WebLogic
有新的漏洞组件被发现啦,组件ID:WebLogic
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Oracle Fusion 中间件(组件: 核心) WebLogic 产品的漏洞。受影响的支持版本有10.3.6.0.0、12.1.3.0、12.2.1.3.0、12.2.1.4.0和14.1.1.0.0。易于利用的漏洞允许未经身份验证的攻击者通过 t 3进行网络访问，从而危及 WebLogic 安全。此漏洞的成功攻击可能导致未经授权的能力，造成挂起或频繁重复崩溃(完全 DOS)的 WebLogic。CVSS 3.1基本得分7.5(可用性影响)。CVSS 向量: (CVSS: 3.1/AV: n/AC: l/PR: n/UI: n/s: u/c: n/i: n/a: h)。

有新的漏洞组件被发现啦,组件ID:WebLogic
有新的漏洞组件被发现啦,组件ID:WebLogic
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Coherence Container). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Oracle Fusion 中间件 WebLogic 产品中的漏洞。受影响的支持版本有12.1.3.0.0、12.2.1.3.0、12.2.1.1.4.0和14.1.1.0.0。易于利用的漏洞允许未经身份验证的攻击者通过 IIOP 进行网络访问，从而危及 WebLogic 安全。成功的攻击这个漏洞可以导致 WebLogic 的被接管。CVSS 3.1基本得分9.8(机密性、完整性和可用性影响)。CVSS 向量: (CVSS: 3.1/AV: n/AC: l/PR: n/UI: n/s: u/c: h/i: h/a: h)。

有新的漏洞组件被发现啦,组件ID:WebLogic
有新的漏洞组件被发现啦,组件ID:WebLogic
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Diagnostics). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

Oracle Fusion 中间件 WebLogic 产品(组件: 诊断)的漏洞。受影响的支持版本是12.2.1.3.0、12.2.1.4.0和14.1.1.0.0。易于利用的漏洞允许通过 HTTP 进行网络访问的未经身份验证的攻击者入侵 WebLogic。这个漏洞的成功攻击可能导致未经授权的更新，插入或删除访问一些 WebLogic 可访问的数据。CVSS 3.1基本得分5.3(完整性影响)。CVSS 向量: (CVSS: 3.1/AV: n/AC: l/PR: n/UI: n/s: u/c: n/i: l/a: n)。

有新的漏洞组件被发现啦,组件ID:Cisco IOS
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation by the system CLI. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the system CLI. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.

Cisco IOS XE SD-WAN 软件 CLI 中的一个漏洞可能允许经过身份验证的本地攻击者使用 root 特权执行任意命令。该漏洞是由于系统 CLI 的输入验证不足造成的。攻击者可以利用这个漏洞，对受影响的设备进行身份验证，并向系统 CLI 提交精心设计的输入。一个成功的漏洞可以允许攻击者使用 root 特权在底层操作系统上执行命令。

有新的漏洞组件被发现啦,组件ID:Jboss
A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to delete files which may allow the attacker to disrupt the integrity and availability of the system.

Juniper Networks SRC 系列的 JBoss Application Server (AppSvr)组件中的一个配置缺陷允许远程攻击者发送一个特制的查询，以使 web 服务器删除文件，这可能允许攻击者破坏系统的完整性和可用性。

有新的漏洞组件被发现啦,组件ID:Jboss
A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to disclose sensitive information in the HTTP response which allows the attacker to obtain sensitive information.

Juniper Networks SRC 系列的 JBoss Application Server (AppSvr)组件中的一个配置缺陷允许远程攻击者发送一个特殊的精心设计的查询，使 web 服务器在 HTTP 响应中泄露敏感信息，从而允许攻击者获取敏感信息。

有新的漏洞组件被发现啦,组件ID:Apache
Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http request with a custom URL.

当恶意身份验证用户使用自定义 URL 发送 http 请求时，Apache 超级设置为允许 SQL 注入的 ENABLE _ template _ processing on (默认情况下禁用)并包含1.3.0。

有新的漏洞组件被发现啦,组件ID:SVN
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions an attacker with read access to a "SVN core" repository could execute arbitrary SQL queries. The following versions contain the fix: Tuleap Community Edition 11.17.99.144, Tuleap Enterprise Edition 11.17-5, Tuleap Enterprise Edition 11.16-7.

是一个免费的开源套件，用来改进软件开发和协作的管理。在受影响的版本中，具有对“ SVN 核心”存储库的读访问权限的攻击者可以执行任意的 SQL 查询。以下版本包含修复: 图利普社区版11.17.99.144，图利普企业版11.17-5，图利普企业版11.16-7。

有新的漏洞组件被发现啦,组件ID:Apache
Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. This allows an attacker with Explore access to save a chart with a malicious title, injecting html (including scripts) into the page.

Apache 超级设置为并包含1.1时，不能正确地对 Explore 页面上的标题进行消毒。这允许具有 Explore 访问权限的攻击者保存带有恶意标题的图表，并向页面注入 html (包括脚本)。

有新的漏洞组件被发现啦,组件ID:Apache Tomcat
有新的漏洞组件被发现啦,组件ID:Apache
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.

Apache Tomcat 10.1.0-M1至10.1.0-M5、10.0.0-M1至10.0.11、9.0.40至9.0.53和8.5.60至8.5.71中的 bug 6362的修复引发了内存泄漏。一旦连接关闭，引入来收集 HTTP 升级连接度量的对象就不会为 WebSocket 连接释放。这就造成了内存泄漏，随着时间的推移，可能通过 OutOfMemoryError 导致内存分布式拒绝服务攻击泄漏。

有新的漏洞组件被发现啦,组件ID:KindEditor
A Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor 4.1.x, as demonstrated by examples/uploadbutton.html.

KindEditor 4.1.x 中存在一个跨站点请求伪造(CSRF)漏洞，示例/uploadbutton. html 证明了这一点。

有新的漏洞组件被发现啦,组件ID:KindEditor
Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x via a Google search inurl:/examples/uploadbutton.html and then the .html file on the website that uses this editor (the file suffix is allowed).

通过 Google 搜索 inurl:/examples/uploadbutton. html，KindEditor 4.1. x 中存在跨网站脚本漏洞。Html 文件在网站上使用这个编辑器(文件后缀是允许的)。

有新的漏洞组件被发现啦,组件ID:Apache
LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection (HTTP), an attacker may be able to obtain the authentication data by capturing network traffic. LedgerSMB 1.8 and newer switched from Basic authentication to using cookie authentication with encrypted cookies. Although an attacker can't access the information inside the cookie, nor the password of the user, possession of the cookie is enough to access the application as the user from which the cookie has been obtained. In order for the attacker to obtain the cookie, first of all the server must be configured to respond to unencrypted requests, the attacker must be suitably positioned to eavesdrop on the network traffic between the client and the server *and* the user must be tricked into using unencrypted HTTP traffic. Proper audit control and separation of duties limit Integr

有新的漏洞组件被发现啦,组件ID:Apache
In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality. This privilege escalation vulnerability allows an attacker to add or remove data in any database or make configuration changes. This issue affected Apache CouchDB prior to 3.1.2

在 apachecouchdb 中，拥有在数据库中创建文档权限的恶意用户可以将 HTML 附件附加到文档。如果 CouchDB 管理员在浏览器中打开附件，例如通过 CouchDB 管理界面 Fauxton，那么嵌入在 HTML 附件中的任何 JavaScript 代码都将在该管理员的安全上下文中执行。一个类似的方法可以使用已经不推荐的 show 和 list 功能。这个权限提升安全漏洞允许攻击者在任何数据库中添加或删除数据或进行配置更改。这个问题在3.1.2之前影响到了 Apache CouchDB

有新的漏洞组件被发现啦,组件ID:Nagios XI
The general user interface in Nagios XI versions prior to 5.8.4 is vulnerable to authenticated reflected cross-site scripting. An authenticated victim, who accesses a specially crafted malicious URL, would unknowingly execute the attached payload.

在5.8.4之前的 Nagios XI 版本中的通用用户界面易受通过身份验证的反射跨网站脚本的攻击。一个经过身份验证的受害者访问一个特制的恶意 URL，将在不知不觉中执行附加的有效载荷。

有新的漏洞组件被发现啦,组件ID:Nagios XI
The Bulk Modifications functionality in Nagios XI versions prior to 5.8.5 is vulnerable to SQL injection. Exploitation requires the malicious actor to be authenticated to the vulnerable system, but once authenticated they would be able to execute arbitrary sql queries.

5.8.5之前的 Nagios XI 版本的批量修改功能容易受到 SQL 注入的影响。开发需要对恶意参与者进行身份验证，以便对易受攻击的系统进行身份验证，但是一旦进行身份验证，恶意参与者就能够执行任意 sql 查询。

有新的漏洞组件被发现啦,组件ID:Redmine
Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter.

4.1.5和4.2.3之前的 Redmine 可能会由于访问过滤器不足而在活动视图上披露用户姓名。

有新的漏洞组件被发现啦,组件ID:Microsoft Exchange
Microsoft Exchange Server Spoofing Vulnerability

Microsoftexchangeserver 欺骗漏洞

有新的漏洞组件被发现啦,组件ID:Microsoft Exchange
Microsoft Exchange Server Elevation of Privilege Vulnerability

Microsoftexchangeserver 特权漏洞的提升

有新的漏洞组件被发现啦,组件ID:Microsoft SharePoint
Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40487.

SharePoint 服务器远程代码执行漏洞这个 CVE ID 是唯一的 CVE-2021-40487。

有新的漏洞组件被发现啦,组件ID:Apache Traffic Server
有新的漏洞组件被发现啦,组件ID:Apache
Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using `puma` with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. The only proxy which has this behavior, as far as the Puma team is aware of, is Apache Traffic Server. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This vulnerability was patched in Puma 5.5.1 a

有新的漏洞组件被发现啦,组件ID:SAP NetWeaver
Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70, 7.70 PI, 7.70 BYD, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.

客户端打印服务 SAP Cloud Print Manager 和 SAPSprint for SAP Web应用服务器的 ABAP 版本7.70,7.70 PI，7.70 BYD 允许攻击者注入可以被应用程序执行的代码。攻击者因此可以控制应用程序的行为。

有新的漏洞组件被发现啦,组件ID:SAP NetWeaver
There are multiple Denial-of Service vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755. An unauthorized attacker can use the public SICF service /sap/public/bc/abap to reduce the performance of SAP NetWeaver Application Server ABAP and ABAP Platform.

在 ABAP 和 ABAP 平台的 SAP Web应用服务器中存在多个拒绝服务漏洞-版本740,750,751,752,753,754,755。未经授权的攻击者可以使用公共的 SICF 服务/sap/public/bc/ABAP 来降低 SAP Web应用服务器的 ABAP 和 ABAP 平台的性能。

有新的漏洞组件被发现啦,组件ID:Microsoft SharePoint
Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41344.

SharePoint 服务器远程代码执行漏洞这个 CVE ID 是唯一的 CVE-2021-41344。

有新的漏洞组件被发现啦,组件ID:Microsoft SharePoint
Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-40483.

SharePoint 服务器欺骗漏洞这个 CVE ID 是唯一的 CVE-2021-40483。

有新的漏洞组件被发现啦,组件ID:Microsoft SharePoint
Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-40484.

SharePoint 服务器欺骗漏洞这个 CVE ID 是 CVE-2021-40484唯一的。

有新的漏洞组件被发现啦,组件ID:Microsoft SharePoint
Microsoft SharePoint Server Information Disclosure Vulnerability

SharePoint 服务器信息披露漏洞

有新的漏洞组件被发现啦,组件ID:SAP NetWeaver
SAP NetWeaver - versions 700, 701, 702, 730, does not sufficiently encode user-controlled inputs, allowing an attacker to cause a potential victim to supply a malicious content to a vulnerable web application, which is then reflected to the victim and executed by the web browser, resulting in Cross-Site Scripting vulnerability.

版本700,701,702,730，没有对用户控制的输入进行充分的编码，允许攻击者导致潜在的受害者向易受攻击的 web 应用程序提供恶意内容，然后反映到受害者并通过 web 浏览器执行，导致跨网站脚本漏洞。

有新的漏洞组件被发现啦,组件ID:SAP NetWeaver
SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.

SAP NetWeaver AS ABAP 和 ABAP Platform-version 700,701,702,730,731,740,750,751,752,753,754,755,756允许攻击者通过崩溃或淹没服务来阻止合法用户访问服务。

有新的漏洞组件被发现啦,组件ID:SAP NetWeaver
The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP code artifacts or content, by-passing the established quality gates. By this vulnerability malicious code can reach quality and production, and can compromise the confidentiality, integrity, and availability of the system and its data.

SAP NetWeaver AS ABAP 和 ABAP 平台版本的软件后勤系统——700、701、702、710、730、731、740、750、751、752、753、754、755、756——允许恶意用户通过已建立的质量门槛转移 ABAP 代码工件或内容。通过这个漏洞，恶意代码可以达到质量和生产，并且可以危及系统及其数据的机密性、完整性和可用性。

有新的漏洞组件被发现啦,组件ID:Microsoft Exchange
Microsoft Exchange Server Denial of Service Vulnerability

微软 Exchange 服务器分布式拒绝服务攻击安全漏洞

有新的漏洞组件被发现啦,组件ID:Microsoft Exchange
Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoftexchangeserver 远程代码执行漏洞

有新的漏洞组件被发现啦,组件ID:Apache
An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint to send an email, from the Traffic Ops server, with an arbitrary body to an arbitrary email address. Apache Traffic Control 5.1.x users should upgrade to 5.1.3 or 6.0.0. 4.1.x users should upgrade to 5.1.3.

经过验证的 Apache Traffic Control Traffic Ops 用户拥有 portal 级别的权限，可以使用特制的电子邮件发送请求，该电子邮件主题为/deliveryservices/request Traffic Ops 端点，从 Traffic Ops 服务器向任意的电子邮件地址发送电子邮件。Apache Traffic Control 5.1. x 用户应该升级到5.1.3或6.0.0。4.1. x 用户应该升级到5.1.3。

有新的漏洞组件被发现啦,组件ID:Apache
It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25635 for the LibreOffice advisory.

攻击者可以操作看似由受信任来源签名的文档。直到4.1.10的所有版本的 Apache OpenOffice 都会受到影响。建议用户更新到4.1.11版本。参见 CVE-2021-25635的 LibreOffice 咨询。

有新的漏洞组件被发现啦,组件ID:Apache
It is possible for an attacker to manipulate the timestamp of signed documents. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25634 for the LibreOffice advisory.

攻击者可以操作签名文档的时间戳。直到4.1.10的所有版本的 Apache OpenOffice 都会受到影响。建议用户更新到4.1.11版本。参见 CVE-2021-25634关于 LibreOffice 的建议。

有新的漏洞组件被发现啦,组件ID:Apache
It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25633 for the LibreOffice advisory.

攻击者可以操作签名的文档和宏，使其看起来像是来自受信任的来源。直到4.1.10的所有版本的 Apache OpenOffice 都会受到影响。建议用户更新到4.1.11版本。参见 CVE-2021-25633关于 LibreOffice 的建议。

有新的漏洞组件被发现啦,组件ID:Apache
Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server.

在 rConfig server 3.9.6上存在不安全的 chmod 命令权限。安装 rConfig apache 后，用户可以以 root 用户身份执行 chmod，而不需要密码，这可能会让拥有低特权的攻击者获得服务器上的 root 访问权限。

有新的漏洞组件被发现啦,组件ID:Discuz
The Comments – wpDiscuz WordPress plugin through 7.3.0 does not properly sanitise or escape the Follow and Unfollow messages before outputting them in the page, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

7.3.0版本的 wpDiscuz WordPress 插件在输出之前不能正确地清理或避免 Follow 和 Unfollow 消息，这使得高权限用户即使不允许未过滤的 html 功能也可以执行存储/跨网站脚本攻击。

有新的漏洞组件被发现啦,组件ID:GitLab
An issue has been discovered in GitLab affecting all versions starting from 13.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. A user account with 'external' status which is granted 'Maintainer' role on any project on the GitLab instance where 'project tokens' are allowed may elevate its privilege to 'Internal' and access Internal projects.

在 GitLab 已经发现了一个问题，它影响了14.0.9之前的13.0版本，14.1.4之前的14.1版本，14.2.2之前的14.2版本。具有“外部”状态的用户帐户，在 GitLab 实例中任何允许“项目标记”的项目中被授予“维护者”角色，可以将其权限提升为“内部”并访问内部项目。

有新的漏洞组件被发现啦,组件ID:Django
The Unicorn framework before 0.36.1 for Django allows XSS via a component. NOTE: this issue exists because of an incomplete fix for CVE-2021-42053.

在0.36.1之前用于 Django 的 Unicorn 框架允许通过组件实现 XSS。注: 这个问题的存在是因为 CVE-2021-42053的修复不完整。

有新的漏洞组件被发现啦,组件ID:GitLab
An issue was discovered in Zammad before 4.1.1. SSRF can occur via GitHub or GitLab integration.

在4.1.1之前，Zammad 发现了一个问题。 SSRF 可以通过 GitHub 或 GitLab 集成。

有新的漏洞组件被发现啦,组件ID:Apache
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.

结果发现，第2.4.50 Apache HTTP Server 对 CVE-2021-41773的修正是不够的。攻击者可以使用路径遍历攻击将 url 映射到由 Alias-like 指令配置的目录外部的文件。如果这些目录之外的文件不受通常的默认配置“ require all denied”的保护，则这些请求可以成功。如果 CGI 脚本也为这些有别名的路径启用，这可能允许远程代码执行。这个问题只影响 Apache 2.4.49和 Apache 2.4.50，不影响早期版本。

有新的漏洞组件被发现啦,组件ID:Docker
Extensible Service Proxy, a.k.a. ESP is a proxy which enables API management capabilities for JSON/REST or gRPC API services. ESPv1 can be configured to authenticate a JWT token. Its verified JWT claim is passed to the application by HTTP header "X-Endpoint-API-UserInfo", the application can use it to do authorization. But if there are two "X-Endpoint-API-UserInfo" headers from the client, ESPv1 only replaces the first one, the 2nd one will be passed to the application. An attacker can send two "X-Endpoint-API-UserInfo" headers, the second one with a fake JWT claim. Application may use the fake JWT claim to do the authorization. This impacts following ESPv1 usages: 1) Users have configured ESPv1 to do JWT authentication with Google ID Token as described in the referenced google endpoint document. 2) Users backend application is using the info in the "X-Endpoint-API-UserInfo" header to do the authorization. It has been fixed by v1.58.0. You need to patch it in the following ways: * If y

有新的漏洞组件被发现啦,组件ID:Apache
Apache OpenOffice has a dependency on expat software. Versions prior to 2.1.0 were subject to CVE-2013-0340 a "Billion Laughs" entity expansion denial of service attack and exploit via crafted XML files. ODF files consist of a set of XML files. All versions of Apache OpenOffice up to 4.1.10 are subject to this issue. expat in version 4.1.11 is patched.

Apache OpenOffice 公司依赖于 expat 软件。在2.1.0之前的版本受到 CVE-2013-0340“十亿笑”实体扩展分布式拒绝服务攻击的攻击，并通过精心制作的 XML 文件进行利用。ODF 文件由一组 XML 文件组成。4.1.10以内的所有 Apache OpenOffice 版本都会受到这个问题的影响。4.1.11版本的外籍人员已经修复。

有新的漏洞组件被发现啦,组件ID:Apache
While working on Apache OpenOffice 4.1.8 a developer discovered that the DEB package did not install using root, but instead used a userid and groupid of 500. This both caused issues with desktop integration and could allow a crafted attack on files owned by that user or group if they exist. Users who installed the Apache OpenOffice 4.1.8 DEB packaging should upgrade to the latest version of Apache OpenOffice.

在开发 Apache OpenOffice 4.1.8的时候，一个开发者发现 DEB 包不是使用 root 安装的，而是使用了一个用户 id 和 groupid 为500的。这不仅会导致桌面集成问题，而且可能会对用户或组拥有的文件(如果它们存在的话)进行精心设计的攻击。安装了 Apache OpenOffice 4.1.8 DEB 包装的用户应该升级到最新版本的 Apache OpenOffice。