当前节点:cve-famous
时间节点
2021-05-15 23:23:42知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:DedeCMS
DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution.

DedeCMS V5.7 SP2包含一个 CSRF 漏洞,允许远程攻击者向 web 管理器发送恶意请求,允许远程代码执行。
2021-05-15 23:19:13知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:F5
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the `SVDF` TFLite operator is vulnerable to a division by zero error(https://github.com/tensorflow/tensorflow/blob/7f283ff806b2031f407db64c4d3edcda8fb9f9f5/tensorflow/lite/kernels/svdf.cc#L99-L102). An attacker can craft a model such that `params->rank` would be 0. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

TensorFlow 是一个端到端的机器学习开源平台。运算符的实现很容易受到零错误的 https://github.com/tensorflow/tensorflow/blob/7f283ff806b2031f407db64c4d3edcda8fb9f9f5/tensorflow/lite/kernels/SVDF.cc#l99-l102。攻击者可以设计一个模型使得‘ params-> rank’为0。这个补丁将包含在 TensorFlow 2.5.0中。我们还将在 TensorFlow 2.4.2,TensorFlow 2.3.3,TensorFlow 2.2.3和 TensorFlow 2.1.4上精心挑选这个提交,因为这些也会受到影响,并且仍然在支持范围内。
2021-05-15 23:18:04知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:F5
TensorFlow is an end-to-end open source platform for machine learning. The `Prepare` step of the `SpaceToDepth` TFLite operator does not check for 0 before division(https://github.com/tensorflow/tensorflow/blob/5f7975d09eac0f10ed8a17dbb6f5964977725adc/tensorflow/lite/kernels/space_to_depth.cc#L63-L67). An attacker can craft a model such that `params->block_size` would be zero. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

TensorFlow 是一个端到端的机器学习开源平台。操作符的‘准备’步骤不会在分割前检查0 https://github.com/tensorflow/tensorflow/blob/5f7975d09eac0f10ed8a17dbb6f5964977725adc/tensorflow/lite/kernels/space_to_depth.cc#l63-l67。攻击者可以设计一个“ params-> block _ size”为零的模型。这个补丁将包含在 TensorFlow 2.5.0中。我们还将在 TensorFlow 2.4.2,TensorFlow 2.3.3,TensorFlow 2.2.3和 TensorFlow 2.1.4上精心挑选这个提交,因为这些也会受到影响,并且仍然在支持范围内。
2021-05-15 23:13:39知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:F5
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger undefined behavior by binding to null pointer in `tf.raw_ops.ParameterizedTruncatedNormal`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/3f6fe4dfef6f57e768260b48166c27d148f3015f/tensorflow/core/kernels/parameterized_truncated_normal_op.cc#L630) does not validate input arguments before accessing the first element of `shape`. If `shape` argument is empty, then `shape_tensor.flat<T>()` is an empty array. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

TensorFlow 是一个端到端的机器学习开源平台。攻击者可以通过绑定到‘ tf.raw _ ops 中的空指针来触发未定义行为。参数化截断正常’。这是因为在访问第一个元素‘ shape’之前,实现 https://github.com/tensorflow/tensorflow/blob/3f6fe4dfef6f57e768260b48166c27d148f3015f/tensorflow/core/kernels/parameterized_truncated_normal_op.cc#l
2021-05-15 23:13:09知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:F5
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in `tf.raw_ops.SparseSplit`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/699bff5d961f0abfde8fa3f876e6d241681fbef8/tensorflow/core/util/sparse/sparse_tensor.h#L528-L530) accesses an array element based on a user controlled offset. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

TensorFlow 是一个端到端的机器学习开源平台。攻击者可以在‘ tf.raw _ ops 中导致堆缓冲区溢出。‘ SparseSplit’。这是因为实现( https://github.com/tensorflow/tensorflow/blob/699bff5d961f0abfde8fa3f876e6d241681fbef8/tensorflow/core/util/sparse/sparse_tensor.h#l528-l530)根据用户控制的偏移量访问数组元素。这个补丁将包含在 TensorFlow 2.5.0中。我们还将在 TensorFlow 2.4.2,TensorFlow 2.3.3,TensorFlow 2.2.3和 TensorFlow 2.1.4上精心挑选这个提交,因为这些也会受到影响,并且仍然在支持范围内。
2021-05-15 23:11:54知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:F5
TensorFlow is an end-to-end open source platform for machine learning. An attacker can read data outside of bounds of heap allocated buffer in `tf.raw_ops.QuantizeAndDequantizeV3`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/11ff7f80667e6490d7b5174aa6bf5e01886e770f/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L237) does not validate the value of user supplied `axis` attribute before using it to index in the array backing the `input` argument. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

TensorFlow 是一个端到端的机器学习开源平台。攻击者可以在‘ tf.raw _ ops 中读取堆分配缓冲区边界之外的数据。3‘。这是因为在使用它在支持‘ input’参数的数组中建立索引之前,实现 https://github.com/tensorflow/tensorflow/blob/11ff7f80667e6490d7b5174aa6bf5e01886e770f/tensorflow/core/kernels/quantize_and_dequantize_op.cc#l237不会验证用户提供的‘ axis’属性的值。这个补丁将包含在 TensorFlow 2.5.
2021-05-15 23:11:43知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:F5
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.FractionalAvgPool`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/acc8ee69f5f46f92a3f1f11230f49c6ac266f10c/tensorflow/core/kernels/fractional_avg_pool_op.cc#L85-L89) computes a divisor quantity by dividing two user controlled values. The user controls the values of `input_size[i]` and `pooling_ratio_[i]` (via the `value.shape()` and `pooling_ratio` arguments). If the value in `input_size[i]` is smaller than the `pooling_ratio_[i]`, then the floor operation results in `output_size[i]` being 0. The `DCHECK_GT` line is a no-op outside of debug mode, so in released versions of TF this does not trigger. Later, these computed values are used as arguments(https://github.com/tensorflow/tensorflow/blob/acc8ee69f5f46f92a3f1f11230f49c6ac266f10c/tensorflow/core/kernels/fractional_avg_pool_op.cc#L96-L99) to 
2021-05-15 23:09:57知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:F5
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a `CHECK` failure by passing an empty image to `tf.raw_ops.DrawBoundingBoxes`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/ea34a18dc3f5c8d80a40ccca1404f343b5d55f91/tensorflow/core/kernels/image/draw_bounding_box_op.cc#L148-L165) uses `CHECK_*` assertions instead of `OP_REQUIRES` to validate user controlled inputs. Whereas `OP_REQUIRES` allows returning an error condition back to the user, the `CHECK_*` macros result in a crash if the condition is false, similar to `assert`. In this case, `height` is 0 from the `images` input. This results in `max_box_row_clamp` being negative and the assertion being falsified, followed by aborting program execution. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and
2021-05-15 23:08:33知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:F5
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference by providing an invalid `permutation` to `tf.raw_ops.SparseMatrixSparseCholesky`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/080f1d9e257589f78b3ffb75debf584168aa6062/tensorflow/core/kernels/sparse/sparse_cholesky_op.cc#L85-L86) fails to properly validate the input arguments. Although `ValidateInputs` is called and there are checks in the body of this function, the code proceeds to the next line in `ValidateInputs` since `OP_REQUIRES`(https://github.com/tensorflow/tensorflow/blob/080f1d9e257589f78b3ffb75debf584168aa6062/tensorflow/core/framework/op_requires.h#L41-L48) is a macro that only exits the current function. Thus, the first validation condition that fails in `ValidateInputs` will cause an early return from that function. However, the caller will continue execution from the next line. The fix is to either explicitly check `con
2021-05-15 23:08:14知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:F5
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in `tf.raw_ops.QuantizedMul`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/55900e961ed4a23b438392024912154a2c2f5e85/tensorflow/core/kernels/quantized_mul_op.cc#L188-L198) does a division by a quantity that is controlled by the caller. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

TensorFlow 是一个端到端的机器学习开源平台。攻击者可以在‘ tf.raw _ ops 中触发0的除法。量化 zedmul‘。这是因为实现( https://github.com/tensorflow/tensorflow/blob/55900e961ed4a23b438392024912154a2c2f5e85/tensorflow/core/kernels/quantized_mul_op.cc#l188-l198)除以一个由调用者控制的数量。这个补丁将包含在 TensorFlow 2.5.0中。我们还将在 TensorFlow 2.4.2,TensorFlow 2.3.3,TensorFlow 2.2.3和 TensorFlow 2.1.4上精心挑选这个提交,因为这些也会受到影响,并且仍然在支持范围内。
2021-05-15 23:06:49知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:F5
TensorFlow is an end-to-end open source platform for machine learning. Calling TF operations with tensors of non-numeric types when the operations expect numeric tensors result in null pointer dereferences. The conversion from Python array to C++ array(https://github.com/tensorflow/tensorflow/blob/ff70c47a396ef1e3cb73c90513da4f5cb71bebba/tensorflow/python/lib/core/ndarray_tensor.cc#L113-L169) is vulnerable to a type confusion. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

TensorFlow 是一个端到端的机器学习开源平台。当期望数值张量的操作导致空指针解除推断时,使用非数值类型张量调用 TF 操作。从 Python 数组到 c + + 数组( https://github.com/tensorflow/tensorflow/blob/ff70c47a396ef1e3cb73c90513da4f5cb71bebba/tensorflow/Python/lib/core/ndarray_tensor.cc#l113-l169数组)的转换容易出现类型混淆。这个补丁将包含在 TensorFlow 2.5.0中。我们还将在 TensorFlow 2.4.2,TensorFlow 2.3.3,TensorFlow 2.2.3和 TensorFlow 2.1.4上精心挑选这个提交
2021-05-15 23:06:39知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Apache Traffic Server
有新的漏洞组件被发现啦,组件ID:Apache
Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on the experimental Slicer plugin.

Traffic Server 9.0.0很容易受到来自实验版 Slicer 插件的远程 DOS 攻击。
2021-05-15 22:59:25知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:DedeCMS
A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter.

DedeCMS V5.7 SP2中的 XSS 漏洞允许经过身份验证的用户通过 keyword 参数执行远程任意代码。
2021-05-15 03:01:10知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Flask
The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct a crafted payload, poison the cache, and execute Python code.

1.10.1 for Flask 的缓存扩展依赖于 Pickle 进行序列化,这可能导致远程代码执行或本地权限提升。如果攻击者获得了缓存存储的访问权(例如,文件系统、 Memcached、 Redis 等) ,他们可以构建一个精心制作的有效载荷,毒害缓存,并执行 Python 代码。
2021-05-15 03:00:22知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Kibana
Kibana versions before 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of timeout or a limit on the request size. An attacker with permissions to create webhook actions could drain the Kibana host connection pool, making Kibana unavailable for all other users.

7.12.1之前的 Kibana 版本在 webhook 操作中发现了一个分布式拒绝服务攻击漏洞,原因是缺少超时或者请求大小受到限制。具有创建 webhook 操作权限的攻击者可能会耗尽 Kibana 主机连接池,使所有其他用户无法使用 Kibana。
2021-05-15 03:00:19知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Elasticsearch
In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain cross-cluster search queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices.

在7.11.2和6.8.15之前的 Elasticsearch 版本中,在使用文档或字段级安全时发现了文档披露缺陷。在执行某些跨集群搜索查询时,搜索查询不能正确保留安全权限。这可能导致搜索暴露了文档的存在,攻击者不应该能够查看这些文档。这可能导致攻击者获得对潜在敏感指数的额外洞察力。
2021-05-15 03:00:17知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Kibana
In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session from timing out.

在7.12.0和6.8.15之前的 Kibana 版本中,在 xpack.security.session.idleTimeout 设置未受到尊重的地方发现了会话超时中的一个缺陷。这是由于后台轮询活动无意中扩展了经过身份验证的用户会话,从而阻止了用户会话超时。
2021-05-15 03:00:15知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Elasticsearch
Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. The suggester and profile API are normally disabled for an index when document level security is enabled on the index. Certain queries are able to enable the profiler and suggester which could lead to disclosing the existence of documents and fields the attacker should not be able to view.

7.11.2和6.8.15之前的 Elasticsearch 版本在启用文档和字段级别安全时,在 Elasticsearch 建议和概要 API 中发现了文档披露缺陷。当在索引上启用文档级别安全性时,通常禁用暗示和配置文件 API 作为索引。某些查询可以启用分析器和建议器,这可能导致暴露攻击者不应该查看的文档和字段的存在。
2021-05-15 02:59:51知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:WildFly
有新的漏洞组件被发现啦,组件ID:Jboss
A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.

在野蝇身上发现了一个缺陷。JBoss EJB 客户机具有可公开访问的特权操作,这些操作可能导致其所部署的服务器上的信息泄露。此漏洞的最大威胁是数据机密性。
2021-05-15 02:59:28知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:ZCMS
Insecure permissions issue in zzcms 201910 via the reset any user password in /one/getpassword.php.

在 zzcms 201910中通过重置/one/getpassword.php 中的任何用户密码发出不安全的权限。
2021-05-14 06:59:13知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:致远
2021-05-13 11:06:56知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:ZCMS
zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them in the keys parameter of a ?location=search URI, as demonstrated by an OS command within an "if" "end if" block.

2.0.4之前的 zzzcms zzzphp 允许远程攻击者通过将任意的操作系统命令放在?Location = search URI,如“ if”“ end if”块中的 OS 命令所示。
2021-05-13 11:04:51知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Microsoft Exchange
Microsoft Exchange Server Spoofing Vulnerability

Microsoftexchangeserver 欺骗漏洞
2021-05-13 11:04:45知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Microsoft Exchange
Microsoft Exchange Server Security Feature Bypass Vulnerability

Microsoftexchangeserver 安全特性绕过漏洞
2021-05-13 11:04:31知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Microsoft Exchange
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31195.

Microsoftexchangeserver 远程代码执行漏洞此 CVE ID 是 CVE-2021-31195中唯一的。
2021-05-13 11:04:28知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Microsoft Exchange
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31198.

Microsoftexchangeserver 远程代码执行漏洞此 CVE ID 是 CVE-2021-31198中唯一的。
2021-05-13 11:03:53知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Microsoft SharePoint
Microsoft SharePoint Remote Code Execution Vulnerability

SharePoint 远程代码执行漏洞
2021-05-13 11:03:27知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Microsoft SharePoint
Microsoft SharePoint Server Information Disclosure Vulnerability

SharePoint 服务器信息披露漏洞
2021-05-13 11:03:23知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Microsoft SharePoint
Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2021-26418, CVE-2021-28478.

SharePoint 欺骗漏洞这个 CVE ID 是唯一的 CVE-2021-26418,CVE-2021-28478。
2021-05-13 11:03:19知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Microsoft SharePoint
Microsoft SharePoint Information Disclosure Vulnerability

SharePoint 信息披露漏洞
2021-05-13 11:02:45知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Apache
Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same process. However, new connections may still be starved by greedy persistent-connections saturating all threads in all processes in the cluster. A `puma` server which received more concurrent `keep-alive` connections than the server had threads in its threadpool would service only a subset of connections, denying service to the unserved connections. This problem has been fixed in `puma` 4.3.8 and 5.3.1. Setting `queue_requests false` also fixes the issue. This is not advised when using `puma` without a reverse proxy, such as `nginx` or `apache`, because you will open yourself to slow client attacks (e.g. slowloris). The fix is very small and a git patch is available for those using unsupported ver
2021-05-13 11:02:28知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Microsoft SharePoint
Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2021-26418, CVE-2021-31172.

SharePoint 欺骗漏洞这个 CVE ID 是唯一的 CVE-2021-26418,CVE-2021-31172。
2021-05-13 11:02:24知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Microsoft SharePoint
Microsoft SharePoint Server Remote Code Execution Vulnerability

SharePoint 服务器远程代码执行漏洞
2021-05-13 11:01:42知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:SAP NetWeaver
SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to inject malicious code by executing an ABAP report when the attacker has access to the local SAP system. The attacker could then get access to data, overwrite them, or execute a denial of service.

SAP NetWeaver AS ABAP 版本-700,701,702,730,731允许高特权的攻击者在攻击者访问本地 SAP 系统时通过执行 ABAP 报告注入恶意代码。然后,攻击者可以访问数据,覆盖它们,或者执行分布式拒绝服务攻击。
2021-05-13 11:01:25知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Microsoft SharePoint
Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2021-28478, CVE-2021-31172.

SharePoint 欺骗漏洞这个 CVE ID 是唯一的 CVE-2021-28478,CVE-2021-31172。
2021-05-13 11:01:11知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins Xcode integration Plugin 2.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Jenkins Xcode 集成插件2.0.14及更早版本没有配置其 XML 解析器以防止 XML 外部实体(XXE)攻击。
2021-05-13 11:01:09知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jenkins
A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and password.

Jenkins P4 Plugin 1.11.4及更早版本中的一个跨站请求伪造安全漏洞(CSRF)允许攻击者使用指定的用户名和密码连接到攻击者指定的 Perforce 服务器。
2021-05-13 11:01:06知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins P4 Plugin 1.11.4 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified Perforce server using attacker-specified username and password.

Jenkins P4 Plugin 1.11.4及更早版本不在多个 HTTP 端点中执行权限检查,允许具有 Overall/Read 权限的攻击者使用指定的攻击者用户名和密码连接到指定的 Perforce 服务器。
2021-05-13 11:01:02知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jira
有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier does not perform a permission check in an HTTP endpoint, allowing with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

Jira Plugin 2.4.0及更早版本的 Jenkins Xray-Test Management 在 HTTP 端点上不执行权限检查,允许使用 Overall/Read 权限枚举存储在 Jenkins 中的凭据的凭据 id。
2021-05-13 11:01:00知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jira
有新的漏洞组件被发现啦,组件ID:Jenkins
A cross-site request forgery (CSRF) vulnerability in Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Jenkins Xray 测试管理2.4.0及更早版本中的一个安全跨站请求伪造(CSRF)漏洞允许攻击者使用通过另一种方法获得的攻击者指定的凭据 id 连接到攻击者指定的 URL,捕获存储在 Jenkins 中的凭据。
2021-05-13 11:00:58知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain the list of configured profiles.

Jenkins S3 publisher Plugin 0.11.6及更早版本不在 HTTP 端点中执行权限检查,允许具有 Overall/Read 权限的攻击者获得配置文件列表。
2021-05-13 11:00:55知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform Run/Artifacts permission checks in various HTTP endpoints and API models, allowing attackers with Item/Read permission to obtain information about artifacts uploaded to S3, if the optional Run/Artifacts permission is enabled.

Jenkins S3 publisher Plugin 0.11.6和更早版本不在各种 HTTP 端点和 API 模型中执行运行/工件权限检查,如果启用了可选的运行/工件权限,则允许具有 Item/Read 权限的攻击者获取上传到 S3的工件的信息。
2021-05-13 11:00:51知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission.

Jenkins Dashboard View Plugin 2.15及更早版本不能逃脱 Image Dashboard Portlets 中引用的 url,导致存储的跨网站脚本安全漏洞被具有 View/Configure 权限的攻击者利用。
2021-05-13 11:00:48知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins Credentials Plugin 2.3.18 and earlier does not escape user-controlled information on a view it provides, resulting in a reflected cross-site scripting (XSS) vulnerability.

Jenkins Credentials Plugin 2.3.18和更早版本没有逃脱用户对其提供的视图的控制信息,从而导致反映出跨网站脚本安全漏洞(XSS)。
2021-05-13 11:00:38知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:RTX
A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz() of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

在7.0.11之前的版本中,ImageMagick 中发现了一个缺陷,其中 MagickCore/colorspace.c 的 ConvertXYZToJzazbz ()被0除,可能通过攻击者提交并由应用程序使用 imagemagmagick 处理的精心制作的图像文件触发未定义行为。此漏洞的最大威胁是系统可用性。
2021-05-13 11:00:28知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jira
有新的漏洞组件被发现啦,组件ID:Atlassian Jira
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1.

受影响的 Atlassian Jira Server 和数据中心版本允许未经身份验证的用户通过 querycomponervalue 中的信息披露漏洞枚举用户!终结点。受影响的版本在8.5.13之前,在8.13.5之前是8.6.0版本,在8.15.1之前是8.14.0版本。
2021-05-11 18:59:32知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:KindEditor
Cross-site scripting (XSS) vulnerability in static/admin/js/kindeditor/plugins/multiimage/images/swfupload.swf in noneCms v1.3.0 allows remote attackers to inject arbitrary web script or HTML via the movieName parameter.

在 noneCms v1.3.0中的跨网站脚本/admin/js/kindeditor/plugins/multiimage/images/swfupload.swf 漏洞允许远程攻击者通过 movieName 参数注入任意 web 脚本或 HTML。
2021-05-10 22:59:16知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Spring Boot
Broken Authentication in Atlassian Connect Spring Boot (ACSB) in version 1.1.0 before 2.1.3 and from version 2.1.4 before 2.1.5: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a server-to-server JWT or a context JWT. Atlassian Connect Spring Boot versions 1.1.0 before 2.1.3 and versions 2.1.4 before 2.1.5 erroneously accept context JWTs in lifecycle endpoints (such as installation) where only server-to-server JWTs should be accepted, permitting an attacker to send authenticated re-installation events to an app.

Atlassian Connect Spring Boot (ACSB)中的破坏认证在2.1.3之前的1.1.0版本和2.1.4之前的2.1.5版本中: Atlassian Connect Spring Boot 是一个用于构建 Atlassian Connect 应用程序的 Java Spring Boot 包。Atlassian 产品和 Atlassian Connect Spring Boot 应用程序之间的身份验证通过服务器到服务器的 JWT 或上下文 JWT 进行。Atlassian Connect Spring Boot 在2.1.3之前的1.1.0版本和2.1.4之前的2.1.5版本错误地接受生命周期端点(比如安装)中的上下文 JWTs,其
2021-05-09 06:59:13知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:网神
2021-05-08 11:06:04知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Django
In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because HttpResponse prohibits newlines in HTTP headers.

在 Django 2.2之前的2.2.22、3.1.10之前的3.1和3.2之前的3.2中(使用 Python 3.9.5 +) ,URLValidator 不禁止换行和制表符(除非使用 URLField 表单字段)。如果应用程序在 HTTP 响应中使用带有换行符的值,则可能发生头注入。Django 本身不受影响,因为 HttpResponse 禁止在 HTTP 头中使用换行。
2021-05-08 11:05:51知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Elasticsearch
An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Alerting plugin's intended scope.

在1.13.1.0之前,Elasticsearch (ODFE) Open Distro 中的 SSRF 问题允许现有的特权用户枚举监听服务或通过超出警报插件预期范围的 HTTP 请求与配置的资源进行交互。
2021-05-08 11:02:38知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7. GitLab Dependency Proxy, under certain circumstances, can impersonate a user resulting in possibly incorrect access handling.

GitLab CE/EE 中发现了一个问题,影响了从13.7开始的所有版本。在某些情况下,GitLab Dependency Proxy 可以模拟用户导致错误的访问处理。
2021-05-08 11:02:36知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2. When querying the repository branches through API, GitLab was ignoring a query parameter and returning a considerable amount of results.

GitLab CE/EE 中发现了一个问题,影响了从13.2开始的所有版本。当通过 API 查询存储库分支时,GitLab 忽略了一个查询参数并返回了大量的结果。
2021-05-08 11:02:34知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed.

GitLab CE/EE 中发现了一个问题,影响从13.8开始的所有版本。没有正确验证授权令牌,导致 GraphQL 变异被执行。
2021-05-08 11:02:31知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:GitLab
An issue has been discovered in GitLab affecting versions starting with 13.5 up to 13.9.7. Improper permission check could allow the change of timestamp for issue creation or update.

GitLab 中发现了一个影响版本的问题,从13.5开始到13.9.7。不正确的权限检查可能导致更改发行创建或更新的时间戳。
2021-05-08 11:02:30知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:GitLab
An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror credentials are exposed that allows other maintainers to be able to view the credentials in plain-text,

从11.6开始,GitLab 发现了一个影响所有版本的问题。公开拉镜像凭据,使其他维护人员能够以纯文本方式查看凭据,