最新漏洞
漏洞编号漏洞描述厂商时间
CVE-2021-23441
All versions of package com.jsoniter:jsoniter are vulnerable to Deserialization of Untrusted Data via malicious JSON strings. This may lead to a Denial of Service, and in certain cases, code execution.

所有版本的包 com.jsoniter: jsoniter 都很容易通过恶意的 JSON 字符串反序列化不可信数据。这可能导致一个分布式拒绝服务攻击,在某些情况下,代码执行。
Snyk2021-09-21
CVE-2021-38300
arch/mips/net/bpf_jit.c in the Linux kernel through 5.14.6 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context. This occurs because conditional branches can exceed the 128 KB limit of the MIPS architecture.

通过5.14.6在 Linux 内核中转换非特权 cBPF 程序时,arch/mips/net/bpf _ jit.c 可能会生成不希望的机器代码,从而允许在内核上下文中执行任意代码。出现这种情况是因为条件分支可能超过 MIPS架构分支的128kb 限制。
MITRE Corporation2021-09-21
CVE-2021-40690
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.

2.2.3和2.1.7之前的所有版本的 Apache Santuario-XML Security for Java 都容易出现“ secureValidation”属性在从 KeyInfoReference 元素创建 KeyInfo 时没有正确传递的问题。这允许攻击者滥用 XPath 转换来提取任何本地信息。元素中的 xml 文件。
Apache Software Foundation2021-09-21
CVE-2021-41073
loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation.

Linux 内核5.10到5.14.6中的 fs/io _ uri.c 中的 loop _ rw _ iter 允许本地用户通过使用 IORING _ op _ prof _ buffers 触发一个没有内核缓冲区的特权,正如使用/proc/< pid >/maps 进行开发所证明的那样。
MITRE Corporation2021-09-21
CVE-2021-3806
A path traversal vulnerability on Pardus Software Center's "extractArchive" function could allow anyone on the same network to do a man-in-the-middle and write files on the system.

Pardus 软件中心的“ extractArchive”功能中的路径遍历漏洞允许同一网络上的任何人在系统上执行中间人操作和写文件。
Computer Emergency Response Team of the Republic of Turkey (TR-CERT)2021-09-20
CVE-2021-41393
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations.

在4.4.11之前、5. x 在5.2.4之前、6. x 在6.2.12之前和7.1.1之前传送允许在某些情况下伪造 SSH 主机证书。
MITRE Corporation2021-09-20
CVE-2021-41394
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows alteration of build artifacts in some situations.

在4.4.11之前传送,在5.2.4之前传送5. x,在6.2.12之前传送6. x,在7.1.1之前传送7. x 允许在某些情况下改变构建工件。
MITRE Corporation2021-09-20
CVE-2021-41395
Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted database name or username.

在6.2.12和7.1.1之前的传送允许攻击者控制数据库连接字符串,在某些情况下,通过精心设计的数据库名称或用户名。
MITRE Corporation2021-09-20
CVE-2018-20686
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

* * 拒绝 * * 不要使用此候选人编号。没有。原因: 这位候选人被其 CNA 撤回。进一步的调查表明,这不是一个安全问题。注释: 无。
MITRE Corporation2021-09-18
CVE-2019-9060
An issue was discovered in CMS Made Simple 2.2.8. It is possible to achieve unauthenticated path traversal in the CGExtensions module (in the file action.setdefaulttemplate.php) with the m1_filename parameter; and through the action.showmessage.php file, it is possible to read arbitrary file content (by using that path traversal with m1_prefname set to cg_errormsg and m1_resettodefault=1).

在 CMS Made Simple 2.2.8中发现了一个问题。可以使用 m1 _ filename 参数在 CGExtensions 模块(在文件 action.setdefaulttemplate.php 中)中实现未经身份验证的路径遍历; 通过 action.showmessage.php 文件,可以读取任意文件内容(通过使用将 m1 _ prefname 设置为 cg _ errormsg 和 m1 _ resettodefault = 1的路径遍历)。
MITRE Corporation2021-09-18
CVE-2020-12080
A Denial of Service vulnerability has been identified in FlexNet Publisher's lmadmin.exe version 11.16.6. A certain message protocol can be exploited to cause lmadmin to crash.

在 FlexNet Publisher 的 lmadmin.exe 版本11.16.6中,已经发现了一个分布式拒绝服务攻击安全漏洞。可以利用某个消息协议导致 lmadmin 崩溃。
Flexera Software LLC2021-09-18
CVE-2020-12082
A stored cross-site scripting issue impacts certain areas of the Web UI for Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64).

存储的跨网站脚本问题会影响代码 Insight v7. x 版本的 Web UI 的某些区域,直到2020 R1(7.11.0-64)。
Flexera Software LLC2021-09-18
CVE-2020-12083
An elevated privileges issue related to Spring MVC calls impacts Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64).

与 Spring MVC 调用相关的升级特权问题影响了 Code Insight v7.x 的发布,直到2020 R1(7.11.0-64)。
Flexera Software LLC2021-09-18
CVE-2020-21547
Libsixel 1.8.2 contains a heap-based buffer overflow in the dither_func_fs function in tosixel.c.

Libsixel 1.8.2在 tosixel.c 中的 dither _ func _ fs 函数中包含一个基于堆的缓冲区溢出。
MITRE Corporation2021-09-18
CVE-2020-21548
Libsixel 1.8.3 contains a heap-based buffer overflow in the sixel_encode_highcolor function in tosixel.c.

Libsixel 1.8.3包含 sixel _ encode _ highcolor 函数中的基于堆的缓冲区溢出(tosixel.c)。
MITRE Corporation2021-09-18
CVE-2021-23442
This affects all versions of package @cookiex/deep. The global proto object can be polluted using the __proto__ object.

这会影响 package@cookiex/deep 的所有版本。
Snyk2021-09-18
CVE-2021-31842
XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulting in a Denial of Service attack through carefully editing the EPDeploy.xml file and then executing the setup process.

2021年9月10日7.0之前,McAfee 终端安全中的 XML 实体扩展注入漏洞允许本地用户通过仔细编辑 epdeploy.XML 文件,然后执行安装过程来启动高 CPU 和内存消耗,从而导致分布式拒绝服务攻击攻击。
McAfee2021-09-18
CVE-2021-31843
Improper privileges management vulnerability in McAfee Endpoint Security (ENS) Windows prior to 10.7.0 September 2021 Update allows local users to access files which they would otherwise not have access to via manipulating junction links to redirect McAfee folder operations to an unintended location.

2021年9月10日7.0之前的 McAfee 终端安全系统中的不当权限管理漏洞允许本地用户通过操纵连接链接访问原本无法访问的文件,将 McAfee 的文件夹操作重定向到一个非预期的位置。
McAfee2021-09-18
CVE-2021-31844
A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges through placing carefully constructed Ami Pro (.sam) files onto the local system and triggering a DLP Endpoint scan through accessing a file. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size.

McAfee Data Loss Prevention (DLP) Endpoint for Windows 在11.6.200之前有一个缓冲区溢出漏洞,允许本地攻击者通过放置精心构造的 Ami Pro (。Sam)文件到本地系统,并通过访问文件触发 DLP 端点扫描。这是由于目标缓冲区的大小是固定的,并且对源大小进行了不正确的检查。
McAfee2021-09-18
CVE-2021-31845
A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Discover prior to 11.6.100 allows an attacker in the same network as the DLP Discover to execute arbitrary code through placing carefully constructed Ami Pro (.sam) files onto a machine and having DLP Discover scan it, leading to remote code execution with elevated privileges. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size.

McAfee Data Loss Prevention (DLP) Discover 在11.6.100之前发现了一个缓冲区溢出漏洞,允许与 DLP Discover 处于同一网络的攻击者通过放置精心构造的 Ami Pro (来执行任意代码。Sam)文件到机器上,然后让 DLP 发现扫描它,从而使远程代码执行具有更高的权限。这是由于目标缓冲区的大小是固定的,并且对源大小进行了不正确的检查。
McAfee2021-09-18
CVE-2021-38304
Improper input validation in the National Instruments NI-PAL driver in versions 20.0.0 and prior may allow a privileged user to potentially enable escalation of privilege via local access.

在 National Instruments NI-PAL 驱动程序的20.0.0版本和更早版本中,不正确的输入验证可能允许特权用户通过本地访问潜在地升级特权。
MITRE Corporation2021-09-18
CVE-2021-38402
Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could lead to a stack-based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage this vulnerability to execute code in the context of the current process.

Delta Electronic DOPSoft 2(Version 2.00.07及以前版本)在解析特定项目文件时缺乏对用户提供的数据的适当验证。这可能导致在字体字符串处理期间试图复制到缓冲区时出现基于堆栈的缓冲区溢出。攻击者可以利用此漏洞在当前进程的上下文中执行代码。
ICS-CERT2021-09-18
CVE-2021-38404
Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process.

Delta Electronic DOPSoft 2(Version 2.00.07及以前版本)在解析特定项目文件时缺乏对用户提供的数据的适当验证。这可能导致基于堆的缓冲区溢出。攻击者可以利用此漏洞在当前进程的上下文中执行代码。
ICS-CERT2021-09-18
CVE-2021-38406
Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in multiple out-of-bounds write instances. An attacker could leverage this vulnerability to execute code in the context of the current process.

Delta Electronic DOPSoft 2(Version 2.00.07及以前版本)在解析特定项目文件时缺乏对用户提供的数据的适当验证。这可能导致多个出界写实例。攻击者可以利用此漏洞在当前进程的上下文中执行代码。
ICS-CERT2021-09-18
CVE-2021-38412
Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. This vulnerability could allow an attacker to enable the SNMP service and manipulate the community strings to achieve further control in.

对 Digi PortServer TS 16 Rack 设备的 HTTP 和 HTTPS web 服务器上的多个资源适当格式化的 POST 请求不需要身份验证或身份验证令牌。这个漏洞可能允许攻击者启用 SNMP 服务并操作社区字符串以实现对。
ICS-CERT2021-09-18
CVE-2021-39216
Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing `externref`s from the host to guest Wasm content. To trigger the bug, you have to explicitly pass multiple `externref`s from the host to a Wasm instance at the same time, either by passing multiple `externref`s as arguments from host code to a Wasm function, or returning multiple `externref`s to Wasm from a multi-value return function defined in the host. If you do not have host code that matches one of these shapes, then you are not impacted. If Wasmtime's `VMExternRefActivationsTable` became filled to capacity after passing the first `externref` in, then passing in the second `externref` could trigger a garbage collection. However the first `externref` is not rooted until we pass control to Wasm, and therefore could be reclaimed by the collector if nothing else was holding a reference to it or otherwise keeping it alive. Then, when control was passed to Wasm after the garbage collection, Wasm could use the first `externref`, which at this point has already been freed. We have reason to believe that the effective impact of this bug is relatively small because usage of `externref` is currently quite rare. The bug has been fixed, and users should upgrade to Wasmtime 0.30.0. If you cannot upgrade Wasmtime yet, you can avoid the bug by disabling reference types support in Wasmtime by passing `false` to `wasmtime::Config::wasm_reference_types`.

是 WebAssembly 和 WASI 的开源运行时。在0.19.0版和0.30.0版之前的 Wasmtime 中,在从主机向客户 Wasm 内容传递‘ externref’时出现了一个 use-after-free bug。要触发这个 bug,你必须同时显式地将多个‘ externref’从主机传递给一个 Wasm 实例,要么将多个‘ externref’作为参数从主机代码传递给一个 Wasm 函数,要么从主机定义的多值返回函数返回多个‘ externref’到 Wasm。如果没有匹配这些形状之一的主机代码,则不会受到影响。如果 Wasmtime 的‘ vmexternrefacationstable’在传入第一个‘ externref’之后被填满,那么传入第二个‘ externref’可能会触发垃圾收集。然而,第一个‘ externref’在我们将控制权传递给 Wasm 之前并不是根,因此如果没有其他任何东西保存对它的引用或保持它的活动,收集器可以回收它。然后,在垃圾收集之后将控制权传递给 Wasm 时,Wasm 可以使用第一个‘ externref’,此时它已经被释放了。我们有理由相信这个 bug 的有效影响相对较小,因为使用‘ externref’目前相当罕见。这个 bug 已经修复,用户应该升级到 Wasmtime 0.30.0。如果你还不能升级 Wasmtime,你可以通过传递‘ false’到‘ Wasmtime: : Config: : wasm/reference/types’来禁用 Wasmtime 的引用类型支持来避免这个 bug。
GitHub (maintainer security advisories)2021-09-18
CVE-2021-39218
Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that uses `externref`s in Wasmtime. To trigger this bug, Wasmtime needs to be running Wasm that uses `externref`s, the host creates non-null `externrefs`, Wasmtime performs a garbage collection (GC), and there has to be a Wasm frame on the stack that is at a GC safepoint where there are no live references at this safepoint, and there is a safepoint with live references earlier in this frame's function. Under this scenario, Wasmtime would incorrectly use the GC stack map for the safepoint from earlier in the function instead of the empty safepoint. This would result in Wasmtime treating arbitrary stack slots as `externref`s that needed to be rooted for GC. At the *next* GC, it would be determined that nothing was referencing these bogus `externref`s (because nothing could ever reference them, because they are not really `externref`s) and then Wasmtime would deallocate them and run `<ExternRef as Drop>::drop` on them. This results in a free of memory that is not necessarily on the heap (and shouldn't be freed at this moment even if it was), as well as potential out-of-bounds reads and writes. Even though support for `externref`s (via the reference types proposal) is enabled by default, unless you are creating non-null `externref`s in your host code or explicitly triggering GCs, you cannot be affected by this bug. We have reason to believe that the effective impact of this bug is relatively small because usage of `externref` is currently quite rare. This bug has been patched and users should upgrade to Wasmtime version 0.30.0. If you cannot upgrade Wasmtime at this time, you can avoid this bug by disabling the reference types proposal by passing `false` to `wasmtime::Config::wasm_reference_types`.

是 WebAssembly 和 WASI 的开源运行时。在0.26.0版本和0.30.0版本之前的 Wasmtime 中,受到了内存不健全漏洞的影响。在 Wasmtime 运行使用‘ externref’的 Wasm 时出现了无效的自由和超出界限的读写错误。为了触发这个 bug,Wasmtime 需要运行使用‘ externref’的 Wasm,主机创建非空的‘ externrefs’,Wasmtime 执行垃圾收集(GC) ,并且堆栈上必须有一个位于 GC 安全点的 Wasm 框架,在这个安全点没有活动引用,并且在这个框架的函数的前面有一个带活动引用的安全点。在这种情况下,Wasmtime 将不正确地使用函数前面的 GC 堆栈映射作为安全点,而不是空的安全点。这将导致 Wasmtime 将任意堆栈槽视为‘ externref’,需要根植于 GC。在 * next * GC 中,将确定没有任何东西引用这些虚假的‘ externref’(因为没有任何东西可以引用它们,因为它们不是真正的‘ externref’) ,然后 Wasmtime 将释放它们并对它们运行‘ < externref as drop > : drop’。这将导致内存不一定在堆上(即使在堆上也不应该在此时释放) ,以及潜在的超出界限的读写操作。即使默认情况下支持‘ externref’s (通过引用类型提案) ,除非您在主机代码中创建非空‘ externref’或显式触发 gc,否则不会受到这个 bug 的影响。我们有理由相信这个 bug 的有效影响相对较小,因为使用‘ externref’目前相当罕见。这个 bug 已经被修复,用户应该升级到 Wasmtime 版本0.30.0。如果你现在不能升级 Wasmtime,你可以通过传递‘ false’到‘ Wasmtime: : Config: : wasm _ reference _ types’来禁用引用类型 proposal 来避免这个 bug。
GitHub (maintainer security advisories)2021-09-18
CVE-2021-39219
Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime before version 0.30.0 is affected by a type confusion vulnerability. As a Rust library the `wasmtime` crate clearly marks which functions are safe and which are `unsafe`, guaranteeing that if consumers never use `unsafe` then it should not be possible to have memory unsafety issues in their embeddings of Wasmtime. An issue was discovered in the safe API of `Linker::func_*` APIs. These APIs were previously not sound when one `Engine` was used to create the `Linker` and then a different `Engine` was used to create a `Store` and then the `Linker` was used to instantiate a module into that `Store`. Cross-`Engine` usage of functions is not supported in Wasmtime and this can result in type confusion of function pointers, resulting in being able to safely call a function with the wrong type. Triggering this bug requires using at least two `Engine` values in an embedding and then additionally using two different values with a `Linker` (one at the creation time of the `Linker` and another when instantiating a module with the `Linker`). It's expected that usage of more-than-one `Engine` in an embedding is relatively rare since an `Engine` is intended to be a globally shared resource, so the expectation is that the impact of this issue is relatively small. The fix implemented is to change this behavior to `panic!()` in Rust instead of silently allowing it. Using different `Engine` instances with a `Linker` is a programmer bug that `wasmtime` catches at runtime. This bug has been patched and users should upgrade to Wasmtime version 0.30.0. If you cannot upgrade Wasmtime and are using more than one `Engine` in your embedding it's recommended to instead use only one `Engine` for the entire program if possible. An `Engine` is designed to be a globally shared resource that is suitable to have only one for the lifetime of an entire process. If using multiple `Engine`s is required then code should be audited to ensure that `Linker` is only used with one `Engine`.

是 WebAssembly 和 WASI 的开源运行时。版本0.30.0之前的 Wasmtime 受到类型混淆漏洞的影响。作为一个锈蚀图书馆,“ Wasmtime”板条箱清楚地标记出哪些功能是安全的,哪些功能是“不安全的”,保证了如果消费者从不使用“不安全的”,那么在他们嵌入 Wasmtime 时就不可能出现记忆不安全的问题。在‘ Linker: : func _ *’API 的安全 API 中发现了一个问题。这些 api 以前是不健全的,当一个’引擎’被用来创建’连接’,然后一个不同的’引擎’被用来创建一个’存储’,然后’连接’被用来实例化一个模块到那个’存储’。在 Wasmtime,交叉引擎不支持函数的使用,这可能导致函数指针的类型混乱,从而导致能够安全地调用一个类型错误的函数。触发这个 bug 需要在一个嵌入中使用至少两个“ Engine”值,然后使用两个不同的“ Linker”值(一个在“ Linker”创建时使用,另一个在用“ Linker”实例化一个模块时使用)。预计在嵌入中使用多个“引擎”的情况相对较少,因为“引擎”意在成为全球共享的资源,所以预计这个问题的影响相对较小。实现的修复方法是将这种行为改为‘惊慌!在生锈而不是默默地允许它。使用不同的‘ Engine’实例和‘ Linker’是程序员在运行时捕获的‘ wasmtime’错误。这个 bug 已经被修复,用户应该升级到 Wasmtime 版本0.30.0。如果你不能升级 Wasmtime,并且在嵌入过程中使用了多个引擎,建议尽可能在整个程序中只使用一个引擎。“引擎”被设计成一个全球共享的资源,在整个进程的生命周期中只能有一个引擎。如果需要使用多个‘ Engine’,那么应该对代码进行审计,以确保‘ Linker’只与一个‘ Engine’一起使用。
GitHub (maintainer security advisories)2021-09-18
CVE-2021-39227
ZRender is a lightweight graphic library providing 2d draw for Apache ECharts. In versions prior to 5.2.1, using `merge` and `clone` helper methods in the `src/core/util.ts` module results in prototype pollution. It affects the popular data visualization library Apache ECharts, which uses and exports these two methods directly. The GitHub Security Advisory page for this vulnerability contains a proof of concept. This issue is patched in ZRender version 5.2.1. One workaround is available: Check if there is `__proto__` in the object keys. Omit it before using it as an parameter in these affected methods. Or in `echarts.util.merge` and `setOption` if project is using ECharts.

ZRender 是一个轻量级的图形库,为 Apache ECharts 提供2 d 绘图。在5.2.1之前的版本中,在‘ src/core/util.ts’模块中使用‘ merge’和‘ clone’helper 方法会导致原型污染。它影响了流行的数据可视化/程序库 Apache ECharts,后者直接使用和导出这两种方法。这个漏洞的 GitHub 安全性咨询页面包含了一个概念验证。这个问题是在 ZRender 5.2.1版本中修补的。一个可用的解决方案是: 检查对象键中是否有‘ _ proto _’。在这些受影响的方法中使用它作为参数之前省略它。如果 project 正在使用 ECharts,则可以使用‘ ECharts.util.merge’和‘ setopt’。
GitHub (maintainer security advisories)2021-09-18
CVE-2021-39228
Tremor is an event processing system for unstructured data. A vulnerability exists between versions 0.7.2 and 0.11.6. This vulnerability is a memory safety Issue when using `patch` or `merge` on `state` and assign the result back to `state`. In this case, affected versions of Tremor and the tremor-script crate maintains references to memory that might have been freed already. And these memory regions can be accessed by retrieving the `state`, e.g. send it over TCP or HTTP. This requires the Tremor server (or any other program using tremor-script) to execute a tremor-script script that uses the mentioned language construct. The issue has been patched in version 0.11.6 by removing the optimization and always cloning the target expression of a Merge or Patch. If an upgrade is not possible, a possible workaround is to avoid the optimization by introducing a temporary variable and not immediately reassigning to `state`.

震颤是非结构化数据的事件处理系统。在版本0.7.2和0.11.6之间存在漏洞。当在状态上使用‘ patch’或‘ merge’并将结果返回到‘ state’时,此漏洞是一个内存安全问题。在这种情况下,受影响的震颤版本和震颤脚本板条箱维护对可能已经被释放的内存的引用。这些内存区域可以通过检索“状态”来访问,例如通过 TCP 或 HTTP 发送。这要求 tremserver (或者其他任何使用 tremscript 的程序)执行一个使用上述语言结构的 tremscript。这个问题已经在0.11.6版本中通过删除优化并且总是克隆 Merge 或 Patch 的目标表达式来修补。如果不能升级,一个可能的解决方案是通过引入临时变量来避免优化,而不是立即重新分配到“状态”。
GitHub (maintainer security advisories)2021-09-18
CVE-2021-39327
The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.

防弹安全 WordPress 插件很容易受到敏感信息泄露的影响,因为在公开访问的 ~/db _ backup _ log.txt 文件中有一个文件路径泄露,除了数据库备份文件的路径之外,这个文件还允许攻击者访问站点的完整路径。这会影响到5.1版本。
Wordfence2021-09-18
CVE-2021-40825
nLight ECLYPSE (nECY) system Controllers running software prior to 1.17.21245.754 contain a default key vulnerability. The nECY does not force a change to the key upon the initial configuration of an affected device. nECY system controllers utilize an encrypted channel to secure SensorViewTM configuration and monitoring software and nECY to nECY communications. Impacted devices are at risk of exploitation. A remote attacker with IP access to an impacted device could submit lighting control commands to the nECY by leveraging the default key. A successful attack may result in the attacker gaining the ability to modify lighting conditions or gain the ability to update the software on lighting devices. The impacted key is referred to as the SensorView Password in the nECY nLight Explorer Interface and the Gateway Password in the SensorView application. An attacker cannot authenticate to or modify the configuration or software of the nECY system controller.

在1.17.21245.754之前运行软件的 nLight ECLYPSE (nECY)系统控制器包含一个缺省的密钥漏洞。在受影响的设备的初始配置上,nECY 不强制对键进行更改。系统控制器利用一个加密的通道来保护 SensorViewTM 配置和监控软件,以及 nECY 与 nny 之间的通信。受影响的装置有被利用的危险。对受影响设备具有 IP 访问权限的远程攻击者可以利用默认密钥将照明控制命令提交给 nECY。一次成功的攻击可能导致攻击者获得修改照明条件的能力或获得更新照明设备上的软件的能力。受影响的密钥在 nny nLight Explorer 界面中称为 SensorView 密码,在 SensorView 应用程序中称为 Gateway 密码。攻击者不能验证或修改 nECY 系统控制器的配置或软件。
MITRE Corporation2021-09-18
CVE-2021-41303
Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0.

在1.8.0之前,当使用 Apache Shiro 和 Spring Boot 时,一个特殊的 HTTP 请求可能会导致身份验证绕过。用户应该升级到 Apache Shiro 1.8.0。
Apache Software Foundation2021-09-18
CVE-2021-41315
The Device42 Remote Collector before 17.05.01 does not sanitize user input in its SNMP Connectivity utility. This allows an authenticated attacker (with access to the console application) to execute arbitrary OS commands and escalate privileges.

Device42 Remote Collector 在17.05.01之前不会对 SNMP 连接实用程序中的用户输入进行消毒。这允许经过身份验证的攻击者(访问控制台应用)执行任意操作系统命令并升级特权。
MITRE Corporation2021-09-18
CVE-2021-41316
The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery utility. An attacker (with permissions to add or edit jobs run by this utility) can inject an extra argument to overwrite arbitrary files as the root user on the Remote Collector.

Device42主设备在17.05.01之前不会在其 Nmap Discovery 实用程序中对用户输入进行消毒。攻击者(具有添加或编辑由此实用程序运行的作业的权限)可以注入额外的参数,将任意文件覆盖为 Remote Collector 上的根用户。
MITRE Corporation2021-09-18
CVE-2021-41317
XSS Hunter Express before 2021-09-17 does not properly enforce authentication requirements for paths.

2021-09-17之前的 XSS Hunter Express 不能正确执行路径的认证要求。
MITRE Corporation2021-09-18
CVE-2021-41326
In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call.

在2.4.148之前的 MISP 中,app/Lib/Export/OpendataExport.php 错误处理 shell _ exec 调用中使用的参数数据。
MITRE Corporation2021-09-18
CVE-2021-41380
RealVNC Viewer 6.21.406 allows remote VNC servers to cause a denial of service (application crash) via crafted RFB protocol data.

RealVNC Viewer 6.21.406允许远程 VNC 服务器通过精心制作的 RFB 协议数据导致应用分布式拒绝服务攻击崩溃。
MITRE Corporation2021-09-18
CVE-2021-41383
setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute arbitrary shell commands via shell metacharacters in the ntp_server field.

NETGEAR r60201.0.0.48设备上的 setup.cgi 允许管理员通过 ntp server 字段中的 shell 元字符执行任意的 shell 命令。
MITRE Corporation2021-09-18
CVE-2021-41387
seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root.

0.6.2之前在 seatd 0.6. x 发布的 seatd-launch 允许权限提升使用 execlp,并且可能安装 setuid root。
MITRE Corporation2021-09-18
CVE-2021-41390
In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection.

在18.0之前的 Ericsson ECM 中,有人观察到用户配置文件管理部分的安全提供者端点易受 CSV 注入的攻击。
MITRE Corporation2021-09-18
CVE-2021-41391
In Ericsson ECM before 18.0, it was observed that Security Management Endpoint in User Profile Management Section is vulnerable to stored XSS via a name, leading to session hijacking and full account takeover.

在18.0之前的爱立信 ECM 中,观察到用户配置文件管理部分的安全管理端点容易受到存储的 XSS 名称的攻击,导致会话劫持和完全的帐户接管。
MITRE Corporation2021-09-18
CVE-2021-41392
static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal Electron API.

静态/主要预载荷。0.22.0中的 js 允许远程命令执行。远程攻击者可能会向公开的易受攻击的 ipcRenderer IPC 接口发送一个精心编写的 IPC 消息,这个接口调用了危险的 openExternal Electron API。
MITRE Corporation2021-09-18
CVE-2020-14109
There is command injection in the meshd program in the routing system, resulting in command execution under administrator authority on Xiaomi router AX3600 with ROM version =< 1.1.12

在路由系统的 meshd 程序中有命令注入,导致命令在管理员的授权下在小米路由器 AX3600上执行,ROM 版本 = < 1.1.12
Xiaomi Technology Co Ltd2021-09-18
CVE-2020-14119
There is command injection in the addMeshNode interface of xqnetwork.lua, which leads to command execution under administrator authority on Xiaomi router AX3600 with rom versionrom< 1.1.12

在 xqnetwork.lua 的 addMeshNode 接口中有命令注入,这使得小米路由器 AX3600的命令在管理员的授权下执行,版本号为 < 1.1.12
Xiaomi Technology Co Ltd2021-09-18
CVE-2020-14124
There is a buffer overflow in librsa.so called by getwifipwdurl interface, resulting in code execution on Xiaomi router AX3600 with ROM version =rom< 1.1.12.

在小米路由器 AX3600中存在缓冲区溢出,这是 getwifipwdurl 接口所调用的,导致代码在 ROM 版本 < 1.1.12的小米路由器 AX3600上执行。
Xiaomi Technology Co Ltd2021-09-18
CVE-2020-14130
Some js interfaces in the Xiaomi community were exposed, causing sensitive functions to be maliciously called on Xiaomi community app Affected Version <3.0.210809

小米社区中的一些 js 界面被暴露,导致敏感功能被恶意调用到小米社区应用受影响版本 < 3.0.210809上
Xiaomi Technology Co Ltd2021-09-18
CVE-2020-21529
fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c.

图2dev 3.2.7 b 在 genepic.c 中的 bezier _ spline 函数中包含一个栈缓冲区溢出。
MITRE Corporation2021-09-18
CVE-2020-21530
fig2dev 3.2.7b contains a segmentation fault in the read_objects function in read.c.

图2dev 3.2.7 b 在 read.c 中的 read _ objects 函数中包含一个内存区段错误。
MITRE Corporation2021-09-18
CVE-2020-21531
fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c.

图2dev 3.2.7 b 在 gencgm.c 的 conv _ pattern _ index 函数中包含一个全局缓冲区溢出。
MITRE Corporation2021-09-18
CVE-2020-21532
fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c.

图2dev 3.2.7 b 在 genepic.c 的 setfigfont 函数中包含一个全局缓冲区溢出。
MITRE Corporation2021-09-18
CVE-2020-21533
fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject function in read.c.

图2dev 3.2.7 b 在 read.c 中的 read _ textobject 函数中包含一个栈缓冲区溢出。
MITRE Corporation2021-09-18
CVE-2020-21534
fig2dev 3.2.7b contains a global buffer overflow in the get_line function in read.c.

图2dev 3.2.7 b 在 read.c 的 get _ line 函数中包含一个全局缓冲区溢出。
MITRE Corporation2021-09-18
CVE-2020-21535
fig2dev 3.2.7b contains a segmentation fault in the gencgm_start function in gencgm.c.

图2dev 3.2.7 b 包含 gencgm.c 中 gencgm _ start 函数的内存区段错误。
MITRE Corporation2021-09-18
CVE-2020-21594
libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fallback function, which can be exploited via a crafted a file.

265 v1.0.4在 put epel hv fallback 函数中包含一个堆缓冲区溢出,可以通过一个精心设计的文件进行利用。
MITRE Corporation2021-09-18
CVE-2020-21595
libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function, which can be exploited via a crafted a file.

Libde265 v1.0.4在 mc _ luma 函数中包含一个堆缓冲区溢出,可以通过一个精心设计的文件来利用这个溢出。
MITRE Corporation2021-09-18
CVE-2020-21596
libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file.

265 v1.0.4包含 decode cabac 位函数中的全局缓冲区溢出,可以通过一个精心设计的文件进行利用。
MITRE Corporation2021-09-18
CVE-2020-21597
libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a crafted a file.

Libde265 v1.0.4在 mc _ chroma 函数中包含一个堆缓冲区溢出,可以通过一个精心设计的文件来利用这个溢出。
MITRE Corporation2021-09-18
CVE-2020-21598
libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file.

265 v1.0.4在 ff hevc put unweighted pred 8 sse 函数中包含堆缓冲区溢出,可以通过一个精心设计的文件进行利用。
MITRE Corporation2021-09-18
CVE-2020-21599
libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be exploited via a crafted a file.

265 v1.0.4在 de265 image: available zscan 函数中包含一个堆缓冲区溢出,可以通过一个精心设计的文件进行利用。
MITRE Corporation2021-09-18
CVE-2020-21600
libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pred_avg_16_fallback function, which can be exploited via a crafted a file.

265 v1.0.4在 put weighted pred avg 16 fallback 函数中包含一个堆缓冲区溢出,可以通过一个精心设计的文件来利用这个溢出。
MITRE Corporation2021-09-18
CVE-2020-21601
libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallback function, which can be exploited via a crafted a file.

265 v1.0.4在 put _ bpel _ fallback 函数中包含一个堆栈缓冲区溢出,可以通过一个精心设计的文件来利用这个溢出。
MITRE Corporation2021-09-18
CVE-2020-21602
libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can be exploited via a crafted a file.

265 v1.0.4在 put weighted bipred 16 fallback 函数中包含一个堆缓冲区溢出,可以通过一个精心设计的文件来利用这个溢出。
MITRE Corporation2021-09-18
CVE-2020-21603
libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be exploited via a crafted a file.

265 v1.0.4包含了 put qpel 0 fallback 16函数中的堆缓冲区溢出,可以通过一个精心设计的文件来利用这个溢出。
MITRE Corporation2021-09-18
CVE-2020-21604
libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl_epi64 function, which can be exploited via a crafted a file.

Libde265 v1.0.4在 mm _ loadl _ epi64函数中包含一个堆缓冲区溢出错误,可以通过一个精心设计的文件进行利用。
MITRE Corporation2021-09-18
CVE-2020-21605
libde265 v1.0.4 contains a segmentation fault in the apply_sao_internal function, which can be exploited via a crafted a file.

265 v1.0.4在 apply sao internal function 中包含一个内存区段错误,可以通过一个精心设计的文件加以利用。
MITRE Corporation2021-09-18
CVE-2020-21606
libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_16_fallback function, which can be exploited via a crafted a file.

Libde265 v1.0.4在 put epel 16 fallback 函数中包含一个堆缓冲区溢出错误,可以通过一个精心设计的文件来利用这个错误。
MITRE Corporation2021-09-18
CVE-2021-1939
Null pointer dereference occurs due to improper validation when the preemption feature enablement is toggled in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables

在 Snapdragon Auto,Snapdragon Compute,Snapdragon Connectivity,Snapdragon Consumer IOT,Snapdragon Industrial IOT,Snapdragon Wearables,当抢占功能启用时,由于验证不当,会发生空指针取消引用
Qualcomm, Inc.2021-09-18
CVE-2021-1947
Use-after-free vulnerability in kernel graphics driver because of storing an invalid pointer in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

在内核图形驱动程序中使用后免费漏洞,因为存储一个无效指针在 Snapdragon Compute,金鱼草连接,金鱼草工业物联网,金鱼草移动,金鱼草可穿戴,金鱼草有线基础设施和网络
Qualcomm, Inc.2021-09-18
CVE-2021-1976
A use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

免费后的使用可能由于 PD 请求框架中 P2P 设备地址验证不当而发生,包括 Snapdragon Auto,Snapdragon Compute,Snapdragon Connectivity,Snapdragon Consumer IOT,Snapdragon Industrial IOT,Snapdragon Voice & Music,Snapdragon Wearables,Snapdragon Wired Infrastructure and Networking
Qualcomm, Inc.2021-09-18
CVE-2021-20790
Improper control of program execution vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to execute an arbitrary command or code via unspecified vectors.

在 RevoWorks Browser 2.1.230及更早版本中,对程序执行漏洞的不当控制允许攻击者通过未指定的向量执行任意命令或代码。
JPCERT/CC2021-09-18
CVE-2021-20791
Improper access control vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to bypass access restriction and to exchange unauthorized files between the local environment and the isolated environment or settings of the web browser via unspecified vectors.

在 RevoWorks Browser 2.1.230及更早版本中,不正确的访问控制漏洞允许攻击者绕过访问限制,并通过未指定的向量在本地环境和独立环境或 web 浏览器设置之间交换未经授权的文件。
JPCERT/CC2021-09-18
CVE-2021-20825
Cross-site scripting vulnerability in List (order management) item change plug-in (for EC-CUBE 3.0 series) Ver.1.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors.

在 List (订单管理)项目更改插件(用于 EC-CUBE 3.0系列) Ver. 1.1和更早版本中的跨网站脚本漏洞允许远程攻击者通过未指定的向量注入任意的脚本。
JPCERT/CC2021-09-18
CVE-2021-20828
Cross-site scripting vulnerability in Order Status Batch Change Plug-in (for EC-CUBE 3.0 series) all versions allows a remote attacker to inject an arbitrary script via unspecified vectors.

所有版本都允许远程攻击者通过未指定的向量注入任意的脚本跨网站脚本。
JPCERT/CC2021-09-18
CVE-2021-27340
OpenSIS Community Edition version <= 7.6 is affected by a reflected XSS vulnerability in EmailCheck.php via the "opt" parameter.

OpenSIS Community Edition 版本 < = 7.6通过“ opt”参数受到 EmailCheck.php 中反映的 XSS 漏洞的影响。
MITRE Corporation2021-09-18
CVE-2021-27341
OpenSIS Community Edition version <= 7.6 is affected by a local file inclusion vulnerability in DownloadWindow.php via the "filename" parameter.

OpenSIS Community Edition 版本 < = 7.6通过“ filename”参数受到 DownloadWindow.php 中本地文件包含漏洞的影响。
MITRE Corporation2021-09-18
CVE-2021-29752
IBM Db2 11.2 and 11.5 contains an information disclosure vulnerability, exposing remote storage credentials to privileged users under specific conditions. IBM X-Fporce ID: 201780.

IBM db211.2和11.5包含一个信息披露漏洞,在特定条件下向特权用户公开远程存储凭据。201780.
IBM Corporation2021-09-18
CVE-2021-29763
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 under very specific conditions, could allow a local user to keep running a procedure that could cause the system to run out of memory.and cause a denial of service. IBM X-Force ID: 202267.

在非常特定的条件下,IBM Db2 for Linux,UNIX 和 Windows (包括 Db2 Connect Server)11.1和11.5可以允许本地用户继续运行一个过程,这个过程可能会导致系统耗尽内存并引发分布式拒绝服务攻击。202267.
IBM Corporation2021-09-18
CVE-2021-29825
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. IBM X-Force ID: 204470.

IBM Db2 for Linux、 UNIX 和 Windows (包括 Db2 Connect Server)在与 LOAD 或 BACKUP 一起使用 ADMIN _ cmd 时可能会泄露敏感信息。204470.
IBM Corporation2021-09-18
CVE-2021-29842
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202.

IBM WebSphere Application Server 7.0,8.0,8.5,9.0和 Liberty 17.0.0.3到21.0.0.9允许远程用户枚举用户名,因为有效和无效的登录尝试的响应不同。205202.
IBM Corporation2021-09-18
CVE-2021-30260
Possible Integer overflow to buffer overflow issue can occur due to improper validation of input parameters when extscan hostlist configuration command is received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

在 Snapdragon Auto,Snapdragon Compute,Snapdragon Connectivity,Snapdragon Consumer Electronics Connectivity,Snapdragon Consumer IOT,Snapdragon Industrial IOT,Snapdragon IOT,Snapdragon Mobile,Snapdragon Voice & Music,Snapdragon Wired Infrastructure and Networking 中接收到 extscan hostlist configuration 命令时,由于输入参数验证不当,可能会发生整数溢出到缓冲区溢出的问题
Qualcomm, Inc.2021-09-18
CVE-2021-30261
Possible integer and heap overflow due to lack of input command size validation while handling beacon template update command from HLOS in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

由于缺乏输入命令大小验证,可能会出现整数和堆溢出,而处理灯塔模板更新命令从 HLOS 在金鱼草汽车,金鱼草消费者物联网,金鱼草工业物联网,金鱼草物联网,金鱼草移动,金鱼草语音和音乐,Snapdragon Wearables
Qualcomm, Inc.2021-09-18
CVE-2021-34571
Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in Security mode 5 without an option to change the encryption key. An adversary can learn all information that is available in Enbra EWM.

Enbra 提供的多个无线 M-Bus 设备在安全模式5中使用硬编码凭证,而不需要更改加密密钥。敌手可以学习 Enbra EWM 中提供的所有信息。
CERT@VDE2021-09-18
CVE-2021-34572
Enbra EWM 1.7.29 does not check for or detect replay attacks sent by wireless M-Bus Security mode 5 devices. Instead timestamps of the sensor are replaced by the time of the readout even if the data is a replay of earlier data.

Enbra EWM 1.7.29不检查或检测由无线 M-Bus Security mode 5设备发送的重放攻击。相反,即使数据是早期数据的重播,传感器的时间戳也会被读出的时间所替换。
CERT@VDE2021-09-18
CVE-2021-34573
In Enbra EWM in Version 1.7.29 together with several tested wireless M-Bus Sensors the events backflow and "no flow" are not reconized or misinterpreted. This may lead to wrong values and missing events.

在版本1.7.29的 Enbra EWM 中,连同几个经过测试的无线 M-Bus 传感器,事件回流和“无流”没有被重新配置或误解。这可能导致错误的价值观和遗漏事件。
CERT@VDE2021-09-18
CVE-2021-34576
In Kaden PICOFLUX Air in all known versions an information exposure through observable discrepancy exists. This may give sensitive information (water consumption without distinct values) to third parties.

在 Kaden PICOFLUX Air 所有已知的版本中,都存在通过可观察到的差异而暴露的信息。这可能会将敏感信息(没有明确价值的用水量)提供给第三方。
CERT@VDE2021-09-18
CVE-2021-34798
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.

错误的请求可能会导致服务器取消引用 NULL 指针,这个问题会影响 Apache HTTP Server 2.4.48和更早的版本。
Apache Software Foundation2021-09-18
CVE-2021-36160
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).

一个精心设计的请求 uri-path 可能会导致 mod _ proxy _ uwsgi 读取超过分配的内存和崩溃(DoS)。这个问题影响 Apache HTTP Server 版本2.4.30至2.4.48(包括在内)。
Apache Software Foundation2021-09-18
CVE-2021-3803
nth-check is vulnerable to Inefficient Regular Expression Complexity

Nth-check 容易受到低效的正则表达式复杂度的影响
huntr.dev2021-09-18
CVE-2021-3804
taro is vulnerable to Inefficient Regular Expression Complexity

正则表达式复杂度低是 taro 的弱项
huntr.dev2021-09-18
CVE-2021-3805
object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

对象路径容易受到不当控制的修改对象原型属性(“原型污染”)
huntr.dev2021-09-18
CVE-2021-3807
ansi-regex is vulnerable to Inefficient Regular Expression Complexity

Ansi-regex 容易受到低效的正则表达式复杂性的影响
huntr.dev2021-09-18
CVE-2021-3810
code-server is vulnerable to Inefficient Regular Expression Complexity

代码服务器容易受到低效的正则表达式复杂度的影响
huntr.dev2021-09-18
CVE-2021-3811
adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

在网页生成过程中,adminlte 很容易受到不当中和输入的影响(“跨网站脚本”)
huntr.dev2021-09-18
CVE-2021-3812
adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

在网页生成过程中,adminlte 很容易受到不当中和输入的影响(“跨网站脚本”)
huntr.dev2021-09-18
CVE-2021-39208
SharpCompress is a fully managed C# library to deal with many compression types and formats. Versions prior to 0.29.0 are vulnerable to partial path traversal. SharpCompress recreates a hierarchy of directories under destinationDirectory if ExtractFullPath is set to true in options. In order to prevent extraction outside the destination directory the destinationFileName path is verified to begin with fullDestinationDirectoryPath. However, prior to version 0.29.0, it is not enforced that fullDestinationDirectoryPath ends with slash. If the destinationDirectory is not slash terminated like `/home/user/dir` it is possible to create a file with a name thats begins as the destination directory one level up from the directory, i.e. `/home/user/dir.sh`. Because of the file name and destination directory constraints the arbitrary file creation impact is limited and depends on the use case. This issue is fixed in SharpCompress version 0.29.0.

SharpCompress 是一个完全托管的 c # 库,用于处理许多压缩类型和格式。0.29.0之前的版本易受部分路径遍历的影响。如果 ExtractFullPath 在选项中设置为 true,则 SharpCompress 在 destinationDirectory 下重新创建目录的层次结构。为了防止在目标目录之外提取,将验证 destinationFileName 路径以 fullDestinationDirectoryPath 开始。但是,在0.29.0版本之前,不强制 fulldestationdirectorypath 以斜杠结尾。如果 destinationDirectory 没有像‘/home/user/dir’那样以斜杠结尾,那么可以创建一个名称作为目标目录的文件,即‘/home/user/dir.sh’。由于文件名和目标目录的约束,任意文件创建的影响是有限的,并取决于用例。这个问题在 SharpCompress version 0.29.0中得到了修复。
GitHub (maintainer security advisories)2021-09-18
CVE-2021-39214
mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.2 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of another request/response's HTTP message body. While a smuggled request is still captured as part of another request's body, it does not appear in the request list and does not go through the usual mitmproxy event hooks, where users may have implemented custom access control checks or input sanitization. Unless one uses mitmproxy to protect an HTTP/1 service, no action is required. The vulnerability has been fixed in mitmproxy 7.0.3 and above.

Mitmproxy 是一个交互式的、支持 SSL/tls 的拦截代理。在 mitmproxy 7.0.2及以下版本中,恶意客户端或服务器能够通过 mitmproxy 执行 HTTP 请求走私攻击。这意味着恶意客户机/服务器可以通过 mitmproxy 将请求/响应作为另一个请求/响应的 HTTP 消息体的一部分偷偷地传送出去。当一个被偷偷带入的请求仍然作为另一个请求的主体的一部分被捕获时,它不会出现在请求列表中,也不会通过通常的 mitmproxy 事件钩子,在那里用户可能已经实现了自定义的访问控制检查或输入清除。除非使用 mitmproxy 来保护 HTTP/1服务,否则不需要任何操作。该漏洞已在 mitmproxy 7.0.3及以上版本中修复。
GitHub (maintainer security advisories)2021-09-18
CVE-2021-39239
A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server.

Apache Jena 中 XML 处理中的一个漏洞(版本高达4.1.0)可能允许攻击者执行 XML 外部实体(XXE) ,包括将本地文件的内容暴露给远程服务器。
Apache Software Foundation2021-09-18
CVE-2021-39275
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.

当给出恶意输入时,ap _ escape _ quotes ()可能写在缓冲区的末尾以外。没有包含的模块向这些函数传递不受信任的数据,但是第三方/外部模块可以。这个问题影响到 Apache HTTP Server 2.4.48和更早的版本。
Apache Software Foundation2021-09-18
CVE-2021-40066
The access controls on the Mobility read-only API improperly validate user access permissions. Attackers with both network access to the API and valid credentials can read data from it; regardless of access control group membership settings. This vulnerability is fixed in Mobility v11.76 and Mobility v12.14.

移动只读 API 上的访问控制不正确地验证了用户访问权限。具有对 API 的网络访问权限和有效凭据的攻击者可以从 API 中读取数据; 与访问控制组成员设置无关。这个漏洞在 Mobility v11.76和 Mobility v12.14中被修复。
NetMotion Software2021-09-18
漏洞编号漏洞链接时间
CNVD-2021-58699Eclipse Jetty存在任意文件下载漏洞2021-09-19
CNVD-2021-58700锐捷NBR路由器存在命令执行漏洞(CNVD-2021-58700)2021-09-19
CNVD-2021-58643天镜脆弱性扫描与管理系统存在命令执行漏洞2021-09-19
CNVD-2021-58618天玥运维安全网关存在弱口令漏洞(CNVD-2021-58618)2021-09-19
CNVD-2021-58587和信下一代云桌面存在文件上传漏洞2021-09-19
CNVD-2021-58567深圳市腾讯计算机系统有限公司安全应急响应中心存在未授权访问漏洞2021-09-19
CNVD-2021-70132Microsoft HEVC Video Extensions远程代码执行漏洞(CNVD-2021-70132)2021-09-19
CNVD-2021-71938DjVuLibre拒绝服务漏洞2021-09-18
CNVD-2021-71874Avahi存在未明漏洞2021-09-18
CNVD-2021-71947Microsoft Windows和Windows Server拒绝服务漏洞(CNVD-2021-71947)2021-09-18
CNVD-2021-71948Microsoft Windows和Windows Server拒绝服务漏洞(CNVD-2021-71948)2021-09-18
CNVD-2021-71939Microsoft Windows和Windows Server信息泄露漏洞(CNVD-2021-71939)2021-09-18
CNVD-2021-71940Microsoft Windows和Windows Server信息泄露漏洞(CNVD-2021-71940)2021-09-18
CNVD-2021-71941Microsoft Windows和Windows Server信息泄露漏洞(CNVD-2021-71941)2021-09-18
CNVD-2021-71942Microsoft Windows和Windows Server信息泄露漏洞(CNVD-2021-71942)2021-09-18
CNVD-2021-71943Microsoft Windows和Windows Server信息泄露漏洞(CNVD-2021-71943)2021-09-18
CNVD-2021-71949Microsoft Windows和Windows Server拒绝服务漏洞(CNVD-2021-71949)2021-09-18
CNVD-2021-71950Microsoft Windows和Windows Server拒绝服务漏洞(CNVD-2021-71950)2021-09-18
CNVD-2021-71944Microsoft Windows和Windows Server信息泄露漏洞(CNVD-2021-71944)2021-09-18
CNVD-2021-71945Microsoft Windows和Windows Server信息泄露漏洞(CNVD-2021-71945)2021-09-18
CNVD-2021-71946Microsoft Windows和Windows Server信息泄露漏洞(CNVD-2021-71946)2021-09-18
CNVD-2021-71951Microsoft Windows和Windows Server拒绝服务漏洞(CNVD-2021-71951)2021-09-18
CNVD-2021-71952Microsoft Windows和Windows Server拒绝服务漏洞(CNVD-2021-71952)2021-09-18
CNVD-2021-71651Mozilla Rust内存破坏漏洞(CNVD-2021-71651)2021-09-18
CNVD-2021-71653Mozilla Rust内存破坏漏洞(CNVD-2021-71653)2021-09-18
CNVD-2021-71655Mozilla Rust内存破坏漏洞(CNVD-2021-71655)2021-09-18
CNVD-2021-71657Mozilla Rust内存破坏漏洞(CNVD-2021-71657)2021-09-18
CNVD-2021-71658Mozilla Rust内存破坏漏洞(CNVD-2021-71658)2021-09-18
CNVD-2021-71659Mozilla Rust内存破坏漏洞(CNVD-2021-71659)2021-09-18
CNVD-2021-71660Mozilla Rust内存破坏漏洞(CNVD-2021-71660)2021-09-18
CNVD-2021-71650Mozilla Rust内存破坏漏洞(CNVD-2021-71650)2021-09-18
CNVD-2021-71652Mozilla Rust内存破坏漏洞(CNVD-2021-71652)2021-09-18
CNVD-2021-57940华为SVN2230存在弱口令漏洞2021-09-17
CNVD-2021-57770免费小说大全软件存在命令执行漏洞2021-09-17
CNVD-2021-71438Siemens Teamcenter XML外部实体注入(XXE)漏洞2021-09-17
CNVD-2021-71439Siemens Teamcenter代码问题漏洞2021-09-17
CNVD-2021-71440Siemens Teamcenter访问控制错误漏洞2021-09-17
CNVD-2021-71441Siemens Industrial Edge Management授权绕过漏洞2021-09-17
CNVD-2021-71442Siemens Siveillance OIS操作系统命令注入漏洞2021-09-17
CNVD-2021-71443Siemens SIMATIC NET CP模块拒绝服务漏洞2021-09-17
CNVD-2021-71444Siemens SINEMA Server缺少身份验证漏洞2021-09-17
CNVD-2021-71445Siemens SIPROTEC 5 relays缓冲区溢出漏洞(CNVD-2021-71445)2021-09-17
CNVD-2021-71446Siemens SIPROTEC 5 relays缓冲区溢出漏洞2021-09-17
CNVD-2021-71447多款Siemens APOGEE MBC产品缓冲区溢出漏洞2021-09-17
CNVD-2021-71448多款Siemens SIMATIC产品敏感信息泄露漏洞2021-09-17
CNVD-2021-71449Siemens Simcenter Femap越界读取漏洞2021-09-17
CNVD-2021-71522IBM Planning Analytics信息泄露漏洞(CNVD-2021-71522)2021-09-17
CNVD-2021-71523IBM Planning Analytics信息泄露漏洞(CNVD-2021-71523)2021-09-17
CNVD-2021-71524IBM Planning Analytics跨站脚本漏洞(CNVD-2021-71524)2021-09-17
CNVD-2021-71454Edgegallery developer-be代码问题漏洞2021-09-17
CNVD-2021-71455DRK Odenwaldkreis Testerfassung跨站脚本漏洞2021-09-17
CNVD-2021-71525IBM Maximo Asset Management跨站脚本漏洞(CNVD-2021-71525)2021-09-17
CNVD-2021-71526IBM AIX权限许可和访问控制问题漏洞(CNVD-2021-71526)2021-09-17
CNVD-2021-71527IBM API Connect代码注入漏洞2021-09-17
CNVD-2021-71450ARM mbed TLS信任管理问题漏洞2021-09-17
CNVD-2021-71451ARM mbed TLS拒绝服务漏洞2021-09-17
CNVD-2021-71528IBM Tivoli Workload Scheduler缓冲区溢出漏洞2021-09-17
CNVD-2021-71456TryGhost express-hbs信息泄露漏洞2021-09-17
CNVD-2021-71457Tastylgniter跨站脚本漏洞2021-09-17
CNVD-2021-71529IBM AIX权限许可和访问控制问题漏洞2021-09-17
CNVD-2021-71530IBM WebSphere Application Server权限提升漏洞(CNVD-2021-71530)2021-09-17
CNVD-2021-71531IBM Sterling Connect点击劫持漏洞2021-09-17
CNVD-2021-71405Microsoft Windows和Windows Server远程代码执行漏洞(CNVD-2021-71405)2021-09-16
CNVD-2021-71406Microsoft Windows和Windows Server远程代码执行漏洞(CNVD-2021-71406)2021-09-16
CNVD-2021-71407Microsoft Windows和Windows Server远程代码执行漏洞(CNVD-2021-71407)2021-09-16
CNVD-2021-71408Microsoft Windows和Windows Server远程代码执行漏洞(CNVD-2021-71408)2021-09-16
CNVD-2021-71409Microsoft Windows和Windows Server远程代码执行漏洞(CNVD-2021-71409)2021-09-16
CNVD-2021-71410Microsoft Windows和Windows Server远程代码执行漏洞(CNVD-2021-71410)2021-09-16
CNVD-2021-71411Microsoft Windows和Windows Server远程代码执行漏洞(CNVD-2021-71411)2021-09-16
CNVD-2021-71412Microsoft Windows和Windows Server远程代码执行漏洞(CNVD-2021-71412)2021-09-16
CNVD-2021-71413Microsoft Windows和Windows Server远程代码执行漏洞(CNVD-2021-71413)2021-09-16
CNVD-2021-71414Microsoft Windows和Windows Server远程代码执行漏洞(CNVD-2021-71414)2021-09-16
CNVD-2021-71418Siemens RUGGEDCOM ROX存在未明漏洞2021-09-16
CNVD-2021-71419Siemens RUGGEDCOM ROX权限提升漏洞2021-09-16
CNVD-2021-71420Siemens RUGGEDCOM ROX信息泄露漏洞2021-09-16
CNVD-2021-71421Siemens SINEMA Remote Connect Server存在未明漏洞2021-09-16
CNVD-2021-71422Siemens SINEMA Remote Connect Server信息泄露漏洞(CNVD-2021-71422)2021-09-16
CNVD-2021-71423Siemens SINEMA Remote Connect Server交互频率控制不当漏洞2021-09-16
CNVD-2021-71424Siemens SINEMA Remote Connect Server信息泄露漏洞2021-09-16
CNVD-2021-71425Siemens SINEMA Remote Connect Server访问控制错误漏洞(CNVD-2021-71425)2021-09-16
CNVD-2021-71426Siemens SINEMA Remote Connect Server访问控制错误漏洞2021-09-16
CNVD-2021-71427Siemens Desigo CC系列CCOM Communication组件反序列化漏洞2021-09-16
CNVD-2021-71428Siemens SIPROTEC 5输入验证不当漏洞2021-09-16
CNVD-2021-71429Siemens SINEC NMS跨站请求伪造漏洞2021-09-16
CNVD-2021-71430Siemens SINEC NMS路径遍历漏洞2021-09-16
CNVD-2021-71431Siemens LOGO! CMR family和SIMATIC RTU 3000 family安全特征问题漏洞2021-09-16
CNVD-2021-71432Siemens IFC adapter in NX越界读取漏洞2021-09-16
CNVD-2021-71433Siemens IFC adapter in NX释放后使用漏洞2021-09-16
CNVD-2021-71434Siemens Teamcenter Active Workspace路径遍历漏洞2021-09-16
CNVD-2021-71435Siemens STAR-CCM+ Viewer越界写入漏洞2021-09-16
CNVD-2021-57348施乐Phaser 4622打印机存在栈溢出漏洞2021-09-16
CNVD-2021-57222jeewms存在SQL注入漏洞(CNVD-2021-57222)2021-09-16
CNVD-2021-57223jeewms存在XML实体注入漏洞2021-09-16
CNVD-2021-71255IBM Financial Transaction Manager跨站脚本漏洞(CNVD-2021-71255)2021-09-16
CNVD-2021-71256parlai代码问题漏洞2021-09-16
CNVD-2021-71257ArubaOS路径遍历漏洞(CNVD-2021-71257)2021-09-16
CNVD-2021-71258Aruba Networks ArubaOS操作系统命令注入漏洞(CNVD-2021-71258)2021-09-16
CNVD-2021-71259Aruba Operating System路径遍历漏洞2021-09-16
CNVD-2021-71260Aruba Networks ArubaOS命令注入漏洞(CNVD-2021-71260)2021-09-16
CNVD-2021-71261Aruba Networks ArubaOS操作系统命令注入漏洞(CNVD-2021-71261)2021-09-16