CVE-2022-21660 The vue based admin system allows low privilege users to modify higher privilege users. Authentication is missing on the setUserInfo function.

This problem was fixed in version 2.4.7. If you are running an older version, update as soon as possible.

Vulnerability description

A potential denial-of-service condition was identified in the way Apache httpd handled overly long passwords. It did not properly handle requests to remove characters from a password. In some cases, this may have allowed remote authenticated users to crash the server or execute arbitrary code as the user running httpd by causing a buffer overflow.

Hostname can't be resolved

This problem was fixed in version 2.4.7. If you are running an older version, update as soon as possible.
The Hostname cannot be resolved error is reported by the DNS server when it encounters a name that can't be resolved. This issue may occur when the client's computer hostname is registered with a name that cannot be found in its list of configured nameservers.

Operation of the vulnerability

A vulnerability was discovered in the Docker Runtime for Mac software for macOS and Linux. A malicious container could be used to write a file outside of the container's root directory.

Timeline

Published on: 02/09/2022 20:15:00 UTC
Last modified on: 02/15/2022 13:10:00 UTC

References