CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-45792

Slims9 Bulian 9.4.2 is affected by Cross Site Scripting (XSS) in /admin/modules/system/custom_field.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：154 | 回复：0
CVE-2022-1000

Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：102 | 回复：0
CVE-2018-25031

Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：78 | 回复：0
CVE-2021-46708

The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：62 | 回复：0
CVE-2022-26874

lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：69 | 回复：0
CVE-2022-26878

drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket buffers have memory allocated but not freed).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：75 | 回复：0
CVE-2022-21177

There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：74 | 回复：0
CVE-2022-21194

The following Yokogawa Electric products do not change the passwords of the internal Windows accounts from the initial configuration: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：84 | 回复：0
CVE-2022-21808

Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：143 | 回复：0
CVE-2022-22141

'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：166 | 回复：0
CVE-2022-22145

CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource consumption. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：143 | 回复：0
CVE-2022-22148

'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTU ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：131 | 回复：0
CVE-2022-22151

CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：109 | 回复：0
CVE-2022-22729

CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 ver ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：105 | 回复：0
CVE-2022-23401

The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：111 | 回复：0
CVE-2022-23402

The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：109 | 回复：0
CVE-2022-0912

Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：111 | 回复：0
CVE-2022-0913

Integer Overflow or Wraparound in GitHub repository microweber/microweber prior to 1.3.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：123 | 回复：0
CVE-2022-0870

Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：139 | 回复：0
CVE-2022-0928

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.12.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：213 | 回复：0
CVE-2022-0871

Improper Authorization in GitHub repository gogs/gogs prior to 0.12.5.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：252 | 回复：0
CVE-2022-0860

Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：136 | 回复：0
CVE-2022-21819

NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unprivileged attacker with physical access to the board direct read/write access to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：149 | 回复：0
CVE-2022-0932

Improper Authorization in GitHub repository saleor/saleor prior to 3.1.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：125 | 回复：0
CVE-2021-44618

A Server-side Template Injection (SSTI) vulnerability exists in Nystudio107 Seomatic 3.4.12 in src/helpers/UrlHelper.php via the host header.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：114 | 回复：0
CVE-2021-44620

A Command Injection vulnerability exits in TOTOLINK A3100R =V4.1.2cu.5050_B20200504 in adm/ntm.asp via the hosTime parameters.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：110 | 回复：0
CVE-2022-24433

The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetch(remote, branch, handlerFn) function, both the remote and branch parameters are p ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：106 | 回复：0
CVE-2021-23246

In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information disclosure.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：100 | 回复：0
CVE-2021-26341

Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：97 | 回复：0
CVE-2021-26401

LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：92 | 回复：0
CVE-2021-27414

An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：92 | 回复：0
CVE-2021-27416

An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containin ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：84 | 回复：0
CVE-2021-32009

Cross-site Scripting (XSS) vulnerability in firmware section of Secomea GateManager allows logged in user to inject javascript in browser session. This issue affects: Secomea GateManager Version 9.6.6 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：88 | 回复：0
CVE-2021-32472

Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6 and 3.8 to 3.8.8 are affected.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：81 | 回复：0
CVE-2021-32473

It was possible for a student to view their quiz grade before it had been released, using a quiz web service. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported v ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：81 | 回复：0
CVE-2021-32474

An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. M ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：83 | 回复：0
CVE-2021-32475

ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported ve ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：82 | 回复：0
CVE-2021-32476

A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：71 | 回复：0
CVE-2021-32477

The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability (site administrators by default). Moodle versions 3.10 t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：76 | 回复：0
CVE-2021-32478

The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier un ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：83 | 回复：0