CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-23041

Linux PV device frontends vulnerable to attacks by backends T Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：68 | 回复：0
CVE-2022-23042

Linux PV device frontends vulnerable to attacks by backends T Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：82 | 回复：0
CVE-2021-41233

Nextcloud text is a collaborative document editing using Markdown built for the nextcloud server. Due to an issue with the Nextcloud Text application, which is by default shipped with Nextcloud Server ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：95 | 回复：0
CVE-2021-44585

A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：99 | 回复：0
CVE-2021-44597

An Access Control vunerabiity exists in Gerapy v 0.9.7 via the spider parameter in project_configure function.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：83 | 回复：0
CVE-2022-24726

Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：73 | 回复：0
CVE-2022-24750

UltraVNC is a free and open source remote pc access software. A vulnerability has been found in versions prior to 1.3.8.0 in which the DSM plugin module, which allows a local authenticated user to ach ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：65 | 回复：0
CVE-2022-0280

A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary fi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：61 | 回复：0
CVE-2022-0815

Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：56 | 回复：0
CVE-2022-0820

Cross-site Scripting (XSS) - Stored in GitHub repository orchardcms/orchardcore prior to 1.3.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：63 | 回复：0
CVE-2022-0821

Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：58 | 回复：0
CVE-2022-25506

FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：55 | 回复：0
CVE-2022-25507

FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Callsign parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：55 | 回复：0
CVE-2022-25508

An access control issue in the component /ManageRoute/postRoute of FreeTAKServer v1.9.8 allows unauthenticated attackers to cause a Denial of Service (DoS) via an unusually large amount of created rou ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：63 | 回复：0
CVE-2022-25510

FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：60 | 回复：0
CVE-2022-25511

An issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows attackers to place arbitrary files anywhere on the system.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：57 | 回复：0
CVE-2022-25512

FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：73 | 回复：0
CVE-2022-0822

Cross-site Scripting (XSS) - Reflected in GitHub repository orchardcms/orchardcore prior to 1.3.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：71 | 回复：0
CVE-2020-36518

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：68 | 回复：0
CVE-2022-0420

The RegistrationMagic WordPress plugin before 5.0.2.2 does not sanitise and escape the rm_form_id parameter before using it in a SQL statement in the Automation admin dashboard, allowing high privileg ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：432 | 回复：0
CVE-2022-0422

The White Label CMS WordPress plugin before 2.2.9 does not sanitise and validate the wlcms parameter before outputting it back in the response while previewing, leading to a Reflected Cross-Site Scrip ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：258 | 回复：0
CVE-2022-0426

The Product Feed PRO for WooCommerce WordPress plugin before 11.2.3 does not escape the rowCount parameter before outputting it back in an attribute via the woosea_categories_dropdown AJAX action (ava ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：116 | 回复：0
CVE-2022-0429

The WP Cerber Security, Anti-spam Malware Scan WordPress plugin before 8.9.6 does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：105 | 回复：0
CVE-2022-0434

The Page View Count WordPress plugin before 2.4.15 does not sanitise and escape the post_ids parameter before using it in a SQL statement via a REST endpoint, available to both unauthenticated and aut ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：103 | 回复：0
CVE-2022-0439

The Email Subscribers Newsletters WordPress plugin before 5.3.2 does not correctly escape the `order` and `orderby` parameters to the `ajax_fetch_report_list` action, making it vulnerable to blind SQ ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：74 | 回复：0
CVE-2022-0440

The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：62 | 回复：0
CVE-2022-0441

The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：60 | 回复：0
CVE-2022-0442

The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrit ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：51 | 回复：0
CVE-2022-0445

The WordPress Real Cookie Banner: GDPR (DSGVO) ePrivacy Cookie Consent WordPress plugin before 2.14.2 does not have CSRF checks in place when resetting its settings, allowing attackers to make a logg ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：54 | 回复：0
CVE-2022-0448

The CP Blocks WordPress plugin before 1.0.15 does not sanitise and escape its License ID settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilter ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：58 | 回复：0
CVE-2022-0533

The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS) vulnerability.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：71 | 回复：0
CVE-2022-0535

The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_htm ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：131 | 回复：0
CVE-2021-4198

A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：96 | 回复：0
CVE-2021-4199

Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Secu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：100 | 回复：0
CVE-2022-0754

SQL Injection in GitHub repository salesagility/suitecrm prior to 7.12.5.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：172 | 回复：0
CVE-2022-0755

Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.12.5.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：119 | 回复：0
CVE-2022-0756

Improper Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：95 | 回复：0
CVE-2021-38988

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212950.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：78 | 回复：0
CVE-2021-38989

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212951.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：89 | 回复：0
CVE-2022-22351

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged trusted host user to exploit a vulnerability in the nimsh daemon to cause a denial of service in the nimsh daemon on another trusted ho ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：80 | 回复：0