CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-44166

An improper access control vulnerability in FortiToken Mobile (Android) external push notification 5.1.0 and below may allow a remote attacker having already obtained a user's password to access ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：105 | 回复：0
CVE-2022-22301

An improper neutralization of special elements used in an OS Command vulnerability in FortiAP-C console 5.4.0 through 5.4.3, 5.2.0 through 5.2.1 may allow an authenticated attacker to execute unautho ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：106 | 回复：0
CVE-2022-22303

An exposure of sensitive system information to an unauthorized control sphere vulnerability in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9 may allow a low privileged authenticated user to g ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：90 | 回复：0
CVE-2022-0824

Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：114 | 回复：0
CVE-2022-0829

Improper Authorization in GitHub repository webmin/webmin prior to 1.990.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：82 | 回复：0
CVE-2022-23395

jQuery Cookie 1.4.1 is affected by prototype pollution, which can lead to DOM cross-site scripting (XSS).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：135 | 回复：0
CVE-2022-23779

Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：87 | 回复：0
CVE-2022-24305

Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：226 | 回复：0
CVE-2022-24306

Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：88 | 回复：0
CVE-2022-24447

An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. A service exposed by the application allows a user, with the level Operator, to access stored SSL certificates and associated ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：92 | 回复：0
CVE-2022-25634

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：104 | 回复：0
CVE-2022-0819

Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：108 | 回复：0
CVE-2021-38996

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213076.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：180 | 回复：0
CVE-2021-43070

Multiple relative path traversal vulnerabilities in FortiWLM management interface 8.6.2 and below, 8.5.2 and below, 8.4.2 and below, 8.3.3 and below, 8.2.2 may allow an authenticated attacker to retr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：257 | 回复：0
CVE-2022-22350

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service. IBM X-Force ID: 220394.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：475 | 回复：0
CVE-2022-25016

Home Owners Collection Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /student_attendance/index.php. This vulnerability allows attackers to e ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：249 | 回复：0
CVE-2021-38268

The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.6, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 2 incorrectly set ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：206 | 回复：0
CVE-2022-23878

seacms V11.5 is affected by an arbitrary code execution vulnerability in admin_config.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：163 | 回复：0
CVE-2022-23640

Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Prior to xlsx-streamer 2.1.0, the XML parser that was used did apply all the necessary settings to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：162 | 回复：0
CVE-2022-0675

In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. This could allow for unmanaged rules to exist ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：107 | 回复：0
CVE-2022-22944

VMware Workspace ONE Boxer contains a stored cross-site scripting (XSS) vulnerability. Due to insufficient sanitization and validation, in VMware Workspace ONE Boxer calendar event descriptions, a mal ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：136 | 回复：0
CVE-2022-23656

Zulip is an open source team chat app. The `main` development branch of Zulip Server from June 2021 and later is vulnerable to a cross-site scripting vulnerability on the recent topics page. An attack ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：104 | 回复：0
CVE-2022-23953

Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：102 | 回复：0
CVE-2022-25045

Home Owners Collection Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：110 | 回复：0
CVE-2021-41000

Multiple authenticated remote code execution vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, A ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：149 | 回复：0
CVE-2021-41002

Multiple authenticated remote path traversal vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, A ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：141 | 回复：0
CVE-2022-29585

In Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0, a site using Isolated Institutions is vulnerable if more than ten groups are used. They are all shown from page 2 of the group results list (ra ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：137 | 回复：0
CVE-2022-29412

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Hermit ????? plugin = 3.1.6 on WordPress allow attackers to delete cache, delete a source, create source.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：148 | 回复：0
CVE-2022-29413

Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng's Hermit ????? plugin = 3.1.6 on WordPress via title parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：172 | 回复：0
CVE-2022-24898

org.xwiki.commons:xwiki-commons-xml is a common module used by other XWiki top level projects. Starting in version 2.7 and prior to versions 12.10.10, 13.4.4, and 13.8-rc-1, it is possible for a scrip ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：201 | 回复：0
CVE-2022-28060

SQL Injection vulnerability in Victor CMS v1.0, via the user_name parameter to /includes/login.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：179 | 回复：0
CVE-2022-28454

Limbas 4.3.36.1319 is vulnerable to Cross Site Scripting (XSS).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：144 | 回复：0
CVE-2022-28477

WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：160 | 回复：0
CVE-2022-29081

Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：155 | 回复：0
CVE-2022-29555

The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：190 | 回复：0
CVE-2022-29556

The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant acti ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：271 | 回复：0
CVE-2022-24449

Solar appScreener through 3.10.4, when a valid license is not present, allows XXE and SSRF attacks via a crafted XML document.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：181 | 回复：0
CVE-2022-29903

The Private Domains extension for MediaWiki through 1.37.2 (before 1ad65d4c1c199b375ea80988d99ab51ae068f766) allows CSRF for editing pages that store the extension's configuration. The attacker mu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：166 | 回复：0
CVE-2022-29904

The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain '-' and '_' constraints. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：174 | 回复：0
CVE-2022-29905

The FanBoxes extension for MediaWiki through 1.37.2 (before 027ffb0b9d6fe0d823810cf03f5b562a212162d4) allows Special:UserBoxes CSRF.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：187 | 回复：0