CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-22427

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：140 | 回复：0
CVE-2022-22441

IBM InfoSphere Information Server 11.7 could allow an authenticated user to view information of higher privileged users and groups due to a privilege escalation vulnerability. IBM X-Force ID: 224426.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：150 | 回复：0
CVE-2022-22443

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：179 | 回复：0
CVE-2022-27860

Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) in Shea Bunge's Footer Text plugin = 2.0.3 on WordPress.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：168 | 回复：0
CVE-2022-28892

Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：202 | 回复：0
CVE-2022-29415

Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in Mati Skiba @ Rav Messer's Ravpage plugin = 2.16 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：145 | 回复：0
CVE-2022-29584

Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading Style Sheets (CSS) class for embedly is used, and JavaScript code is constructed to perform an action ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：189 | 回复：0
CVE-2022-29410

Authenticated SQL Injection (SQLi) vulnerability in Mufeng's Hermit ????? plugin = 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via (ids).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：124 | 回复：0
CVE-2022-29411

SQL Injection (SQLi) vulnerability in Mufeng's Hermit ????? plugin = 3.1.6 on WordPress allows attackers to execute SQLi attack via (id).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：130 | 回复：0
CVE-2022-0879

The Caldera Forms WordPress plugin before 1.9.7 does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：10 | 回复：0
CVE-2022-1037

The EXMAGE WordPress plugin before 1.0.7 does to ensure that images added via URLs are external images, which could lead to a blind SSRF issue by using local URLs……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：20 | 回复：0
CVE-2022-1054

The RSVP and Event Management Plugin WordPress plugin before 2.7.8 does not have any authorisation checks when exporting its entries, and has the export function hooked to the init action. As a result ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：21 | 回复：0
CVE-2022-1063

The Thank Me Later WordPress plugin through 3.3.4 does not sanitise and escape the Message Subject field before outputting it in the Messages list, which could allow high privileges users such as admi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：19 | 回复：0
CVE-2022-1088

The Page Security Membership WordPress plugin through 1.5.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scrip ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：18 | 回复：0
CVE-2022-1090

The Good Bad Comments WordPress plugin through 1.0.0 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks eve ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：22 | 回复：0
CVE-2022-1091

The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 can be bypassed by spoofing the content-type in the POST request to upload a file. Exploiting this vulnerability, an attacker will ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：25 | 回复：0
CVE-2022-1112

The Autolinks WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, and does not sanitise as well as escape them, which could allow attackers to perform Stored C ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：36 | 回复：0
CVE-2022-24859

PyPDF2 is an open source python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In versions prior to 1.27.5 an attacker who uses this vulnerability can cr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：62 | 回复：0
CVE-2022-24863

http-swagger is an open source wrapper to automatically generate RESTful API documentation with Swagger 2.0. In versions of http-swagger prior to 1.2.6 an attacker may perform a denial of service atta ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：50 | 回复：0
CVE-2022-29457

Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：50 | 回复：0
CVE-2022-29458

ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：52 | 回复：0
CVE-2022-24841

fleetdm/fleet is an open source device management, built on osquery. All versions of fleet making use of the teams feature are affected by this authorization bypass issue. Fleet instances without team ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：33 | 回复：0
CVE-2022-29464

Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：54 | 回复：0
CVE-2022-28108

Selenium Server (Grid) before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：25 | 回复：0
CVE-2022-1065

A vulnerability within the authentication process of Abacus ERP allows a remote attacker to bypass the second authentication factor. This issue affects: Abacus ERP v2022 versions prior to R1 of 2022-0 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：27 | 回复：0
CVE-2022-0645

Open redirect vulnerability via endpoint authorize_and_redirect/?redirect= in GitHub repository posthog/posthog prior to 1.34.1.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：23 | 回复：0
CVE-2021-41570

Veritas NetBackup OpsCenter Analytics 9.1 allows XSS via the NetBackup Master Server Name, Display Name, NetBackup User Name, or NetBackup Password field during a Settings/Configuration Add operation.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：23 | 回复：0
CVE-2021-43129

A bypass exists for Desire2Learn/D2L Brightspace’s “Disable Right Click” option in the quizzing feature, which allows a quiz-taker to access print and copy functionality via the browser’s right cl ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：21 | 回复：0
CVE-2022-26593

Cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：27 | 回复：0
CVE-2022-26595

Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 13, and 7.3 fix pack 2 does not properly check user permission when accessing a list of sites/groups, which allows remote authentic ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：24 | 回复：0
CVE-2022-27927

A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：23 | 回复：0
CVE-2022-29315

Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page, if the Export CSV feature is used.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：28 | 回复：0
CVE-2021-44519

In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Directory Traversal vulnerability, leading to remote code execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：31 | 回复：0
CVE-2022-29153

HashiCorp Consul and Consul Enterprise through 2022-04-12 allow SSRF.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：45 | 回复：0
CVE-2021-39033

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：56 | 回复：0
CVE-2021-39072

IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulner ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：52 | 回复：0
CVE-2021-39076

IBM Security Guardium 10.5 and 11.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 215585.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：48 | 回复：0
CVE-2021-39078

IBM Security Guardium 10.5 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215589.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：63 | 回复：0
CVE-2022-25648

The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：135 | 回复：0
CVE-2022-27055

** DISPUTED ** ecjia-daojia 1.38.1-20210202629 is vulnerable to information leakage via content/apps/installer/classes/Helper.php. When the web program is installed, a new environment file is created, ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：158 | 回复：0