CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-29042

Jenkins Job Generator Plugin 1.22 and earlier does not escape the name and description of Generator Parameter and Generator Choice parameters on Job Generator jobs' Build With Parameters views, re ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：20 | 回复：0
CVE-2022-29043

Jenkins Mask Passwords Plugin 3.0 and earlier does not escape the name and description of Non-Stored Password parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：20 | 回复：0
CVE-2022-29044

Jenkins Node and Label parameter Plugin 1.10.3 and earlier does not escape the name and description of Node and Label parameters on views displaying parameters, resulting in a stored cross-site script ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：19 | 回复：0
CVE-2022-29045

Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not escape the name and description of Promoted Build parameters on views displaying parameters, resulting in a store ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：17 | 回复：0
CVE-2022-29046

Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：21 | 回复：0
CVE-2022-29047

Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a_4eb_b_e039 and earlier, except 2.21.3, allows attackers able to submit pull requests (or equivalent), but not able to commit directly to the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：25 | 回复：0
CVE-2022-29048

A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：38 | 回复：0
CVE-2022-29049

Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not validate the names of promotions defined in Job DSL, allowing attackers with Job/Configure permission to create a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：27 | 回复：0
CVE-2022-29050

A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over FTP Plugin 1.16 and earlier allows attackers to connect to an FTP server using attacker-specified credentials.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：31 | 回复：0
CVE-2022-29051

Missing permission checks in Jenkins Publish Over FTP Plugin 1.16 and earlier allow attackers with Overall/Read permission to connect to an FTP server using attacker-specified credentials.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：46 | 回复：0
CVE-2022-29052

Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private keys unencrypted in cloud agent config.xml files on the Jenkins controller where they can be viewed by users with Extended Read pe ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：50 | 回复：0
CVE-2022-0436

Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：44 | 回复：0
CVE-2022-1330

stored xss due to unsantized anchor url in GitHub repository alvarotrigo/fullpage.js prior to 4.0.4. stored xss .……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：69 | 回复：0
CVE-2021-44520

In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：42 | 回复：0
CVE-2022-26151

Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：47 | 回复：0
CVE-2022-26589

A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to delete arbitrary pages.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：48 | 回复：0
CVE-2022-22279

** UNSUPPORTED WHEN ASSIGNED ** A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (S ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：61 | 回复：0
CVE-2022-29156

drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：52 | 回复：0
CVE-2022-1339

SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：56 | 回复：0
CVE-2022-27475

Cross site scripting (XSS) vulnerability in tramyardg hotel-mgmt-system, allows attackers to execute arbitrary code when when /admin.php is loaded.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：63 | 回复：0
CVE-2020-29653

Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET parameter. The value of this parameter is reflected in the login webpage, allowing the injection of arb ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：115 | 回复：0
CVE-2021-43742

CMSimple 5.4 is vulnerable to Cross Site Scripting (XSS) via the file upload feature.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：279 | 回复：0
CVE-2022-24308

Automox Agent prior to version 37 on Windows and Linux and Version 36 on OSX could allow for a non privileged user to obtain sensitive information during the install process.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：150 | 回复：0
CVE-2021-43741

CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes the file name to malicious file on config.php leading to remote code execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：87 | 回复：0
CVE-2022-26144

An XSS issue was discovered in MantisBT before 2.25.3. Improper escaping of a Plugin name allows execution of arbitrary code (if CSP allows it) in manage_plugin_page.php and manage_plugin_uninstall.ph ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：73 | 回复：0
CVE-2022-26643

An issue in EasyIO CPT Graphics v0.8 allows attackers to discover valid users in the application.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：61 | 回复：0
CVE-2022-27256

A PHP Local File inclusion vulnerability in the Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：71 | 回复：0
CVE-2021-46167

An access control issue in the authentication module of wizplat PD065 v1.19 allows attackers to access sensitive data and cause a Denial of Service (DoS).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：67 | 回复：0
CVE-2022-28052

Directory Traversal vulnerability in file cn/roothub/store/FileSystemStorageService in function store in Roothub 2.6.0 allows remote attackers with low privlege to arbitrarily upload files via /common ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：65 | 回复：0
CVE-2015-20107

In Python (aka CPython) through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into ap ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：47 | 回复：0
CVE-2019-6834

A CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker to execute arbitrary code on the targeted system with SYSTEM privileges when placing a malicious user to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：45 | 回复：0
CVE-2021-22794

A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution. Affected Product: StruxureWare Data Center ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：72 | 回复：0
CVE-2021-22795

A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when performed over the network. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：44 | 回复：0
CVE-2021-22797

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may re ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：43 | 回复：0
CVE-2021-42136

A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows remote attackers to execute JavaScript code in the client's browser by stor ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：49 | 回复：0
CVE-2022-0221

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could result in information disclosure when opening a malicious solution file provided by an attacker with SC ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：45 | 回复：0
CVE-2022-1246

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-1280. Reason: This candidate is a reservation duplicate of CVE-2022-1280. Notes: All CVE users should reference CVE-2022-1280 instea ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：41 | 回复：0
CVE-2022-1280

A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：43 | 回复：0
CVE-2022-1332

One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions an ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：45 | 回复：0
CVE-2022-1333

Mattermost Playbooks plugin v1.24.0 and earlier fails to properly check the limit on the number of webhooks, which allows authenticated and authorized users to create a specifically drafted Playbook w ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：39 | 回复：0