CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-26572

Xerox ColorQube 8580 was discovered to contain an access control issue which allows attackers to print, view the status, and obtain sensitive information.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：53 | 回复：0
CVE-2021-32977

AVEVA System Platform versions 2017 through 2020 R2 P01 does not verify, or incorrectly verifies, the cryptographic signature for data.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：59 | 回复：0
CVE-2021-32978

The programming protocol allows for a previously entered password and lock state to be read by an attacker. If the previously entered password was successful, the attacker can then use the password to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：47 | 回复：0
CVE-2021-32980

Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an exist ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：43 | 回复：0
CVE-2021-32981

AVEVA System Platform versions 2017 through 2020 R2 P01 uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent dire ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：45 | 回复：0
CVE-2021-32982

Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 passwords are sent as plaintext during unlocking and project transfers. An attacker who has network visibility can obse ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：68 | 回复：0
CVE-2021-32984

All programming connections receive the same unlocked privileges, which can result in a privilege escalation. During the time Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：117 | 回复：0
CVE-2021-32985

AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source of data or communication is valid.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：74 | 回复：0
CVE-2021-32986

After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupte ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：56 | 回复：0
CVE-2021-32994

Softing OPC UA C++ SDK (Software Development Kit) versions from 5.59 to 5.64 exported library functions don't properly validate received extension objects, which may allow an attacker to crash the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：44 | 回复：0
CVE-2021-33008

AVEVA System Platform versions 2017 through 2020 R2 P01 does not perform any authentication for functionality that requires a provable user identity.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：42 | 回复：0
CVE-2021-33010

An exception is thrown from a function in AVEVA System Platform versions 2017 through 2020 R2 P01, but it is not caught, which may cause a denial-of-service condition.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：36 | 回复：0
CVE-2021-36826

Authenticated (subscriber or higher user role if allowed to access projects) Stored Cross-Site Scripting (XSS) vulnerability in weDevs WP Project Manager (WordPress plugin) versions = 2.4.13.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：47 | 回复：0
CVE-2021-36851

Authenticated (editor or higher user role) Cross-Site Scripting (XSS) vulnerability in Web-Settler Testimonial Slider – Free Testimonials Slider Plugin (WordPress plugin) via parameters mpsp_posts_bg ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：32 | 回复：0
CVE-2022-0740

Incorrect authorization in the Asana integration's branch restriction feature in all versions of GitLab CE/EE starting from version 7.8.0 before 14.7.7, all versions starting from 14.8 before 14.8 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：29 | 回复：0
CVE-2022-1099

Adding a very large number of tags to a runner in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to impact the performance of Gi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：25 | 回复：0
CVE-2022-1100

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 13.1 prior to 14.7.7, 14.8.0 prior to 14.8.5, and 14.9.0 prior to 14.9.2. The api to update an asset as a link ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：24 | 回复：0
CVE-2022-1105

An improper access control vulnerability in GitLab CE/EE affecting all versions from 13.11 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an unauthorized user to access pipelin ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：24 | 回复：0
CVE-2022-1111

A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects to show an inco ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：22 | 回复：0
CVE-2022-1120

Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include directive fai ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：23 | 回复：0
CVE-2022-1121

A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to cause unlimited resource cons ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：24 | 回复：0
CVE-2022-1148

Improper authorization in GitLab Pages included with GitLab CE/EE affecting all versions from 11.5 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to steal a user&# ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：22 | 回复：0
CVE-2022-1162

A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：24 | 回复：0
CVE-2022-1174

A potential DoS vulnerability was discovered in Gitlab CE/EE versions 13.7 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attack ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：25 | 回复：0
CVE-2022-1175

Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to e ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：28 | 回复：0
CVE-2022-1185

A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to crash the GitLab web application with a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：34 | 回复：0
CVE-2022-1188

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 where ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：34 | 回复：0
CVE-2022-1189

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.2 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 that ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：54 | 回复：0
CVE-2022-1190

Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS by abusing multi-word milestone ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：154 | 回复：0
CVE-2022-1233

URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：75 | 回复：0
CVE-2022-23697

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：110 | 回复：0
CVE-2022-23698

A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：61 | 回复：0
CVE-2022-23699

A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：109 | 回复：0
CVE-2022-23700

A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：79 | 回复：0
CVE-2022-25613

Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in FV Flowplayer Video Player (WordPress plugin) versions = 7.5.18.727 via fv_wp_flowplayer_field_splash parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：79 | 回复：0
CVE-2022-25618

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpDataTables (WordPress plugin) versions = 2.1.27……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：81 | 回复：0
CVE-2022-27608

Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows is vulnerable to registry key tampering by users with Administrator privileges. This could result in a user disabling anti ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：115 | 回复：0
CVE-2022-27609

Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows does not provide sufficient anti-tampering protection of services by users with Administrator privileges. This could resul ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：315 | 回复：0
CVE-2022-27649

A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly w ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：220 | 回复：0
CVE-2022-27650

A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：98 | 回复：0