CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-26361

IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, RMRR) for Intel V ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：24 | 回复：0
CVE-2021-41245

Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, CSRF tokens generated by `privUITransactionFile` aren't properly checked. Versions 2.7.6 and 3.0.0 con ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：25 | 回复：0
CVE-2022-1243

CRHTLF can lead to invalid protocol extraction potentially leading to XSS in GitHub repository medialize/uri.js prior to 1.19.11.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：23 | 回复：0
CVE-2022-26982

SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：29 | 回复：0
CVE-2022-26986

SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this allows an attacker to read and modify the sensitive information from the database ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：30 | 回复：0
CVE-2020-19229

Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this version of the java deserialization vulnerability, an attacker could exploit the vulnerability to execute a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：28 | 回复：0
CVE-2020-23349

An intent redirection issue was doscovered in Sina Weibo Android SDK 4.2.7 (com.sina.weibo.sdk.share.WbShareTransActivity), any unexported Activities could be started by the com.sina.weibo.sdk.share.W ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：33 | 回复：0
CVE-2020-28847

Cross Site Scripting (XSS) vulnerability in xCss Valine v1.4.14 via the nick parameter to /classes/Comment.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：31 | 回复：0
CVE-2021-27116

An issue was discovered in file profile.go in function MemProf in beego through 2.0.2, allows attackers to launch symlink attacks locally.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：29 | 回复：0
CVE-2021-27117

An issue was discovered in file profile.go in function GetCPUProfile in beego through 2.0.2, allows attackers to launch symlink attacks locally.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：39 | 回复：0
CVE-2021-28428

File upload vulnerability in HorizontCMS before 1.0.0-beta.3 via uploading a .htaccess and *.hello files using the Media Files upload functionality. The original file upload vulnerability (CVE-2020-27 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：28 | 回复：0
CVE-2021-30080

An issue was discovered in the route lookup process in beego through 2.0.1, allows attackers to bypass access control.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：29 | 回复：0
CVE-2021-41751

Buffer overflow vulnerability in file ecma-builtin-array-prototype.c:909 in function ecma_builtin_array_prototype_object_slice in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：27 | 回复：0
CVE-2021-41752

Stack overflow vulnerability in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021 due to an unbounded recursive call to the new opt() function.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：19 | 回复：0
CVE-2022-0602

Cross-site Scripting (XSS) - DOM in GitHub repository tastyigniter/tastyigniter prior to 3.3.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：24 | 回复：0
CVE-2022-24795

yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：18 | 回复：0
CVE-2022-27462

Cross Site Scripting (XSS) vulnerability in objects/function.php in function getDeviceID in WWBN AVideo through 11.6, via the yptDevice parameter to view/include/head.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：20 | 回复：0
CVE-2022-27463

Open redirect vulnerability in objects/login.json.php in WWBN AVideo through 11.6, allows attackers to arbitrarily redirect users from a crafted url to the login page.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：16 | 回复：0
CVE-2022-22355

IBM MQ Appliance 9.2 CD and 9.2 LTS are vulnerable to a denial of service in the Login component of the application which could allow an attacker to cause a drop in performance.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：16 | 回复：0
CVE-2022-22356

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts. IBM X-Force ID: 220487.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：19 | 回复：0
CVE-2022-26635

PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：15 | 回复：0
CVE-2022-26630

Jellycms v3.8.1 and below was discovered to contain an arbitrary file upload vulnerability via \app.\admin\Controllers\db.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：32 | 回复：0
CVE-2022-28648

In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：33 | 回复：0
CVE-2022-28649

In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：36 | 回复：0
CVE-2022-28650

In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：53 | 回复：0
CVE-2022-28651

In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：66 | 回复：0
CVE-2022-1244

heap-buffer-overflow in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：56 | 回复：0
CVE-2022-24780

Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, users of the iTop user portal can send TWIG code to the server by forging specific http queries, and execu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：79 | 回复：0
CVE-2022-24811

Combodi iTop is a web based IT Service Management tool. Prior to versions 2.7.6 and 3.0.0, cross-site scripting is possible for scripts outside of script tags when displaying HTML attachments. This is ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：67 | 回复：0
CVE-2022-24978

Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：93 | 回复：0
CVE-2022-25245

Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：121 | 回复：0
CVE-2022-25373

Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：85 | 回复：0
CVE-2022-28219

Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：63 | 回复：0
CVE-2022-23974

In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. In pinot installations that allow open access to the controller a specially ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：57 | 回复：0
CVE-2022-24475

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-202 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：57 | 回复：0
CVE-2022-24523

Microsoft Edge (Chromium-based) Spoofing Vulnerability.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：53 | 回复：0
CVE-2022-26628

Matrimony v1.0 was discovered to contain a SQL injection vulnerability via the Password parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：76 | 回复：0
CVE-2022-26891

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-202 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：50 | 回复：0
CVE-2022-26895

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-202 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：59 | 回复：0
CVE-2021-1942

Improper handling of permissions of a shared memory region can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：209 | 回复：0