CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-1018

When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within a dynamic link library file. An attacker ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：58 | 回复：0
CVE-2022-1068

Modbus Tools Modbus Slave (versions 7.4.2 and prior) is vulnerable to a stack-based buffer overflow in the registration field. This may cause the program to crash when a long character string is used.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：43 | 回复：0
CVE-2022-1159

Rockwell Automation Studio 5000 Logix Designer (all versions) are vulnerable when an attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject control ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：38 | 回复：0
CVE-2022-21830

A blind self XSS vulnerability exists in RocketChat LiveChat v1.9 that could allow an attacker to trick a victim pasting malicious code in their chat instance.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：50 | 回复：0
CVE-2022-22570

A buffer overflow vulnerability found in the UniFi Door Access Reader Lite’s (UA Lite) firmware (Version 3.8.28.24 and earlier) allows a malicious actor who has gained access to a network to control ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：39 | 回复：0
CVE-2022-22950

n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：37 | 回复：0
CVE-2022-20673

Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scrip ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：104 | 回复：0
CVE-2022-20674

Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scrip ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：110 | 回复：0
CVE-2022-20765

A vulnerability in the web applications of Cisco UCS Director could allow an authenticated, remote attacker to conduct a cross-site scripting attack on an affected system. This vulnerability is due to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：114 | 回复：0
CVE-2022-20797

A vulnerability in the web-based management interface of Cisco Secure Network Analytics, formerly Cisco Stealthwatch Enterprise, could allow an authenticated, remote attacker to execute arbitrary comm ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：109 | 回复：0
CVE-2022-20802

A vulnerability in the web interface of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interfa ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：130 | 回复：0
CVE-2022-20806

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：125 | 回复：0
CVE-2022-20807

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：96 | 回复：0
CVE-2022-1897

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：103 | 回复：0
CVE-2021-27780

The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：115 | 回复：0
CVE-2021-27781

The Master operator may be able to embed script tag in HTML with alert pop-up display cookie.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：119 | 回复：0
CVE-2022-25878

The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype. This vulnerability can occur in multiple ways: ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：114 | 回复：0
CVE-2022-1927

Buffer Over-read in GitHub repository vim/vim prior to 8.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：114 | 回复：0
CVE-2022-1928

Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gitea prior to 1.16.9.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：136 | 回复：0
CVE-2022-0376

The User Meta WordPress plugin before 2.4.3 does not sanitise and escape the Form Name, as well as Shared Field Labels before outputting them in the admin dashboard when editing a form, which could al ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：176 | 回复：0
CVE-2022-0642

The JivoChat Live Chat WordPress plugin before 1.3.5.4 does not properly check CSRF tokens on POST requests to the plugins admin page, and does not sanitise some parameters, leading to a stored Cross- ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：158 | 回复：0
CVE-2022-1009

The Smush WordPress plugin before 3.9.9 does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a malicious preset configuration, leading to a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：129 | 回复：0
CVE-2022-1203

The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：132 | 回复：0
CVE-2022-1275

The BannerMan WordPress plugin through 0.2.4 does not sanitize or escape its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks when the unfiltered_html is disal ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：155 | 回复：0
CVE-2022-1294

The IMDB info box WordPress plugin through 2.0 does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when the unfilter ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：137 | 回复：0
CVE-2022-1299

The Slideshow WordPress plugin through 2.3.1 does not sanitize and escape some of its default slideshow settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：128 | 回复：0
CVE-2022-1387

The No Future Posts WordPress plugin through 1.4 does not escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disa ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：149 | 回复：0
CVE-2022-1395

The Easy FAQ with Expanding Text WordPress plugin through 3.2.8.3.1 does not sanitise and escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks when unfiltered_htm ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：132 | 回复：0
CVE-2022-1456

The Poll Maker WordPress plugin before 4.0.2 does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store Cross-Site Scripting attack even when unf ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：160 | 回复：0
CVE-2022-1527

The WP 2FA WordPress plugin before 2.2.1 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：162 | 回复：0
CVE-2022-1528

The VikBooking Hotel Booking Engine PMS WordPress plugin before 1.5.9 does not escape the current URL before putting it back in a JavaScript context, leading to a Reflected Cross-Site Scripting……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：126 | 回复：0
CVE-2022-1542

The HPB Dashboard WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even wh ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：133 | 回复：0
CVE-2022-1556

The StaffList WordPress plugin before 3.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement when searching for Staff in the admin dashboard, leading to an SQL Inje ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：182 | 回复：0
CVE-2022-1562

The Enable SVG WordPress plugin before 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：134 | 回复：0
CVE-2022-1564

The Form Maker by 10Web WordPress plugin before 1.14.12 does not sanitize and escape the Custom Text settings, which could allow high privilege user such as admin to perform Cross-Site Scripting attac ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：138 | 回复：0
CVE-2022-1566

The Quotes llama WordPress plugin through 0.7 does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_htm ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：124 | 回复：0
CVE-2022-1568

The Team Members WordPress plugin before 5.1.1 does not escape some of its Team settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilte ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：151 | 回复：0
CVE-2022-1582

The External Links in New Window / New Tab WordPress plugin before 1.43 does not properly escape URLs it concatenates to onclick event handlers, which makes Stored Cross-Site Scripting attacks possibl ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：160 | 回复：0
CVE-2022-1583

The External Links in New Window / New Tab WordPress plugin before 1.43 does not ensure window.opener is set to null when links to external sites are clicked, which may enable tabnabbing attacks to oc ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：161 | 回复：0
CVE-2022-1589

The Change wp-admin login WordPress plugin before 1.1.0 does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：264 | 回复：0