CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-29165

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A critical vulnerability has been discovered in Argo CD starting with version 1.4.0 and prior to versions 2.1.15, 2.2.9, and 2 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：20 | 回复：0
CVE-2022-31245

mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin via the --debug option in conjunction with the ---PIPEMESS option in Sync Jobs.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：17 | 回复：0
CVE-2022-24906

Nextcloud Deck is a Kanban-style project personal management tool for Nextcloud, similar to Trello. The full path of the application is exposed to unauthorized users. It is recommended that the Nextc ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：17 | 回复：0
CVE-2022-29159

Nextcloud Deck is a Kanban-style project personal management tool for Nextcloud. In versions prior to 1.4.8, 1.5.6, and 1.6.1, an authenticated user can move stacks with cards from their own board to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：17 | 回复：0
CVE-2022-29160

Nextcloud Android is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.0, sensitive tokens, images, and user related details exist after deletion of a user a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：16 | 回复：0
CVE-2022-29163

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.6 and 23.0.3, a user can create a link that is not password protected even if th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：16 | 回复：0
CVE-2022-29170

Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows to configure Grafana in a way so that the instance doesnâ€ ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：17 | 回复：0
CVE-2021-39043

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：16 | 回复：0
CVE-2022-22365

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax Proxy Web Application (AjaxProxy.war) deployed, is vulnerable to spoofing by allowing a man-in-the-middle attacker to spoof SSL s ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：16 | 回复：0
CVE-2022-29177

Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.17, a vulnerable node, if configured to use high verbosity logging, can be made to crash when handling ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：14 | 回复：0
CVE-2022-1770

Improper Privilege Management in GitHub repository polonel/trudesk prior to 1.2.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：15 | 回复：0
CVE-2022-28531

Sourcecodester Covid-19 Directory on Vaccination System1.0 is vulnerable to SQL Injection via the admin/login.php txtusername (aka Username) field.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：14 | 回复：0
CVE-2022-28990

WASM3 v0.5.0 was discovered to contain a heap overflow via the component /wabt/bin/poc.wasm.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：15 | 回复：0
CVE-2022-28995

Rengine v1.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the yaml configuration function.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：15 | 回复：0
CVE-2022-29178

Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：13 | 回复：0
CVE-2022-29179

Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Prior to versions 1.9.16, 1.10.11, and 1.11.15, if an attacker is able t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：12 | 回复：0
CVE-2022-29181

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted input ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：11 | 回复：0
CVE-2022-29182

GoCD is a continuous delivery server. GoCD versions 19.11.0 through 21.4.0 (inclusive) are vulnerable to a Document Object Model (DOM)-based cross-site scripting attack via a pipeline run's Stage ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：8 | 回复：0
CVE-2022-29183

GoCD is a continuous delivery server. GoCD versions 20.2.0 until 21.4.0 are vulnerable to reflected cross-site scripting via abuse of the pipeline comparison function's error handling to render ar ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：11 | 回复：0
CVE-2021-36833

Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in ibericode's MC4WP plugin = 4.8.6 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：10 | 回复：0
CVE-2022-21195

All versions of package url-regex are vulnerable to Regular Expression Denial of Service (ReDoS) which can cause the CPU usage to crash.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：10 | 回复：0
CVE-2022-24434

This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the servic ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：10 | 回复：0
CVE-2022-29184

GoCD is a continuous delivery server. In GoCD versions prior to 22.1.0, it is possible for existing authenticated users who have permissions to edit or create pipeline materials or pipeline configurat ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：9 | 回复：0
CVE-2022-29185

totp-rs is a Rust library that permits the creation of 2FA authentification tokens per time-based one-time password (TOTP). Prior to version 1.1.0, token comparison was not constant time, and could th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：10 | 回复：0
CVE-2022-29424

Authenticated (admin or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in Biplob Adhikari's Image Hover Effects Ultimate plugin = 9.7.1 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：10 | 回复：0
CVE-2022-29425

Cross-Site Scripting (XSS) vulnerability in WP Wham's Checkout Files Upload for WooCommerce plugin = 2.1.2 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：9 | 回复：0
CVE-2022-29448

Authenticated (admin or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company's Herd Effects plugin = 5.2 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：9 | 回复：0
CVE-2022-22972

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may b ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：8 | 回复：0
CVE-2022-22973

VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：8 | 回复：0
CVE-2022-28618

A command injection security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays that could a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：8 | 回复：0
CVE-2022-29186

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rundeck community and rundeck-enterprise docker images contained a pre-generated SSH keypair. If the i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：7 | 回复：0
CVE-2022-29191

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.GetSessionTensor` does not fully validate the input argu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：8 | 回复：0
CVE-2022-29192

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizeAndDequantizeV4Grad` does not fully validate the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-29194

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.DeleteSessionTensor` does not fully validate the input a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-29426

Authenticated (contributor or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in 2J Slideshow Team's Slideshow, Image Slider by 2J plugin = 1.3.54 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-29427

Cross-Site Request Forgery (CSRF) vulnerability in Aftab Muni's Disable Right Click For WP plugin = 1.1.6 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-29428

Cross-Site Scripting (XSS) vulnerability in Muneeb's WP Slider Plugin = 1.4.5 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-29430

Cross-Site Scripting (XSS) vulnerability in KubiQ's PNG to JPG plugin = 4.0 at WordPress via Cross-Site Request Forgery (CSRF). Vulnerable parameter jpg_quality.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-29431

Cross-Site Request Forgery (CSRF) vulnerability in KubiQ CPT base plugin = 5.8 at WordPress allows an attacker to delete the CPT base.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-29432

Multiple Authenticated (administrator or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in TMS-Plugins wpDataTables plugin = 2.1.27 on WordPress via data-link-text, data-link- ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0