CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-1409

The VikBooking Hotel Booking Engine PMS WordPress plugin before 1.5.8 does not properly validate images, allowing high privilege users such as administrators to upload PHP files disguised as images a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：7 | 回复：0
CVE-2022-1418

The Social Stickers WordPress plugin through 2.2.9 does not have CSRF checks in place when updating its Social Network settings, and does not escape some of these fields, which could allow attackers t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：7 | 回复：0
CVE-2022-1425

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the message_id of the wpqa_message_view ajax action belongs to the requ ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：7 | 回复：0
CVE-2022-1435

The WPCargo Track Trace WordPress plugin before 6.9.5 does not sanitize and escapes some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：7 | 回复：0
CVE-2022-1436

The WPCargo Track Trace WordPress plugin before 6.9.5 does not sanitise and escape the wpcargo_tracking_number parameter before outputting it back in the page, which could allow attackers to perform ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：7 | 回复：0
CVE-2022-1455

The Call Now Button WordPress plugin before 1.1.2 does not escape a parameter before outputting it back in an attribute of a hidden input, leading to a Reflected Cross-Site Scripting when the premium ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：7 | 回复：0
CVE-2022-1465

The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.9 does not sanitise and escape a parameter before outputting it back in an attribute via an AJAX action, leading to a Reflected Cross ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：7 | 回复：0
CVE-2022-1512

The ScrollReveal.js Effects WordPress plugin through 1.2 does not sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfiltered_ ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：7 | 回复：0
CVE-2022-1553

Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any pa ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：7 | 回复：0
CVE-2022-1557

The ULeak Security Monitoring WordPress plugin through 1.2.3 does not have authorisation and CSRF checks when updating its settings, and is also lacking sanitisation as well as escaping in some of th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：7 | 回复：0
CVE-2022-1559

The Clipr WordPress plugin through 1.2.3 does not sanitise and escape its API Key settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-1560

The Amministrazione Aperta WordPress plugin before 3.8 does not validate the open parameter before using it in an include statement, leading to a Local File Inclusion issue. The original advisory ment ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：7 | 回复：0
CVE-2022-1713

SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：7 | 回复：0
CVE-2022-1721

Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：7 | 回复：0
CVE-2022-1722

SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：8 | 回复：0
CVE-2022-1726

Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclos ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：8 | 回复：0
CVE-2022-1728

Allowing long password leads to denial of service in polonel/trudesk in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability can be abused by doing a DDoS attack for which genuine user ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：8 | 回复：0
CVE-2022-30523

Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow a low privileged local attacker to delete the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：8 | 回复：0
CVE-2021-33318

An Input Validation Vulnerability exists in Joel Christner .NET C# packages WatsonWebserver, IpMatcher 1.0.4.1 and below (IpMatcher) and 4.1.3 and below (WatsonWebserver) due to insufficient validatio ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：8 | 回复：0
CVE-2021-23265

A logged-in and authenticated user with a Reviewer Role may lock a content item.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：8 | 回复：0
CVE-2021-23266

An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：7 | 回复：0
CVE-2021-23267

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker static methods.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：7 | 回复：0
CVE-2022-25169

The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：8 | 回复：0
CVE-2022-30050

Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting (XSS) via bbs/member_confirm.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：8 | 回复：0
CVE-2022-30055

Prime95 30.7 build 9 suffers from a Buffer Overflow vulnerability that could lead to Remote Code Execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：8 | 回复：0
CVE-2022-30126

In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. Thi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：8 | 回复：0
CVE-2021-27442

The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：8 | 回复：0
CVE-2021-27444

The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administra ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：8 | 回复：0
CVE-2021-27446

The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：8 | 回复：0
CVE-2021-33001

xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘bdate’ of the resource xhisvalue.htm, which may allow an unauthorized attacker to execute arbitrary code. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：8 | 回复：0
CVE-2021-33021

xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘edate’ of the resource xhisalarm.htm, which may allow an unauthorized attacker to execute arbitrary code. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：7 | 回复：0
CVE-2021-33025

xArrow SCADA versions 7.2 and prior permits unvalidated registry keys to be run with application-level privileges.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：8 | 回复：0
CVE-2022-1679

A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allow ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：8 | 回复：0
CVE-2022-30695

Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy (Windows) before build 3640……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：7 | 回复：0
CVE-2022-30696

Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3640……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：9 | 回复：0
CVE-2022-30697

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 3640……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：9 | 回复：0
CVE-2022-1731

Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to a SQL injection attack in the username field. SSO or System authentication are required to be enabled for vulnerable conditions t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：9 | 回复：0
CVE-2022-23657

A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released up ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：9 | 回复：0
CVE-2022-23658

A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released up ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：9 | 回复：0
CVE-2022-23659

A remote reflected cross site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：8 | 回复：0