CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-33036

In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：22 | 回复：0
CVE-2022-33140

The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operatin ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：18 | 回复：0
CVE-2019-4575

IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.9 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：17 | 回复：0
CVE-2021-40910

There is a reflective cross-site scripting (XSS) vulnerability in the PHPCMS V9.6.3 management side.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：21 | 回复：0
CVE-2021-41672

PEEL Shopping CMS 9.4.0 is vulnerable to authenticated SQL injection in utilisateurs.php. A user that belongs to the administrator group can inject a malicious SQL query in order to affect the executi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：18 | 回复：0
CVE-2022-22444

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user to exploit a vulnerability in the lpd daemon to cause a denial of service. IBM X-Force ID: 224444.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：21 | 回复：0
CVE-2022-29437

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Image Slider by NextCode plugin = 1.1.2 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：23 | 回复：0
CVE-2022-29438

Authenticated (author or higher user role) Persistent Cross-Site Scripting (XSS) vulnerability in Image Slider by NextCode plugin = 1.1.2 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：24 | 回复：0
CVE-2022-29439

Cross-Site Request Forgery (CSRF) vulnerability in Image Slider by NextCode plugin = 1.1.2 at WordPress allows deleting slides.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：22 | 回复：0
CVE-2022-29440

Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Promotion Slider plugin = 3.3.4 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：29 | 回复：0
CVE-2022-29441

Cross-Site Request Forgery (CSRF) vulnerability in Private Messages For WordPress plugin = 2.1.10 at WordPress allows attackers to send messages.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：32 | 回复：0
CVE-2022-29442

Authenticated (subscriber or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Messages For WordPress = 2.1.10 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：26 | 回复：0
CVE-2022-29453

Cross-Site Request Forgery (CSRF) vulnerability in API KEY for Google Maps plugin = 1.2.1 at WordPress leading to Google Maps API key update.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：28 | 回复：0
CVE-2021-39820

Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：23 | 回复：0
CVE-2021-40727

Access of Memory Location After End of Buffer (CWE-788……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：22 | 回复：0
CVE-2021-40940

Monstra 3.0.4 does not filter the case of php, which leads to an unrestricted file upload vulnerability.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：22 | 回复：0
CVE-2021-42732

Access of Memory Location After End of Buffer (CWE-788)……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：20 | 回复：0
CVE-2022-1342

A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. A caching issue can cause sensitive fields to sometimes stay revealed ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：18 | 回复：0
CVE-2022-32101

kkcms v1.3.7 was discovered to contain a SQL injection vulnerability via the cid parameter at /template/wapian/vlist.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：19 | 回复：0
CVE-2022-32151

The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：15 | 回复：0
CVE-2022-32152

Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by defa ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：15 | 回复：0
CVE-2022-32153

Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by defa ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：14 | 回复：0
CVE-2022-32154

Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasse ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：14 | 回复：0
CVE-2022-32155

In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：14 | 回复：0
CVE-2022-32156

In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface (CLI) did not validate TLS certificates while connecting to a remote Splunk platform instance by def ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：14 | 回复：0
CVE-2022-32157

Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configur ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：14 | 回复：0
CVE-2022-32158

Splunk Enterprise deployment servers in versions before 9.0 let clients deploy forwarder bundles to other deployment clients through the deployment server. An attacker that compromised a Universal For ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：13 | 回复：0
CVE-2022-32299

YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the id parameter at /App/Lib/Action/Admin/SiteAction.class.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：12 | 回复：0
CVE-2022-32300

YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the MailSendID parameter at /App/Lib/Action/Admin/MailAction.class.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：12 | 回复：0
CVE-2022-32301

YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the IdList parameter at /App/Lib/Action/Home/ApiAction.class.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：11 | 回复：0
CVE-2022-32302

Theme Park Ticketing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at edit_ticket.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：11 | 回复：0
CVE-2022-32991

Web Based Quiz System v1.0 was discovered to contain a SQL injection vulnerability via the eid parameter at welcome.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：11 | 回复：0
CVE-2022-32992

Online Tours And Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the tname parameter at /admin/operations/tax.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：11 | 回复：0
CVE-2017-20046

A vulnerability classified as problematic has been found in AXIS P1204, P3225, P3367, M3045, M3005 and M3007. Affected is an unknown function. The manipulation leads to cross-site request forgery. It ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：7 | 回复：0
CVE-2017-20047

A vulnerability classified as problematic was found in AXIS P1204, P3225, P3367, M3045, M3005 and M3007. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross sit ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：10 | 回复：0
CVE-2017-20048

A vulnerability, which was classified as critical, has been found in AXIS P1204, P3225, P3367, M3045, M3005 and M3007. Affected by this issue is some unknown functionality of the component Script Edit ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：9 | 回复：0
CVE-2017-20049

A vulnerability, which was classified as critical, was found in AXIS P1204, P3225, P3367, M3045, M3005 and M3007. This affects an unknown part of the component CGI Script. The manipulation leads to im ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：9 | 回复：0
CVE-2017-20050

A vulnerability has been found in AXIS P1204, P3225, P3367, M3045, M3005 and M3007 and classified as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulati ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：9 | 回复：0
CVE-2022-20664

A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an authe ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：9 | 回复：0
CVE-2022-20733

A vulnerability in the login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to log in without credentials and access all roles without any restrictions. T ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：9 | 回复：0