CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-20736

A vulnerability in the web-based management interface of Cisco AppDynamics Controller Software could allow an unauthenticated, remote attacker to access a configuration file and the login page for an ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：10 | 回复：0
CVE-2022-20798

A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：11 | 回复：0
CVE-2022-20817

A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：8 | 回复：0
CVE-2022-20819

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. Thi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：9 | 回复：0
CVE-2022-20825

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cau ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：9 | 回复：0
CVE-2021-40776

Adobe Lightroom Classic 10.3 (and earlier) are affected by a privilege escalation vulnerability in the Offline Lightroom Classic installer. An authenticated attacker could leverage this vulnerability ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：9 | 回复：0
CVE-2021-43754

Adobe Prelude version 22.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the conte ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：9 | 回复：0
CVE-2021-43756

Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：8 | 回复：0
CVE-2022-24004

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Messenger/messenger_ajax.php in REDCap 12.0.11. This issue allows any authenticated user to inject arbitrary code into the messenger ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：9 | 回复：0
CVE-2022-24127

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in ProjectGeneral/edit_project_settings.php in REDCap 12.0.11. This issue allows any user with project management permissions to inject ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：8 | 回复：0
CVE-2022-26057

Vulnerabilities in the Mint WorkBench allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already ex ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：7 | 回复：0
CVE-2022-29443

Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark's Hotel Booking plugin = 3.0 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：8 | 回复：0
CVE-2022-29450

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Admin Management Xtended plugin = 2.4.4 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：8 | 回复：0
CVE-2022-31044

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. The Key Storage converter plugin mechanism was not enabled correctly in Rundeck 4.2.0 and 4.2.1, resul ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：8 | 回复：0
CVE-2022-31069

NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to version 0.7.0, the nestjs-proxy library did not have a way to control when Authorization headers should should be forwarded for sp ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：8 | 回复：0
CVE-2022-31070

NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to version 0.7.0, the nestjs-proxy library did not have a way to block sensitive cookies (e.g. session cookies) from being forwarded ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：8 | 回复：0
CVE-2022-31216

Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already ex ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：8 | 回复：0
CVE-2022-31217

Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already ex ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：8 | 回复：0
CVE-2022-31218

Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already ex ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：8 | 回复：0
CVE-2022-31219

Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already ex ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：8 | 回复：0
CVE-2022-32375

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_timetable.php?id=.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：8 | 回复：0
CVE-2022-32376

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_events.php?event_id=.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：8 | 回复：0
CVE-2022-32377

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_exam_timetable.php?id=.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：6 | 回复：0
CVE-2022-32378

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_teacher_profile.php?my_index=.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：6 | 回复：0
CVE-2022-32379

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_parents_profile.php?my_index=.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：6 | 回复：0
CVE-2022-32380

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_student_subject.php?index=.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：6 | 回复：0
CVE-2022-32381

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_admin_profile.php?my_index=.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：6 | 回复：0
CVE-2022-32433

itsourcecode Advanced School Management System v1.0 is vulnerable to Arbitrary code execution via ip/school/view/all_teacher.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：5 | 回复：0
CVE-2022-32550

An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to create connections to the 1Password service. In specific circumstances, this issue ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：5 | 回复：0
CVE-2021-25261

Local privilege vulnerability in Yandex Browser for Windows prior to 22.5.0.862 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlin ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：5 | 回复：0
CVE-2021-36891

Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery by Supsystic plugin = 1.15.5 at WordPress allows changing the plugin settings.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：5 | 回复：0
CVE-2021-41415

Subscription-Manager v1.0 /main.js has a cross-site scripting (XSS) vulnerability in the machineDetail parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：5 | 回复：0
CVE-2021-41418

AriaNg v0.1.0~v1.2.2 is affected by an incorrect access control vulnerability through not authenticating visitors' access rights.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：5 | 回复：0
CVE-2021-42735

Adobe Photoshop version 22.5.1 (and earlier versions ) is affected by an Access of Memory Location After End of Buffer vulnerability, potentially resulting in arbitrary code execution in the context o ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：5 | 回复：0
CVE-2021-43755

Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：5 | 回复：0
CVE-2022-21123

Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：5 | 回复：0
CVE-2022-21125

Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：5 | 回复：0
CVE-2022-21127

Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：5 | 回复：0
CVE-2022-21935

A vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 allows unverified password change.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：5 | 回复：0
CVE-2022-21937

Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：5 | 回复：0