CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-2017

A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /pms/admin/visits/view_visit.php of the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：11 | 回复：0
CVE-2022-2018

A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. Affected is an unknown function of the file /admin/?page=inmates/view_inmate of the component Inma ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：11 | 回复：0
CVE-2022-2019

A vulnerability classified as critical was found in SourceCodester Prison Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php?f=save of the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：10 | 回复：0
CVE-2022-2020

A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=syste ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：7 | 回复：0
CVE-2022-30760

An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information (final grades, study cours ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：7 | 回复：0
CVE-2022-31031

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and includ ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：7 | 回复：0
CVE-2022-31214

A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：7 | 回复：0
CVE-2016-15002

A vulnerability, which was classified as critical, was found in MONyog Ultimate 6.63. This affects an unknown part of the component Cookie Handler. The manipulation of the argument HasServerEdit/IsAdm ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：6 | 回复：0
CVE-2019-25064

A vulnerability was found in CoreHR Core Portal up to 27.0.7. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site request forgery. It is possib ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：6 | 回复：0
CVE-2019-25065

A vulnerability was found in OpenNetAdmin 18.1.1. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to privilege escalation. The attack may be ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：6 | 回复：0
CVE-2019-25066

A vulnerability has been found in ajenti 2.1.31 and classified as critical. This vulnerability affects unknown code of the component API. The manipulation leads to privilege escalation. The attack can ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：7 | 回复：0
CVE-2019-25067

A vulnerability, which was classified as critical, was found in Podman and Varlink 1.5.1. This affects an unknown part of the component API. The manipulation leads to Privilege Escalation. It is possi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：7 | 回复：0
CVE-2019-25068

A vulnerability classified as critical was found in Axios Italia Axios RE 1.7.0/7.0.0. This vulnerability affects unknown code of the file REDefault.aspx of the component Connection Handler. The manip ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：8 | 回复：0
CVE-2019-25069

A vulnerability, which was classified as problematic, has been found in Axios Italia Axios RE 1.7.0/7.0.0. This issue affects some unknown processing of the component Error Message Handler. The manipu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：7 | 回复：0
CVE-2019-25070

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in WolfCMS up to 0.8.3.1. It has been rated as problematic. This issue affects some unknown processing of the file /wolfcms/?/admin/user/add o ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：8 | 回复：0
CVE-2021-27786

Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a controlled manner. This request has an Origin header that identifies the domain that is making the initial r ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：9 | 回复：0
CVE-2022-1986

OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：9 | 回复：0
CVE-2022-1992

Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：9 | 回复：0
CVE-2022-1993

Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：9 | 回复：0
CVE-2022-25151

Within the Service Desk module of the ITarian platform (SAAS and on-premise), a remote attacker can obtain sensitive information, caused by the failure to set the HTTP Only flag. A remote attacker cou ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：8 | 回复：0
CVE-2022-25152

The ITarian platform (SAAS / on-premise) offers the possibility to run code on agents via a function called procedures. It is possible to require a mandatory approval process. Due to a vulnerability i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：10 | 回复：0
CVE-2022-25153

The ITarian Endpoint Manage Communication Client, prior to version 6.43.41148.21120, is compiled using insecure OpenSSL settings. Due to this setting, a malicious actor with low privileges access to a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：10 | 回复：0
CVE-2022-26362

x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen' ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：10 | 回复：0
CVE-2022-26363

x86 pv: Insufficient care with non-coherent mappings T Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：10 | 回复：0
CVE-2022-26364

x86 pv: Insufficient care with non-coherent mappings T Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：10 | 回复：0
CVE-2022-26377

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forward ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：11 | 回复：0
CVE-2022-28330

Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：11 | 回复：0
CVE-2022-28614

The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as wi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：11 | 回复：0
CVE-2022-28615

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed w ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：9 | 回复：0
CVE-2022-29404

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：11 | 回复：0
CVE-2022-2014

Code Injection in GitHub repository jgraph/drawio prior to 19.0.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：11 | 回复：0
CVE-2022-2015

Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 19.0.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：11 | 回复：0
CVE-2022-2026

Cross-site Scripting (XSS) - Stored in GitHub repository kromitgmbh/titra prior to 0.77.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：12 | 回复：0
CVE-2022-2027

Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：12 | 回复：0
CVE-2022-2028

Cross-site Scripting (XSS) - Generic in GitHub repository kromitgmbh/titra prior to 0.77.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：11 | 回复：0
CVE-2022-2029

Cross-site Scripting (XSS) - DOM in GitHub repository kromitgmbh/titra prior to 0.77.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：11 | 回复：0
CVE-2022-2036

Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：12 | 回复：0
CVE-2022-2037

Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：12 | 回复：0
CVE-2022-30522

If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigge ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：11 | 回复：0
CVE-2022-30556

Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：11 | 回复：0