CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-2169

The Loading Page with Loading Screen WordPress plugin before 1.0.83 does not escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfi ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：824 | 回复：0
CVE-2022-2173

The Advanced Database Cleaner WordPress plugin before 3.1.1 does not escape numerous generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross- ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：734 | 回复：0
CVE-2022-2186

The Simple Post Notes WordPress plugin before 1.7.6 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilte ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：511 | 回复：0
CVE-2022-2187

The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not escape the $_SERVER parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：895 | 回复：0
CVE-2022-2194

The Accept Stripe Payments WordPress plugin before 2.0.64 does not sanitize and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even wh ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：512 | 回复：0
CVE-2022-2222

The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：495 | 回复：0
CVE-2022-32320

A Cross-Site Request Forgery (CSRF) in Ferdi through 5.8.1 and Ferdium through 6.0.0-nightly.98 allows attackers to read files via an uploaded file such as a settings/preferences file.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：810 | 回复：0
CVE-2022-35861

pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. An attacker can craft a Python version string in .python-version to execut ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：529 | 回复：0
CVE-2022-30550

An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and me ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：515 | 回复：0
CVE-2022-31260

In Montala ResourceSpace through 9.8 before r19636, csv_export_results_metadata.php allows attackers to export collection metadata via a non-NULL k value.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：472 | 回复：0
CVE-2022-25357

Pexip Infinity 27.x before 27.2 has Improper Access Control. An attacker can sometimes join a conference (call join) if it has a lock but not a PIN.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：1504 | 回复：0
CVE-2022-26654

Pexip Infinity before 27.3 allows remote attackers to force a software abort via HTTP.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：1823 | 回复：0
CVE-2022-26655

Pexip Infinity 27.x before 27.3 has Improper Input Validation. The client API allows remote attackers to trigger a software abort via a gateway call into Teams.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：2244 | 回复：0
CVE-2022-26656

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort, and possibly enumerate usernames, via One Touch Join.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：1487 | 回复：0
CVE-2022-26657

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：1684 | 回复：0
CVE-2022-27928

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：1836 | 回复：0
CVE-2022-27929

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via HTTP.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：1624 | 回复：0
CVE-2022-27930

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via single-sign-on if a random Universally Unique Identifier is guessed.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：1619 | 回复：0
CVE-2022-27931

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：1666 | 回复：0
CVE-2022-27932

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：1586 | 回复：0
CVE-2022-27933

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：1588 | 回复：0
CVE-2022-27934

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via HTTP.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：1215 | 回复：0
CVE-2022-27935

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via Epic Telehealth.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：1252 | 回复：0
CVE-2022-27936

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via H.323.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：1393 | 回复：0
CVE-2022-27937

Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：1419 | 回复：0
CVE-2022-30622

Disclosure of information - the system allows you to view usernames and passwords without permissions, thus it will be possible to enter the system. Path access: http://api/sys_username_passwd.cmd - T ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：576 | 回复：0
CVE-2021-40149

The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory. In this way an attacker can download the entire key via the /self.key URI.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：803 | 回复：0
CVE-2021-46784

In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：526 | 回复：0
CVE-2022-26352

An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows direc ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：707 | 回复：0
CVE-2022-29286

Pexip Infinity 27 before 28.0 allows remote attackers to trigger excessive resource consumption and termination because of registrar resource mishandling.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：1382 | 回复：0
CVE-2022-32263

Pexip Infinity before 28.1 allows remote attackers to trigger a software abort via G.719.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：1365 | 回复：0
CVE-2021-40150

The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. In this way an attacker can download the entir ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：1028 | 回复：0
CVE-2022-26479

An issue was discovered in Poly EagleEye Director II before 2.2.2.1. Existence of a certain file (which can be created via an rsync backdoor) causes all API calls to execute as admin without authentic ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：623 | 回复：0
CVE-2022-26481

An issue was discovered in Poly Studio before 3.7.0. Command Injection can occur via the CN field of a Create Certificate Signing Request (CSR) action.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：1286 | 回复：0
CVE-2022-26482

An issue was discovered in Poly EagleEye Director II before 2.2.2.1. os.system command injection can be achieved by an admin.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：576 | 回复：0
CVE-2022-28807

An issue was discovered in Open Design Alliance Drawings SDK before 2023.2. An Out-of-Bounds Read vulnerability exists when rendering a .dwg file after it's opened in the recovery mode. An attacke ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：573 | 回复：0
CVE-2022-28808

An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. An Out-of-Bounds Read vulnerability exists when reading DWG files in a recovery mode. An attacker can leverage this vulnerab ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：856 | 回复：0
CVE-2022-28809

An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. An Out-of-Bounds Read vulnerability exists when reading a DWG file with an invalid vertex number in a recovery mode. An atta ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：829 | 回复：0
CVE-2022-30981

An issue was discovered in Gentics CMS before 5.43.1. By uploading a malicious ZIP file, an attacker is able to deserialize arbitrary data and hence can potentially achieve Java code execution.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：559 | 回复：0
CVE-2022-30982

An issue was discovered in Gentics CMS before 5.43.1. There is stored XSS in the profile description and in the username.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：773 | 回复：0