• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

CVE漏洞

RSS
  • CVE-2022-22932
    CVE-2022-22932
    Apache Karaf obr:* commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected folder. The risk is low as obr:* commands are not very used and the ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:51 | 阅读:59 | 回复:0
  • CVE-2021-44118
    CVE-2021-44118
    SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. The vulnerability allows an authenticated attacker to ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:51 | 阅读:62 | 回复:0
  • CVE-2021-44120
    CVE-2021-44120
    SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable fields. An editor is able to modify his personal in ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:51 | 阅读:51 | 回复:0
  • CVE-2021-44122
    CVE-2021-44122
    SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public/aiguiller.php, ecrire/public/balises.php, ecrire/balise/formulaire_.php. To exploit the vulnerability, a vi ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:51 | 阅读:31 | 回复:0
  • CVE-2021-44123
    CVE-2021-44123
    SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability, an attacker must craft a malicious picture with a double extension, upload it and then click on it to ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:51 | 阅读:28 | 回复:0
  • CVE-2022-0359
    CVE-2022-0359
    Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:51 | 阅读:32 | 回复:0
  • CVE-2022-0203
    CVE-2022-0203
    Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2.……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:51 | 阅读:16 | 回复:0
  • CVE-2022-0361
    CVE-2022-0361
    Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:51 | 阅读:18 | 回复:0
  • CVE-2022-0362
    CVE-2022-0362
    SQL Injection in Packagist showdoc/showdoc prior to 2.10.3.……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:51 | 阅读:18 | 回复:0
  • CVE-2021-22570
    CVE-2021-22570
    Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting erro ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:51 | 阅读:15 | 回复:0
  • CVE-2021-22600
    CVE-2021-22600
    A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past th ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:51 | 阅读:16 | 回复:0
  • CVE-2021-45975
    CVE-2021-45975
    In ListCheck.exe in Acer Care Center 4.x before 4.00.3038, a vulnerability in the loading mechanism of Windows DLLs could allow a local attacker to perform a DLL hijacking attack. This vulnerability i ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:51 | 阅读:13 | 回复:0
  • CVE-2021-43334
    CVE-2021-43334
    BuddyBoss Platform through 1.8.0 allows XSS via the Group Name or Group Description field.……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:51 | 阅读:13 | 回复:0
  • CVE-2021-44692
    CVE-2021-44692
    BuddyBoss Platform through 1.8.0 allows remote attackers to obtain the email address of each user. When creating a new user, it generates a Unique ID for their profile. This UID is their private email ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:51 | 阅读:15 | 回复:0
  • CVE-2021-46117
    CVE-2021-46117
    jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.page.PageNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and in ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:51 | 阅读:13 | 回复:0
  • CVE-2022-0378
    CVE-2022-0378
    Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:51 | 阅读:15 | 回复:0
  • CVE-2022-0379
    CVE-2022-0379
    Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:51 | 阅读:14 | 回复:0
  • CVE-2022-22851
    CVE-2022-22851
    A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital's Patient Records Management System 1.0 via the specialization parameter in doctors.php……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:51 | 阅读:13 | 回复:0
  • CVE-2021-46115
    CVE-2021-46115
    jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile. The admin panel provides a function through which attackers can upload templates and inject some malicious c ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:51 | 阅读:12 | 回复:0
  • CVE-2021-46116
    CVE-2021-46116
    jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController#doInstall. The admin panel provides a function through which attackers can install templates and inject ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:51 | 阅读:13 | 回复:0
  • CVE-2021-46118
    CVE-2021-46118
    jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.article.kit.ArticleNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templa ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:51 | 阅读:12 | 回复:0
  • CVE-2021-46383
    CVE-2021-46383
    https://gitee.com/mingSoft/MCMS MCMS =5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.web.DictAction#list. The att ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:51 | 阅读:13 | 回复:0
  • CVE-2021-46386
    CVE-2021-46386
    https://gitee.com/mingSoft/MCMS MCMS =5.2.5 is affected by: File Upload. The impact is: execute arbitrary code (remote). The component is: net.mingsoft.basic.action.web.FileAction#upload. The attack v ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:51 | 阅读:14 | 回复:0
  • CVE-2021-29838
    CVE-2021-29838
    IBM Security Guardium Insights 3.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit thi ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:51 | 阅读:12 | 回复:0
  • CVE-2021-29845
    CVE-2021-29845
    IBM Security Guardium Insights 3.0 could allow an authenticated user to perform unauthorized actions due to improper input validation. IBM X-Force ID: 205255.……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:51 | 阅读:12 | 回复:0
  • CVE-2021-29846
    CVE-2021-29846
    IBM Security Guardium Insights 3.0 could allow an authenticated user to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 205256.……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:51 | 阅读:12 | 回复:0
  • CVE-2021-46561
    CVE-2021-46561
    controller/org.controller/org.controller.js in the CVE Services API 1.1.1 before 5c50baf3bda28133a3bc90b854765a64fb538304 allows an organizational administrator to transfer a user account to an arbitr ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:51 | 阅读:12 | 回复:0
  • CVE-2022-0368
    CVE-2022-0368
    Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:51 | 阅读:12 | 回复:0
  • CVE-2021-46114
    CVE-2021-46114
    jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:51 | 阅读:14 | 回复:0
  • CVE-2021-46385
    CVE-2021-46385
    https://gitee.com/mingSoft/MCMS MCMS =5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.FormDataAction#queryData. Th ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:51 | 阅读:13 | 回复:0
  • CVE-2022-22850
    CVE-2022-22850
    A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital's Patient Records Management System 1.0 via the description parameter in room_types.……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:51 | 阅读:10 | 回复:0
  • CVE-2022-23990
    CVE-2022-23990
    Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:51 | 阅读:18 | 回复:0
  • CVE-2022-23993
    CVE-2022-23993
    /usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $_REQUEST in a PHP echo call, causing XSS.……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:51 | 阅读:24 | 回复:0
  • CVE-2022-21686
    CVE-2022-21686
    PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy la ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:51 | 阅读:37 | 回复:0
  • CVE-2022-22852
    CVE-2022-22852
    A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital's Patient Records Management System 1.0 via the description parameter in room_list.……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:51 | 阅读:33 | 回复:0
  • CVE-2021-32840
    CVE-2021-32840
    SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry `../evil.txt` may be extracted in the parent directory of `destFolder`. This leads to arbitrary ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:51 | 阅读:36 | 回复:0
  • CVE-2021-32842
    CVE-2021-32842
    SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.0.0 and prior to version 1.3.3, a check was added if the destination file is under a destination directory. However, ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:51 | 阅读:30 | 回复:0
  • CVE-2022-23967
    CVE-2022-23967
    In TightVNC 1.3.10, there is an integer signedness error and resultant heap-based buffer overflow in InitialiseRFBConnection in rfbproto.c (for the vncviewer component). There is no check on the size ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:51 | 阅读:25 | 回复:0
  • CVE-2021-32841
    CVE-2021-32841
    SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.3.0 and prior to version 1.3.3, a check was added if the destination file is under destination directory. However, it ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:51 | 阅读:52 | 回复:0
  • CVE-2021-32849
    CVE-2021-32849
    Gerapy is a distributed crawler management framework. Prior to version 0.9.9, an authenticated user could execute arbitrary commands. This issue is fixed in version 0.9.9. There are no known workaroun ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:51 | 阅读:40 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
专题导读
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap