CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-22847

Formpipe Lasernet before 9.13.3 allows file inclusion in Client Web Services (either by an authenticated attacker, or in a configuration that does not require authentication).……

作者：菜鸟教程小白 | 时间：2022-6-22 22:00 | 阅读：24 | 回复：0
CVE-2021-44586

An issue was discovered in dst-admin v1.3.0. The product has an unauthorized arbitrary file download vulnerability that can expose sensitive information.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:00 | 阅读：31 | 回复：0
CVE-2021-23154

In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user's shell. Arguments can be provided ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:00 | 阅读：28 | 回复：0
CVE-2021-23218

When running with FIPS mode enabled, Mirantis Container Runtime 20.10.8 leaks memory during TLS Handshakes which could be abused to cause a denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:00 | 阅读：30 | 回复：0
CVE-2021-24862

The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could le ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:00 | 阅读：38 | 回复：0
CVE-2021-24948

The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery parameter of the tp_get_dl_post_info_ajax AJAX action, which could allow unauthenticated users to retrie ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:00 | 阅读：41 | 回复：0
CVE-2021-24949

The WP Search Filters widget of The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not sanitise and escape the option parameter before using it in a SQL statement, which could lead ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:00 | 阅读：86 | 回复：0
CVE-2021-25032

The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress plugin before 2.3.1 does not have authorisation and CSRF checks when updating the plugin's sett ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:00 | 阅读：120 | 回复：0
CVE-2021-25043

The WOOCS WordPress plugin before 1.3.7.3 does not sanitise and escape the custom_prices parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue……

作者：菜鸟教程小白 | 时间：2022-6-22 22:00 | 阅读：143 | 回复：0
CVE-2021-25047

The 10Web Social Photo Feed WordPress plugin before 1.4.29 was affected by a reflected Cross-Site Scripting (XSS) vulnerability in the wdi_apply_changes admin page, allowing an attacker to perform suc ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:00 | 阅读：95 | 回复：0
CVE-2021-25051

The Modal Window WordPress plugin before 5.2.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:00 | 阅读：61 | 回复：0
CVE-2021-25052

The Button Generator WordPress plugin before 2.3.3 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus lea ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:00 | 阅读：50 | 回复：0
CVE-2021-25053

The WP Coder WordPress plugin before 2.5.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:00 | 阅读：52 | 回复：0
CVE-2021-25054

The WPcalc WordPress plugin through 2.1 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection vulnerability.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:00 | 阅读：41 | 回复：0
CVE-2021-43297

A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/ ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:00 | 阅读：30 | 回复：0
CVE-2021-43949

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view private objects via a Broken Access Control vulnerability in the Custom Field ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:00 | 阅读：25 | 回复：0
CVE-2021-43951

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view object import configuration details via an Information Disclosure vulnerabili ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:00 | 阅读：20 | 回复：0
CVE-2021-44458

Linux users running Lens 5.2.6 and earlier could be compromised by visiting a malicious website. The malicious website could make websocket connections from the victim's browser to Lens and so ope ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:00 | 阅读：16 | 回复：0
CVE-2022-0156

vim is vulnerable to Use After Free……

作者：菜鸟教程小白 | 时间：2022-6-22 22:00 | 阅读：15 | 回复：0
CVE-2022-21643

USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via register.php. In particular usernames, email addresses, and passwords provided by the user ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：12 | 回复：0
CVE-2022-21644

USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via usersearch.php. In search terms provided by the user were not sanitized and were used dire ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：14 | 回复：0
CVE-2022-21647

CodeIgniter is an open source PHP full-stack web framework. Deserialization of Untrusted Data was found in the `old()` function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary obj ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：15 | 回复：0
CVE-2022-21648

Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a sandbox escape exists allowing for injecti ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：14 | 回复：0
CVE-2022-21649

Convos is an open source multi-user chat that runs in a web browser. Characters starting with https:// in the chat window create an a tag. Stored XSS vulnerability using onfocus and autofocus occurs b ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：21 | 回复：0
CVE-2022-21650

Convos is an open source multi-user chat that runs in a web browser. You can't use SVG extension in Convos' chat window, but you can upload a file with an .html extension. By uploading an SVG ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：25 | 回复：0
CVE-2021-22045

VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device e ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：24 | 回复：0
CVE-2021-41388

Netskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability. The XPC implementation of nsAuxiliarySvc process does not perform validation on new connections before ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：19 | 回复：0
CVE-2021-45115

An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：18 | 回复：0
CVE-2021-45116

An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filt ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：16 | 回复：0
CVE-2021-45452

Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：15 | 回复：0
CVE-2021-43946

Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /se ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：13 | 回复：0
CVE-2021-22567

Bidirectional Unicode text can be interpreted and compiled differently than how it appears in editors which can be exploited to get nefarious code passed a code review by appearing benign. An attacker ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：14 | 回复：0
CVE-2020-15933

A exposure of sensitive information to an unauthorized actor in Fortinet FortiMail versions 6.0.9 and below, FortiMail versions 6.2.4 and below FortiMail versions 6.4.1 and 6.4.0 allows attacker to ob ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：12 | 回复：0
CVE-2021-31589

A cross-site scripting (XSS) vulnerability has been reported and confirmed for BeyondTrust Secure Remote Access Base Software version 6.0.1 and older, which allows the injection of unauthenticated, sp ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：13 | 回复：0
CVE-2021-41043

Use after free in tcpslice triggers AddressSanitizer, no other confirmed impact.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：13 | 回复：0
CVE-2022-22107

In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the appointments of all users i ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：12 | 回复：0
CVE-2022-22108

In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the absences of all users in th ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：10 | 回复：0
CVE-2022-22109

In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：13 | 回复：0
CVE-2022-22110

In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：13 | 回复：0
CVE-2022-22111

In DayByDay CRM, version 2.2.0 is vulnerable to missing authorization. Any application user in the application who has update user permission enabled is able to change the password of other users, inc ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：12 | 回复：0