CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-22790

SYNEL - eharmony Directory Traversal. Directory Traversal - is an attack against a server or a Web application aimed at unauthorized access to the file system. on the Name parameter the attacker can r ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：139 | 回复：0
CVE-2022-22791

SYNEL - eharmony Authenticated Blind Stored XSS. Inject JS code into the comments field could lead to potential stealing of cookies, loading of HTML tags and JS code onto the system.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：119 | 回复：0
CVE-2022-22938

VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windows (5.x prior to 5.5.3) contains a denial-of-service vulnerability in the Cortado ThinPrint component. The issue exists in TrueTyp ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：108 | 回复：0
CVE-2022-22992

A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary system commands on the device. The vulnerab ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：107 | 回复：0
CVE-2022-22993

A limited SSRF vulnerability was discovered on Western Digital My Cloud devices that could allow an attacker to impersonate a server and reach any page on the server by bypassing access controls. The ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：97 | 回复：0
CVE-2022-22994

A remote code execution vulnerability was discovered on Western Digital My Cloud devices where an attacker could trick a NAS device into loading through an unsecured HTTP call. This was a result insuf ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：86 | 回复：0
CVE-2022-23456

Potential arbitrary file deletion vulnerability has been identified in HP Support Assistant software.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：86 | 回复：0
CVE-2022-23727

There is a privilege escalation vulnerability in some webOS TVs. Due to wrong setting environments, local attacker is able to perform specific operation to exploit this vulnerability. Exploitation may ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：78 | 回复：0
CVE-2022-23979

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability discovered in Ultimate Reviews WordPress plugin (versions = 3.0.15).……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：76 | 回复：0
CVE-2022-23887

YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily delete user accounts via /admin/admin_manage/delete.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：78 | 回复：0
CVE-2022-23888

YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgey (CSRF) via the component /yzmcms/comment/index/init.html.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：76 | 回复：0
CVE-2022-23889

The comment function in YzmCMS v6.3 was discovered as being able to be operated concurrently, allowing attackers to create an unusually large number of comments.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：83 | 回复：0
CVE-2021-23484

The package zip-local before 0.3.5 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) which can lead to an extraction of a crafted file outside the intended extraction directory.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：93 | 回复：0
CVE-2021-23558

The package bmoor before 0.10.1 are vulnerable to Prototype Pollution due to missing sanitization in set function. **Note:** This vulnerability derives from an incomplete fix in (https://security.snyk ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：90 | 回复：0
CVE-2021-23760

The package keyget from 0.0.0 are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：88 | 回复：0
CVE-2021-46033

In ForestBlog, as of 2021-12-28, File upload can bypass verification.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：63 | 回复：0
CVE-2021-46089

In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root privileges.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：67 | 回复：0
CVE-2021-34865

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：58 | 回复：0
CVE-2021-34866

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.14-rc3. An attacker must first obtain the ability to execute low-privileged code on the tar ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：63 | 回复：0
CVE-2021-34867

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute high-privileged code ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：57 | 回复：0
CVE-2021-34868

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute low-privileged code o ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：60 | 回复：0
CVE-2021-34869

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute low-privileged code o ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：55 | 回复：0
CVE-2021-34870

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR XR1000 1.0.0.52_1.0.38 routers. Authentication is not required to exploit th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：48 | 回复：0
CVE-2021-43863

The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. The Nextcloud Android app uses content providers to manage its data. Prior to version 3.18.1, the pr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：62 | 回复：0
CVE-2021-46034

A problem was found in ForestBlog, as of 2021-12-29, there is a XSS vulnerability that can be injected through the nickname input box.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：63 | 回复：0
CVE-2021-46083

uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) via the input box of the statistical code.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：53 | 回复：0
CVE-2021-46084

uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) via close registration information input box.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：51 | 回复：0
CVE-2021-46085

OneBlog = 2.2.8 is vulnerable to Insecure Permissions. Low level administrators can delete high-level administrators beyond their authority.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：50 | 回复：0
CVE-2021-46086

xzs-mysql = t3.4.0 is vulnerable to Insecure Permissions. The front end of this open source system is an online examination system. There is an unsafe vulnerability in the functional method of submitt ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：54 | 回复：0
CVE-2021-46087

In jfinal_cms = 5.1 0, there is a storage XSS vulnerability in the background system of CMS. Because developers do not filter the parameters submitted by the user input form, any user with background ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：51 | 回复：0
CVE-2021-39031

IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could e ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：63 | 回复：0
CVE-2022-0351

Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：65 | 回复：0
CVE-2021-38129

Escalation of privileges vulnerability in Micro Focus in Micro Focus Operations Agent, affecting versions 12.x up to and including 12.21. The vulnerability could be exploited by a non-privileged local ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：58 | 回复：0
CVE-2021-40158

A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 may be forced to read beyond allocated boundaries when parsing the JT file. This vulnerability can be exploited to execute arb ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：63 | 回复：0
CVE-2021-40159

An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022, 2021, 2020, 2019 may lead to code execution through maliciously crafted JT files.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：65 | 回复：0
CVE-2021-40167

A Memory Corruption Vulnerability in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 and prior may lead to remote code execution through maliciously crafted DWF and TGA files.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：54 | 回复：0
CVE-2021-40337

Cross-site Scripting (XSS) vulnerability in Hitachi Energy LinkOne allows an attacker that manages to exploit the vulnerability can take advantage to exploit multiple web attacks and stole sensitive i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：57 | 回复：0
CVE-2021-41598

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：62 | 回复：0
CVE-2021-43298

The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacke ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：54 | 回复：0
CVE-2021-45729

The Privilege Escalation vulnerability discovered in the WP Google Map WordPress plugin (versions = 1.8.0) allows authenticated low-role users to create, edit, and delete maps.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:08 | 阅读：62 | 回复：0