CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-21397

Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:05 | 阅读：21 | 回复：0
CVE-2022-21398

Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:05 | 阅读：22 | 回复：0
CVE-2022-21399

Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:05 | 阅读：25 | 回复：0
CVE-2022-21400

Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:05 | 阅读：21 | 回复：0
CVE-2022-21401

Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:05 | 阅读：22 | 回复：0
CVE-2022-21402

Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:05 | 阅读：12 | 回复：0
CVE-2022-21403

Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:05 | 阅读：19 | 回复：0
CVE-2021-38787

There is an integer overflow in the ION driver /dev/ion of Allwinner R818 SoC Android Q SDK V1.0 that could use the ioctl cmd COMPAT_ION_IOC_SUNXI_FLUSH_RANGE to cause a system crash (denial of servic ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:05 | 阅读：17 | 回复：0
CVE-2021-45808

jpress v4.2.0 allows users to register an account by default. With the account, user can upload arbitrary files to the server.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:05 | 阅读：14 | 回复：0
CVE-2021-46104

An issue was discovered in webp_server_go 0.4.0. There is a directory traversal vulnerability that can read arbitrary file information on the server.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:05 | 阅读：28 | 回复：0
CVE-2021-44837

An issue was discovered in Delta RM 1.2. It is possible for an unprivileged user to access the same information as an admin user regarding the risk creation information in the /risque/administration/r ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:05 | 阅读：21 | 回复：0
CVE-2021-46030

There is a Cross Site Scripting attack (XSS) vulnerability in JavaQuarkBBS = v2. By entering specific statements into the background tag management module, the attack statement will be stored in the d ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:05 | 阅读：16 | 回复：0
CVE-2021-38788

The Background service in Allwinner R818 SoC Android Q SDK V1.0 is used to manage background applications. Malicious apps can use the interface provided by the service to set the number of application ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:05 | 阅读：19 | 回复：0
CVE-2022-22310

IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:05 | 阅读：29 | 回复：0
CVE-2022-23221

H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a dif ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:05 | 阅读：20 | 回复：0
CVE-2021-33912

libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:05 | 阅读：19 | 回复：0
CVE-2021-33913

libspf2 before 1.2.11 has a heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:05 | 阅读：20 | 回复：0
CVE-2021-42810

A flaw in the previous versions of the product may allow an authenticated attacker the ability to execute code as a privileged user on a system where the agent is installed.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:05 | 阅读：27 | 回复：0
CVE-2021-44299

A reflected cross-site scripting (XSS) vulnerability in \lib\packages\themes\themes.php of Navigate CMS v2.9.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted pay ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:05 | 阅读：21 | 回复：0
CVE-2021-46203

Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:05 | 阅读：23 | 回复：0
CVE-2021-46204

Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. SQL injection vulnerability via taocms\include\Model\Article.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:05 | 阅读：23 | 回复：0
CVE-2021-24838

The AnyComment WordPress plugin through 0.2.17 has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first, leading to an Open Re ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：12 | 回复：0
CVE-2021-24909

The ACF Photo Gallery Field WordPress plugin before 1.7.5 does not sanitise and escape the post parameter in the includes/acf_photo_gallery_metabox_edit.php file before outputing back in an attribute, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：6 | 回复：0
CVE-2021-25005

The SEUR Oficial WordPress plugin before 1.7.0 does not sanitize and escape some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html cap ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：5 | 回复：0
CVE-2021-25024

The EventCalendar WordPress plugin before 1.1.51 does not escape some user input before outputting it back in attributes, leading to Reflected Cross-SIte Scripting issues……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：8 | 回复：0
CVE-2021-25025

The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the add_calendar_event AJAX actions, allowing users with a role as low as subscriber to create ev ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：13 | 回复：0
CVE-2021-25036

The All in One SEO WordPress plugin before 4.1.5.3 is affected by a Privilege Escalation issue, which was discovered during an internal audit by the Jetpack Scan team, and may grant bad actors access ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：18 | 回复：0
CVE-2021-25037

The All in One SEO WordPress plugin before 4.1.5.3 is affected by an authenticated SQL injection issue, which was discovered during an internal audit by the Jetpack Scan team, and could grant attacker ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：10 | 回复：0
CVE-2021-25046

The Modern Events Calendar Lite WordPress plugin before 6.2.0 alloed any logged-in user, even a subscriber user, may add a category whose parameters are incorrectly escaped in the admin panel, leading ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：11 | 回复：0
CVE-2021-25061

The WP Booking System WordPress plugin before 2.0.15 was affected by a reflected xss in wp-booking-system on the wpbs-calendars admin page.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：11 | 回复：0
CVE-2021-25065

The Smash Balloon Social Post Feed WordPress plugin before 4.1.1 was affected by a reflected XSS in custom-facebook-feed in cff-top admin page.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：13 | 回复：0
CVE-2021-25067

The Landing Page Builder WordPress plugin before 1.4.9.6 was affected by a reflected XSS in page-builder-add on the ulpb_post admin page.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：9 | 回复：0
CVE-2021-4164

calibre-web is vulnerable to Cross-Site Request Forgery (CSRF)……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：6 | 回复：0
CVE-2021-3862

icecoder is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：16 | 回复：0
CVE-2022-0240

mruby is vulnerable to NULL Pointer Dereference……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：8 | 回复：0
CVE-2022-0253

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：6 | 回复：0
CVE-2022-0256

pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：15 | 回复：0
CVE-2022-0257

pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：8 | 回复：0
CVE-2022-0258

pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：20 | 回复：0
CVE-2021-33040

managers/views/iframe.js in FuturePress EPub.js before 0.3.89 allows XSS.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：17 | 回复：0