CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-2284

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：1101 | 回复：0
CVE-2022-2285

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：541 | 回复：0
CVE-2022-2286

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：682 | 回复：0
CVE-2022-34911

An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After acco ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：1527 | 回复：0
CVE-2022-34912

An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default con ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：1008 | 回复：0
CVE-2022-34913

** DISPUTED ** md2roff 1.7 has a stack-based buffer overflow via a Markdown file containing a large number of consecutive characters to be processed. NOTE: the vendor's position is that the produc ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：611 | 回复：0
CVE-2022-2287

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：812 | 回复：0
CVE-2022-2290

Cross-site Scripting (XSS) - Reflected in GitHub repository zadam/trilium prior to 0.52.4, 0.53.1-beta.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：538 | 回复：0
CVE-2022-2288

Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：497 | 回复：0
CVE-2022-2289

Use After Free in GitHub repository vim/vim prior to 9.0.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：576 | 回复：0
CVE-2022-32284

Use of insufficiently random values vulnerability exists in Vnet/IP communication module VI461 of YOKOGAWA Wide Area Communication Router (WAC Router) AW810D, which may allow a remote attacker to caus ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：769 | 回复：0
CVE-2022-33208

Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and ear ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：842 | 回复：0
CVE-2022-33948

HOME SPOT CUBE2 V102 contains an OS command injection vulnerability due to improper processing of data received from DHCP server. An adjacent attacker may execute an arbitrary OS command on the produc ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：1122 | 回复：0
CVE-2022-33971

Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and ear ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：713 | 回复：0
CVE-2022-34151

Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Mach ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：1117 | 回复：0
CVE-2022-26051

Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Portal.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：709 | 回复：0
CVE-2022-26054

Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Link.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：528 | 回复：0
CVE-2022-26368

Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter and/or obtain the data of Cabinet.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：590 | 回复：0
CVE-2022-27627

Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user's web browser. ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：561 | 回复：0
CVE-2022-27661

Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：559 | 回复：0
CVE-2022-27803

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：535 | 回复：0
CVE-2022-27807

Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：929 | 回复：0
CVE-2022-28692

Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Scheduler.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：625 | 回复：0
CVE-2022-28713

Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：773 | 回复：0
CVE-2022-28718

Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：475 | 回复：0
CVE-2022-29467

Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：470 | 回复：0
CVE-2022-29471

Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：534 | 回复：0
CVE-2022-29484

Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：724 | 回复：0
CVE-2022-29513

Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：512 | 回复：0
CVE-2022-29892

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：845 | 回复：0
CVE-2022-2300

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：537 | 回复：0
CVE-2022-2301

Buffer Over-read in GitHub repository hpjansson/chafa prior to 1.10.3.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：629 | 回复：0
CVE-2021-25056

The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitise and escape field labels, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_ht ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：505 | 回复：0
CVE-2021-25066

The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitize and escape some imported data, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilte ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：900 | 回复：0
CVE-2022-0250

The Redirection for Contact Form 7 WordPress plugin before 2.5.0 does not escape a link generated before outputting it in an attribute, leading to a Reflected Cross-Site Scripting……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：539 | 回复：0
CVE-2022-1301

The WP Contact Slider WordPress plugin before 2.4.7 does not sanitize and escape the Text to Display settings of sliders, which could allow high privileged users such as editor and above to perform Cr ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：533 | 回复：0
CVE-2022-1946

The Gallery WordPress plugin before 2.0.0 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated user ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：482 | 回复：0
CVE-2022-1967

The WP Championship WordPress plugin before 9.3 is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary tea ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：478 | 回复：0
CVE-2022-2268

The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：923 | 回复：0
CVE-2022-33171

** DISPUTED ** The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplyi ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：583 | 回复：0