• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号
登陆 注册
描述文字
OGeek|极客世界-中国程序员成长平台 门户 漏洞CVE漏洞

CVE漏洞

RSS
  • CVE-2021-20421
    CVE-2021-20421
    IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, ...……
    作者:菜鸟教程小白 | 时间:2022-7-7 08:21 | 阅读:40 | 回复:0
  • CVE-2021-20543
    CVE-2021-20543
    IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's ...……
    作者:菜鸟教程小白 | 时间:2022-7-7 08:21 | 阅读:38 | 回复:0
  • CVE-2021-20544
    CVE-2021-20544
    IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, ...……
    作者:菜鸟教程小白 | 时间:2022-7-7 08:21 | 阅读:38 | 回复:0
  • CVE-2021-20551
    CVE-2021-20551
    IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 199149.……
    作者:菜鸟教程小白 | 时间:2022-7-7 08:21 | 阅读:47 | 回复:0
  • CVE-2021-29865
    CVE-2021-29865
    IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote att ...……
    作者:菜鸟教程小白 | 时间:2022-7-7 08:21 | 阅读:46 | 回复:0
  • CVE-2021-38871
    CVE-2021-38871
    IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the int ...……
    作者:菜鸟教程小白 | 时间:2022-7-7 08:21 | 阅读:42 | 回复:0
  • CVE-2021-39047
    CVE-2021-39047
    IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI ...……
    作者:菜鸟教程小白 | 时间:2022-7-7 08:20 | 阅读:43 | 回复:0
  • CVE-2022-20828
    CVE-2022-20828
    A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module could allow an authenticated, remote attacker to execute arbitrary commands on the ...……
    作者:菜鸟教程小白 | 时间:2022-7-7 08:20 | 阅读:47 | 回复:0
  • CVE-2022-20829
    CVE-2022-20829
    A vulnerability in the packaging of Cisco Adaptive Security Device Manager (ASDM) images and the validation of those images by Cisco Adaptive Security Appliance (ASA) Software could allow an authentic ...……
    作者:菜鸟教程小白 | 时间:2022-7-7 08:20 | 阅读:44 | 回复:0
  • CVE-2022-22502
    CVE-2022-22502
    IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended func ...……
    作者:菜鸟教程小白 | 时间:2022-7-7 08:20 | 阅读:45 | 回复:0
  • CVE-2022-27238
    CVE-2022-27238
    BigBlueButton version 2.4.7 (or earlier) is vulnerable to stored Cross-Site Scripting (XSS) in the private chat functionality. A threat actor could inject JavaScript payload in his/her username. The p ...……
    作者:菜鸟教程小白 | 时间:2022-7-7 08:20 | 阅读:46 | 回复:0
  • CVE-2022-29330
    CVE-2022-29330
    Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via unspecifie ...……
    作者:菜鸟教程小白 | 时间:2022-7-7 08:20 | 阅读:44 | 回复:0
  • CVE-2022-31767
    CVE-2022-31767
    IBM CICS TX Standard and Advanced 11.1 could allow a remote attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 227980.……
    作者:菜鸟教程小白 | 时间:2022-7-7 08:20 | 阅读:41 | 回复:0
  • CVE-2022-33953
    CVE-2022-33953
    IBM Robotic Process Automation 21.0.1 and 21.0.2 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected access tokens. IBM X-Force ID: 2 ...……
    作者:菜鸟教程小白 | 时间:2022-7-7 08:20 | 阅读:39 | 回复:0
  • CVE-2022-30119
    CVE-2022-30119
    XSS in /dashboard/reports/logs/view - old browsers only. When using Internet Explorer with the XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Conc ...……
    作者:菜鸟教程小白 | 时间:2022-7-7 08:19 | 阅读:41 | 回复:0
  • CVE-2022-30120
    CVE-2022-30120
    XSS in /dashboard/blocks/stacks/view_details/ - old browsers only. When using an older browser with built-in XSS protection disabled, insufficient sanitation where built urls are outputted can be expl ...……
    作者:菜鸟教程小白 | 时间:2022-7-7 08:19 | 阅读:42 | 回复:0
  • CVE-2022-32209
    CVE-2022-32209
    # Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifie ...……
    作者:菜鸟教程小白 | 时间:2022-7-7 08:19 | 阅读:55 | 回复:0
  • CVE-2020-21046
    CVE-2020-21046
    A local privilege escalation vulnerability was identified within the luminati_net_updater_win_eagleget_com service in EagleGet Downloader version 2.1.5.20 Stable. This issue allows authenticated non-a ...……
    作者:菜鸟教程小白 | 时间:2022-7-7 08:19 | 阅读:40 | 回复:0
  • CVE-2021-29768
    CVE-2021-29768
    IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the 'Cloud Storage' page for which they should not have access. ...……
    作者:菜鸟教程小白 | 时间:2022-7-7 08:19 | 阅读:41 | 回复:0
  • CVE-2021-38945
    CVE-2021-38945
    IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation. IBM X-Force ID: 211238.……
    作者:菜鸟教程小白 | 时间:2022-7-7 08:19 | 阅读:42 | 回复:0
  • CVE-2022-2102
    CVE-2022-2102
    Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercept the initial file upload page response and modify the associated code. This modified code ...……
    作者:菜鸟教程小白 | 时间:2022-7-7 08:18 | 阅读:39 | 回复:0
  • CVE-2022-2103
    CVE-2022-2103
    An attacker with weak credentials could access the TCP port via an open FTP port, allowing an attacker to read sensitive files and write to remotely executable directories.……
    作者:菜鸟教程小白 | 时间:2022-7-7 08:18 | 阅读:50 | 回复:0
  • CVE-2022-2104
    CVE-2022-2104
    The www-data (Apache web server) account is configured to run sudo with no password for many commands (including /bin/sh and /bin/bash).……
    作者:菜鸟教程小白 | 时间:2022-7-7 08:18 | 阅读:45 | 回复:0
  • CVE-2022-2105
    CVE-2022-2105
    Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a “root” user level meant only for the vendor. Web server root level acce ...……
    作者:菜鸟教程小白 | 时间:2022-7-7 08:18 | 阅读:44 | 回复:0
  • CVE-2022-2119
    CVE-2022-2119
    OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled name ...……
    作者:菜鸟教程小白 | 时间:2022-7-7 08:18 | 阅读:41 | 回复:0
  • CVE-2022-2120
    CVE-2022-2120
    OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled ...……
    作者:菜鸟教程小白 | 时间:2022-7-7 08:18 | 阅读:47 | 回复:0
  • CVE-2022-2121
    CVE-2022-2121
    OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition.……
    作者:菜鸟教程小白 | 时间:2022-7-7 08:18 | 阅读:39 | 回复:0
  • CVE-2022-30117
    CVE-2022-30117
    Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow traversal in /index.php/ccm/system/file/upload which could result in an Arbitrary File Delete exploit. This was remediated by sanit ...……
    作者:菜鸟教程小白 | 时间:2022-7-7 08:18 | 阅读:36 | 回复:0
  • CVE-2022-30118
    CVE-2022-30118
    Title for CVE: XSS in /dashboard/system/express/entities/forms/save_control/: old browsers only.Description: When using Internet Explorer with the XSS protection disabled, editing a form control in an ...……
    作者:菜鸟教程小白 | 时间:2022-7-7 08:18 | 阅读:39 | 回复:0
  • CVE-2022-1745
    CVE-2022-1745
    The authentication mechanism used by technicians on the tested version of Dominion Voting Systems ImageCast X is susceptible to forgery. An attacker with physical access may use this to gain administr ...……
    作者:菜鸟教程小白 | 时间:2022-7-7 08:17 | 阅读:39 | 回复:0
  • CVE-2022-1746
    CVE-2022-1746
    The authentication mechanism used by poll workers to administer voting using the tested version of Dominion Voting Systems ImageCast X can expose cryptographic secrets used to protect election informa ...……
    作者:菜鸟教程小白 | 时间:2022-7-7 08:17 | 阅读:52 | 回复:0
  • CVE-2022-1747
    CVE-2022-1747
    The authentication mechanism used by voters to activate a voting session on the tested version of Dominion Voting Systems ImageCast X is susceptible to forgery. An attacker could leverage this vulnera ...……
    作者:菜鸟教程小白 | 时间:2022-7-7 08:17 | 阅读:44 | 回复:0
  • CVE-2022-21829
    CVE-2022-21829
    Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute code from those zip files which could lead to an RCE. Fixed by enforcing ‘concrete_secure’ ...……
    作者:菜鸟教程小白 | 时间:2022-7-7 08:17 | 阅读:41 | 回复:0
  • CVE-2022-23170
    CVE-2022-23170
    SysAid - Okta SSO integration - was found vulnerable to XML External Entity Injection vulnerability. Any SysAid environment that uses the Okta SSO integration might be vulnerable. An unauthenticated a ...……
    作者:菜鸟教程小白 | 时间:2022-7-7 08:17 | 阅读:45 | 回复:0
  • CVE-2022-28619
    CVE-2022-28619
    A potential security vulnerability has been identified in the installer of HPE Version Control Repository Manager. The vulnerability could allow local escalation of privilege. HPE has made the followi ...……
    作者:菜鸟教程小白 | 时间:2022-7-7 08:17 | 阅读:41 | 回复:0
  • CVE-2022-28620
    CVE-2022-28620
    A remote authentication bypass vulnerability was discovered in HPE Cray Legacy Shasta System Solutions; HPE Slingshot; and HPE Cray EX supercomputers versions: Prior to node controller firmware associ ...……
    作者:菜鸟教程小白 | 时间:2022-7-7 08:17 | 阅读:57 | 回复:0
  • CVE-2022-1667
    CVE-2022-1667
    Client-side JavaScript controls may be bypassed by directly running a JS function to reboot the PLC (e.g., from the browser console) or by loading the corresponding, browser accessible PHP script……
    作者:菜鸟教程小白 | 时间:2022-7-7 08:16 | 阅读:52 | 回复:0
  • CVE-2022-1668
    CVE-2022-1668
    Weak default root user credentials allow remote attackers to easily obtain OS superuser privileges over the open TCP port for SSH.……
    作者:菜鸟教程小白 | 时间:2022-7-7 08:16 | 阅读:43 | 回复:0
  • CVE-2022-1739
    CVE-2022-1739
    The tested version of Dominion Voting Systems ImageCast X does not validate application signatures to a trusted root certificate. Use of a trusted root certificate ensures software installed on a devi ...……
    作者:菜鸟教程小白 | 时间:2022-7-7 08:16 | 阅读:43 | 回复:0
  • CVE-2022-1740
    CVE-2022-1740
    The tested version of Dominion Voting Systems ImageCast X’s on-screen application hash display feature, audit log export, and application export functionality rely on self-attestation mechanisms. An ...……
    作者:菜鸟教程小白 | 时间:2022-7-7 08:16 | 阅读:43 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap