CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-0846

The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id parameter before using it in a SQL statement via the dk_speakout_sendmail AJAX action, leading to an ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：45 | 回复：0
CVE-2021-39876

In all versions of GitLab CE/EE since version 11.3, the endpoint for auto-completing Assignee discloses the members of private groups.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：35 | 回复：0
CVE-2021-4191

An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumerat ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：44 | 回复：0
CVE-2022-0123

An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab does not validate SSL certificates for some of external CI serv ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：63 | 回复：0
CVE-2022-0136

A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1. GitLab was vulnerable to a blind SSRF attack through the Project Import feature.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：46 | 回复：0
CVE-2022-0249

A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a blind SSRF attack since requests to shared address space were not blocked.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：38 | 回复：0
CVE-2022-0283

An issue has been discovered affecting GitLab versions prior to 13.5. An open redirect vulnerability was fixed in GitLab integration with Jira that a could cause the web application to redirect the re ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：43 | 回复：0
CVE-2022-0344

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 14.5.4, all versions starting from 10.1 before 14.6.4, all versions starting from 10.2 before 14.7.1. Private pr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：64 | 回复：0
CVE-2022-0371

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 before 14.5.4, all versions starting from 14.6 before 14.6.4, all versions starting from 14.7 before 14.7.1. GitL ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：47 | 回复：0
CVE-2022-0427

Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an attacker to perform arbitrary HTTP POST requests on a user's behalf leadin ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：49 | 回复：0
CVE-2022-0488

An issue has been discovered in GitLab CE/EE affecting all versions starting with version 8.10. It was possible to trigger a timeout on a page with markdown by using a specific amount of block-quotes.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：39 | 回复：0
CVE-2022-0549

An issue has been discovered in GitLab CE/EE affecting all versions before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under certain condition ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：43 | 回复：0
CVE-2022-0735

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：54 | 回复：0
CVE-2022-0738

An issue has been discovered in GitLab affecting all versions starting from 14.6 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. GitLab was ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：43 | 回复：0
CVE-2022-0751

Inaccurate display of Snippet files containing special characters in all versions of GitLab CE/EE allows an attacker to create Snippets with misleading content which could trick unsuspecting users int ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：40 | 回复：0
CVE-2022-1056

Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with comm ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：51 | 回复：0
CVE-2022-26980

Teampass 2.1.26 allows reflected XSS via the index.php PATH_INFO.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：52 | 回复：0
CVE-2022-27658

Under certain conditions, SAP Innovation management - version 2.0, allows an attacker to access information which could lead to information gathering for further exploits and attacks.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：98 | 回复：0
CVE-2003-5001

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in ISS BlackICE PC Protection and classified as critical. Affected by this issue is the component Cross Site Scripting Detection. The manipula ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：154 | 回复：0
CVE-2003-5002

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in ISS BlackICE PC Protection. It has been declared as problematic. Affected by this vulnerability is the component Update Handler which allow ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：82 | 回复：0
CVE-2003-5003

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in ISS BlackICE PC Protection. It has been rated as problematic. Affected by this issue is the Update Handler. The manipulation with an unknow ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：52 | 回复：0
CVE-2005-10001

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Netegrity SiteMinder up to 4.5.1 and classified as critical. Affected by this issue is the file /siteminderagent/pwcgi/smpwservicescgi.exe ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：63 | 回复：0
CVE-2008-10001

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, has been found in Pro2col Stingray FTS. The manipulation of the argument Username leads to cross site scripting. T ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：80 | 回复：0
CVE-2010-10001

A vulnerability, which was classified as problematic, was found in Shemes GrabIt up to 1.7.2 Beta 4. This affects the component NZB Date Parser. The manipulation of the argument date with the input 10 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：82 | 回复：0
CVE-2017-20011

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in WEKA INTEREST Security Scanner 1.8. It has been rated as problematic. This issue affects some unknown processing of the component HTTP Hand ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：116 | 回复：0
CVE-2017-20012

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in WEKA INTEREST Security Scanner up to 1.8. Affected is Stresstest Scheme Handler which leads to a denial of s ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：270 | 回复：0
CVE-2017-20013

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in WEKA INTEREST Security Scanner up to 1.8. Affected by this vulnerability is the Stresstest Configuration Handler. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：124 | 回复：0
CVE-2017-20014

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, has been found in WEKA INTEREST Security Scanner up to 1.8. Affected by this issue is some unknown functionality o ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：74 | 回复：0
CVE-2017-20015

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, was found in WEKA INTEREST Security Scanner up to 1.8. This affects an unknown part of the component LAN Viewer. T ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：60 | 回复：0
CVE-2017-20016

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in WEKA INTEREST Security Scanner up to 1.8 and classified as problematic. This vulnerability affects unknown code of the component Ports ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：59 | 回复：0
CVE-2022-26278

Tenda AC9 v15.03.2.21_cn was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：55 | 回复：0
CVE-2021-43097

A Server-side Template Injection (SSTI) vulnerability exists in bbs 5.3 in TemplateManageAction.javawhich could let a malicoius user execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：43 | 回复：0
CVE-2021-43098

A File Upload vulnerability exists in bbs v5.3 via QuestionManageAction.java in a getType function.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：43 | 回复：0
CVE-2021-43099

An Archive Extraction (AKA Zip Slip) vulnerability exists in bbs 5.3 in the UpgradeNow function in UpgradeManageAction.java, which unzips the arbitrary upladed zip file without checking filenames. The ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：37 | 回复：0
CVE-2021-43100

A File Upload vulnerability exists in bbs 5.3 is via TopicManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：31 | 回复：0
CVE-2021-43101

A File Upload vulnerability exists in bbs 5.3 is via MembershipCardManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：30 | 回复：0
CVE-2021-43102

A File Upload vulnerability exists in bbs 5.3 is via HelpManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：47 | 回复：0
CVE-2021-43103

A File Upload vulnerability exists in bbs 5.3 is via ForumManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：35 | 回复：0
CVE-2022-24789

C1 CMS is an open-source, .NET based Content Management System (CMS). Versions prior to 6.12 allow an authenticated user to exploit Server Side Request Forgery (SSRF) by causing the server to make arb ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：35 | 回复：0
CVE-2022-26280

Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：31 | 回复：0