漏洞 - 第108页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-24302

In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：44 | 回复：0
CVE漏洞

CVE-2021-44088

An SQL Injection vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows a remote attacker to bypass authentication via unsanitized login parameters.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：59 | 回复：0
CVE漏洞

CVE-2021-44087

A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows an unauthenticated remote attacker to upload a maliciously crafted PHP via photo up ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：54 | 回复：0
CVE漏洞

CVE-2021-43961

Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：59 | 回复：0
CVE漏洞

CVE-2022-26504

Improper authentication in Veeam Backup Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via V ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：45 | 回复：0
CVE漏洞

CVE-2022-26501

Veeam Backup Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：37 | 回复：0
CVE漏洞

CVE-2022-26500

Improper limitation of path names in Veeam Backup Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execut ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：30 | 回复：0
CVE漏洞

CVE-2022-24770

`gradio` is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, `gradio` suffers from Improper Neutralization of Formula Elements in a CSV Fil ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：33 | 回复：0
CVE漏洞

CVE-2022-21822

NVIDIA FLARE contains a vulnerability in the admin interface, where an un-authorized attacker can cause Allocation of Resources Without Limits or Throttling, which may lead to cause system unavailable ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-46107

Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF) which allows an attacker to read any documents via the download features.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-45040

The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows remote attackers to upload executable files via the uploads route.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-44907

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：28 | 回复：0
CVE漏洞

CVE-2022-26511

WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when opening .pps files('current directory type' DLL loading).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：23 | 回复：0
CVE漏洞

CVE-2022-26081

The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：25 | 回复：0
CVE漏洞

CVE-2022-25969

The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：27 | 回复：0
CVE漏洞

CVE-2022-25949

The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Version 2010.06.23.247 fails to properly handle crafted inputs, leading to stack-based buffer overflow.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：30 | 回复：0
CVE漏洞

CVE-2022-26503

Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arbitrary code with local system privileges.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：32 | 回复：0
CVE漏洞

CVE-2022-25364

In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the buil ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：25 | 回复：0
CVE漏洞

CVE-2022-24759

`@chainsafe/libp2p-noise` contains TypeScript implementation of noise protocol, an encryption protocol used in libp2p. `@chainsafe/libp2p-noise` before 4.1.2 and 5.0.3 does not correctly validate sign ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：28 | 回复：0
CVE漏洞

CVE-2022-26526

Anaconda Anaconda3 (Anaconda Distribution) through 2021.11.0.0 and Miniconda3 through 4.11.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH e ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-44906

Minimist =1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：25 | 回复：0
CVE漏洞

CVE-2020-15591

fexsrv in F*EX (aka Frams' Fast File EXchange) before fex-20160919_2 allows eval injection (for unauthenticated remote code execution).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：31 | 回复：0
CVE漏洞

CVE-2022-24761

Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-44262

A vulnerability is in the 'MNU_top.htm' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-44261

A vulnerability is in the 'BRS_top.html' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-44260

A vulnerability is in the 'live_mfg.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. Wh ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-44259

A vulnerability is in the 'wx.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When an ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：31 | 回复：0
CVE漏洞

CVE-2022-25760

All versions of package accesslog are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization. If (attacker-controlled) user input is given to th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：37 | 回复：0
CVE漏洞

CVE-2022-25354

The package set-in before 2.0.3 are vulnerable to Prototype Pollution via the setIn method, as it allows an attacker to merge object prototypes into it. **Note:** This vulnerability derives from an in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：26 | 回复：0
CVE漏洞

CVE-2022-25352

The package libnested before 1.5.2 are vulnerable to Prototype Pollution via the set function in index.js. **Note:** This vulnerability derives from an incomplete fix for (https://security.snyk.io/vul ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：34 | 回复：0
CVE漏洞

CVE-2022-25296

The package bodymen from 0.0.0 are vulnerable to Prototype Pollution via the handler function which could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：48 | 回复：0
CVE漏洞

CVE-2022-21221

The package github.com/valyala/fasthttp before 1.34.0 are vulnerable to Directory Traversal via the ServeFile function, due to improper sanitization. It is possible to be exploited by using a backslas ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：32 | 回复：0
CVE漏洞

CVE-2022-0749

This affects all versions of package SinGooCMS.Utility. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket clie ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：36 | 回复：0
CVE漏洞

CVE-2022-0748

The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-45794

Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/system/backup.php. User data can be obtained.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-45793

Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：41 | 回复：0
CVE漏洞

CVE-2021-44908

SailsJS Sails.js =1.4.0 is vulnerable to Prototype Pollution via controller/load-action-modules.js, function loadActionModules().……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：43 | 回复：0
CVE漏洞

CVE-2021-23771

This affects all versions of package notevil; all versions of package argencoders-notevil. It is vulnerable to Sandbox Escape leading to Prototype pollution. The package fails to restrict access to th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：45 | 回复：0
CVE漏洞

CVE-2021-23632

All versions of package git are vulnerable to Remote Code Execution (RCE) due to missing sanitization in the Git.git method, which allows execution of OS commands rather than just git commands. Steps ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：50 | 回复：0
CVE漏洞

CVE-2021-23556

The package guake before 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of execute_command and execute_command_by_uuid methods via the d-bus interface, which makes it ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：72 | 回复：0