漏洞 - 第109页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-1000

Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：101 | 回复：0
CVE漏洞

CVE-2021-45792

Slims9 Bulian 9.4.2 is affected by Cross Site Scripting (XSS) in /admin/modules/system/custom_field.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：153 | 回复：0
CVE漏洞

CVE-2021-45791

Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/member_type.php, /admin/modules/system/user_group.php, and /admin/modules/membershi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：105 | 回复：0
CVE漏洞

CVE-2022-24075

Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script cou ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：86 | 回复：0
CVE漏洞

CVE-2022-24074

Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rend ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：137 | 回复：0
CVE漏洞

CVE-2022-24073

The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：176 | 回复：0
CVE漏洞

CVE-2022-24072

The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions d ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：141 | 回复：0
CVE漏洞

CVE-2022-22273

** UNSUPPORTED WHEN ASSIGNED ** Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware v ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：188 | 回复：0
CVE漏洞

CVE-2022-25516

stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function stbtt__find_table at stb_truetype.h.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：139 | 回复：0
CVE漏洞

CVE-2022-25515

stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttULONG() at stb_truetype.h.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：178 | 回复：0
CVE漏洞

CVE-2022-25514

stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttUSHORT() at stb_truetype.h.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：137 | 回复：0
CVE漏洞

CVE-2022-26534

FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via a malicious viewchange packet, will cause normal nodes to change view excessively and stop generating blocks ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：103 | 回复：0
CVE漏洞

CVE-2022-26300

EOS v2.1.0 was discovered to contain a heap-buffer-overflow via the function txn_test_gen_plugin.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：103 | 回复：0
CVE漏洞

CVE-2021-42219

Go-Ethereum v1.10.9 was discovered to contain an issue which allows attackers to cause a denial of service (DoS) via sending an excessive amount of messages to a node. This is caused by missing memory ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：92 | 回复：0
CVE漏洞

CVE-2022-26295

A stored cross-site scripting (XSS) vulnerability in /ptms/?page=user of Online Project Time Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inje ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：121 | 回复：0
CVE漏洞

CVE-2022-26293

Online Project Time Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the function save_employee at /ptms/classes/Users.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：130 | 回复：0
CVE漏洞

CVE-2022-23610

wire-server provides back end services for Wire, an open source messenger. In versions of wire-server prior to the 2022-01-27 release, it was possible to craft DSA Signatures to bypass SAML SSO and im ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：184 | 回复：0
CVE漏洞

CVE-2022-24729

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog inpu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：169 | 回复：0
CVE漏洞

CVE-2022-24728

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to vers ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：128 | 回复：0
CVE漏洞

CVE-2022-23812

This affects the package node-ipc from 10.1.1 and before 10.1.3. This package contains malicious code, that targets users with IP located in Russia or Belarus, and overwrites their files with a heart ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：171 | 回复：0
CVE漏洞

CVE-2022-21164

The package node-lmdb before 0.9.7 are vulnerable to Denial of Service (DoS) when defining a non-invokable ToString value, which will cause a crash during type check.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：162 | 回复：0
CVE漏洞

CVE-2021-45822

A cross-site scripting vulnerability is present in Xbtit 3.1. The stored XSS vulnerability occurs because /ajaxchat/sendChatData.php does not properly validate the value of the n (POST) parameter. Thr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：167 | 回复：0
CVE漏洞

CVE-2021-23648

The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：164 | 回复：0
CVE漏洞

CVE-2022-26660

RunAsSpc 4.0 uses a universal and recoverable encryption key. In possession of a file encrypted by RunAsSpc, an attacker can recover the credentials that were used.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：221 | 回复：0
CVE漏洞

CVE-2022-26354

A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected r ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：224 | 回复：0
CVE漏洞

CVE-2022-26353

A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memor ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：209 | 回复：0
CVE漏洞

CVE-2022-25252

When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) when receiving certain input throws an exception. Services using said function do not h ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：162 | 回复：0
CVE漏洞

CVE-2022-25251

When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain XML messages to a specific port without proper au ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：159 | 回复：0
CVE漏洞

CVE-2022-25250

When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send a certain command to a specific port without authenticati ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：152 | 回复：0
CVE漏洞

CVE-2022-25249

When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) (disregarding Axeda agent v6.9.2 and v6.9.3) is vulnerable to directory traversal, whic ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：176 | 回复：0
CVE漏洞

CVE-2022-25248

When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) supplies the event log of the specific service.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：275 | 回复：0
CVE漏洞

CVE-2022-25247

Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of this ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：161 | 回复：0
CVE漏洞

CVE-2022-25246

Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a re ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：134 | 回复：0
CVE漏洞

CVE-2022-23234

SnapCenter versions prior to 4.5 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext HANA credentials.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：129 | 回复：0
CVE漏洞

CVE-2022-0982

The telnet_input_char function in opt/src/accel-pppd/cli/telnet.c suffers from a memory corruption vulnerability, whereby user input cmdline_len is copied into a fixed buffer b-buf without any bound c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：137 | 回复：0
CVE漏洞

CVE-2022-0959

A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system u ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：275 | 回复：0
CVE漏洞

CVE-2022-0918

A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：123 | 回复：0
CVE漏洞

CVE-2022-0811

A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container es ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：112 | 回复：0
CVE漏洞

CVE-2021-45821

A blind SQL injection vulnerability exists in Xbtit 3.1 via the sid parameter in ajaxchat/getHistoryChatData.php file that is accessible by a registered user. As a result, a malicious user can extract ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：117 | 回复：0
CVE漏洞

CVE-2021-42730

Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious PSD file, potentially resulting in arbitrary code execution in the co ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：136 | 回复：0