漏洞 - 第115页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-24752

SyliusGridBundle is a package of generic data grids for Symfony applications. Prior to versions 1.10.1 and 1.11-rc2, values added at the end of query sorting were passed directly to the database. The ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：56 | 回复：0
CVE漏洞

CVE-2022-0957

Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：63 | 回复：0
CVE漏洞

CVE-2022-24755

Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director = 18.2 = 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured fo ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：50 | 回复：0
CVE漏洞

CVE-2022-0961

The microweber application allows large characters to insert in the input field post title which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in GitHub repository ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：45 | 回复：0
CVE漏洞

CVE-2022-0430

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository httpie/httpie prior to 3.1.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：58 | 回复：0
CVE漏洞

CVE-2022-24721

CometD is a scalable comet implementation for web messaging. In any version prior to 5.0.11, 6.0.6, and 7.0.6, internal usage of Oort and Seti channels is improperly authorized, so any remote user cou ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：53 | 回复：0
CVE漏洞

CVE-2022-0942

Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：59 | 回复：0
CVE漏洞

CVE-2022-0956

Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：57 | 回复：0
CVE漏洞

CVE-2022-0954

Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweb ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：59 | 回复：0
CVE漏洞

CVE-2021-45010

A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP file ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：113 | 回复：0
CVE漏洞

CVE-2022-0894

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：169 | 回复：0
CVE漏洞

CVE-2022-0893

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：85 | 回复：0
CVE漏洞

CVE-2022-0951

File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：88 | 回复：0
CVE漏洞

CVE-2022-0950

Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：114 | 回复：0
CVE漏洞

CVE-2022-27193

CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities (XXE). This leads to the inclusion of arbitrary (local) file content into the generated output document. An attacker can exploit thi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：101 | 回复：0
CVE漏洞

CVE-2022-0945

Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：83 | 回复：0
CVE漏洞

CVE-2022-0944

Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：62 | 回复：0
CVE漏洞

CVE-2022-24762

sysend.js is a library that allows a user to send messages between pages that are open in the same browser. Users that use cross-origin communication may have their communications intercepted. Impact ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：51 | 回复：0
CVE漏洞

CVE-2022-24740

Volto is a ReactJS-based frontend for the Plone Content Management System. Between versions 14.0.0-alpha.5 and 15.0.0-alpha.0, a user could have their authentication cookie replaced with an authentica ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：62 | 回复：0
CVE漏洞

CVE-2021-43305

Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：61 | 回复：0
CVE漏洞

CVE-2021-43304

Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：64 | 回复：0
CVE漏洞

CVE-2021-42391

Divide-by-zero in Clickhouse's Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：73 | 回复：0
CVE漏洞

CVE-2021-42390

Divide-by-zero in Clickhouse's DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：61 | 回复：0
CVE漏洞

CVE-2021-42389

Divide-by-zero in Clickhouse's Delta compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：64 | 回复：0
CVE漏洞

CVE-2021-42388

Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value ('offset') is ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：134 | 回复：0
CVE漏洞

CVE-2021-42387

Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value ('offset') is ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：274 | 回复：0
CVE漏洞

CVE-2022-24749

Sylius is an open source eCommerce platform. In versions prior to 1.9.10, 1.10.11, and 1.11.2, it is possible to upload an SVG file containing cross-site scripting (XSS) code in the admin panel. In or ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：136 | 回复：0
CVE漏洞

CVE-2022-24743

Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several tim ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：104 | 回复：0
CVE漏洞

CVE-2022-0943

Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：61 | 回复：0
CVE漏洞

CVE-2022-24742

Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, any other user can view the data if browser tab remains unclosed after log out. The issue is fixed in versio ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：61 | 回复：0
CVE漏洞

CVE-2022-24733

Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, it is possible for a page controlled by an attacker to load the website within an iframe. This will enable a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：56 | 回复：0
CVE漏洞

CVE-2022-24578

GPAC 1.0.1 is affected by a heap-based buffer overflow in SFS_AddString () at bifs/script_dec.c.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：58 | 回复：0
CVE漏洞

CVE-2022-20001

fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：97 | 回复：0
CVE漏洞

CVE-2022-26351

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-26320. Reason: This candidate is a reservation duplicate of CVE-2022-26320. Notes: All CVE users should reference CVE-2022-26320 ins ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：58 | 回复：0
CVE漏洞

CVE-2022-26320

The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and p ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：48 | 回复：0
CVE漏洞

CVE-2022-21187

The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the update_repo function (when using hg), the url parameter is passed to the hg clone command. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：53 | 回复：0
CVE漏洞

CVE-2022-22354

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP denial ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：48 | 回复：0
CVE漏洞

CVE-2022-22353

IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules usin ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：47 | 回复：0
CVE漏洞

CVE-2022-22348

IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse tabnabbing where it could allow a page linked to from within Operations Center to rewrite it. An administra ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：50 | 回复：0
CVE漏洞

CVE-2022-22346

IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：58 | 回复：0