漏洞 - 第119页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-23924

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Se ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：39 | 回复：0
CVE漏洞

CVE-2022-23731

V8 javascript engine (heap vulnerability) can cause privilege escalation ,which can impact on some webOS TV models.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：48 | 回复：0
CVE漏洞

CVE-2022-23730

The public API error causes for the attacker to be able to bypass API access control.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：64 | 回复：0
CVE漏洞

CVE-2022-23625

Wire-ios is a messaging application using the wire protocol on apple's ios platform. In versions prior to 3.95 malformed resource identifiers may render the iOS Wire Client completely unusable by ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：59 | 回复：0
CVE漏洞

CVE-2022-23187

Adobe Illustrator version 26.0.3 (and earlier) is affected by a buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the conte ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：79 | 回复：0
CVE漏洞

CVE-2022-0924

Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：79 | 回复：0
CVE漏洞

CVE-2022-0921

Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：74 | 回复：0
CVE漏洞

CVE-2022-0909

Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：69 | 回复：0
CVE漏洞

CVE-2022-0908

Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：122 | 回复：0
CVE漏洞

CVE-2022-0907

Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：156 | 回复：0
CVE漏洞

CVE-2022-0853

A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：148 | 回复：0
CVE漏洞

CVE-2022-0002

Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：106 | 回复：0
CVE漏洞

CVE-2022-0001

Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：88 | 回复：0
CVE漏洞

CVE-2021-33658

atune before 0.3-0.8 log in as a local user and run the curl command to access the local atune url interface to escalate the local privilege or modify any file. Authentication is not forcibly enabled ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：89 | 回复：0
CVE漏洞

CVE-2021-33150

Hardware allows activation of test or debug logic at runtime for some Intel(R) Trace Hub instances which may allow an unauthenticated user to potentially enable escalation of privilege via physical ac ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：87 | 回复：0
CVE漏洞

CVE-2021-32478

The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier un ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：84 | 回复：0
CVE漏洞

CVE-2021-32477

The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability (site administrators by default). Moodle versions 3.10 t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：77 | 回复：0
CVE漏洞

CVE-2021-32476

A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：72 | 回复：0
CVE漏洞

CVE-2021-32475

ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported ve ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：83 | 回复：0
CVE漏洞

CVE-2021-32474

An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. M ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：84 | 回复：0
CVE漏洞

CVE-2021-32473

It was possible for a student to view their quiz grade before it had been released, using a quiz web service. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported v ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：82 | 回复：0
CVE漏洞

CVE-2021-32472

Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6 and 3.8 to 3.8.8 are affected.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：82 | 回复：0
CVE漏洞

CVE-2021-32009

Cross-site Scripting (XSS) vulnerability in firmware section of Secomea GateManager allows logged in user to inject javascript in browser session. This issue affects: Secomea GateManager Version 9.6.6 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：89 | 回复：0
CVE漏洞

CVE-2021-27416

An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containin ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：85 | 回复：0
CVE漏洞

CVE-2021-27414

An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：93 | 回复：0
CVE漏洞

CVE-2021-26401

LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：93 | 回复：0
CVE漏洞

CVE-2021-26341

Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：98 | 回复：0
CVE漏洞

CVE-2021-23246

In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information disclosure.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：101 | 回复：0
CVE漏洞

CVE-2022-24433

The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetch(remote, branch, handlerFn) function, both the remote and branch parameters are p ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：107 | 回复：0
CVE漏洞

CVE-2021-44620

A Command Injection vulnerability exits in TOTOLINK A3100R =V4.1.2cu.5050_B20200504 in adm/ntm.asp via the hosTime parameters.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：111 | 回复：0
CVE漏洞

CVE-2021-44618

A Server-side Template Injection (SSTI) vulnerability exists in Nystudio107 Seomatic 3.4.12 in src/helpers/UrlHelper.php via the host header.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：115 | 回复：0
CVE漏洞

CVE-2022-0932

Improper Authorization in GitHub repository saleor/saleor prior to 3.1.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：126 | 回复：0
CVE漏洞

CVE-2022-21819

NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unprivileged attacker with physical access to the board direct read/write access to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：150 | 回复：0
CVE漏洞

CVE-2022-0860

Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：137 | 回复：0
CVE漏洞

CVE-2022-0871

Improper Authorization in GitHub repository gogs/gogs prior to 0.12.5.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：253 | 回复：0
CVE漏洞

CVE-2022-0928

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.12.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：214 | 回复：0
CVE漏洞

CVE-2022-0870

Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：140 | 回复：0
CVE漏洞

CVE-2022-0913

Integer Overflow or Wraparound in GitHub repository microweber/microweber prior to 1.3.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：124 | 回复：0
CVE漏洞

CVE-2022-0912

Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：112 | 回复：0
CVE漏洞

CVE-2022-23402

The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：110 | 回复：0