漏洞 - 第131页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-24826

The Custom Content Shortcode WordPress plugin before 4.0.2 does not escape custom fields before outputting them, which could allow Contributor+ (v 4.0.1) or Admin+ (v 4.0.2) users to perform Cross-S ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：123 | 回复：0
CVE漏洞

CVE-2021-24825

The Custom Content Shortcode WordPress plugin before 4.0.2 does not validate the data passed to its load shortcode, which could allow Contributor+ (v 4.0.1) or Admin+ (v 4.0.2) users to display arbi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：94 | 回复：0
CVE漏洞

CVE-2021-24824

The shortcode included with the Custom Content Shortcode WordPress plugin before 4.0.1, allows authenticated users with a role as low as contributor, to access arbitrary post metadata. This could lea ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：74 | 回复：0
CVE漏洞

CVE-2021-24821

The Cost Calculator WordPress plugin before 1.6 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the Description fields of a Cost Calculator Price Set ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：83 | 回复：0
CVE漏洞

CVE-2021-24810

The WP Event Manager WordPress plugin before 3.1.23 does not escape some of its Field Editor settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even w ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：92 | 回复：0
CVE漏洞

CVE-2021-24778

The test parameter of the xmlfeed in the Tradetracker-Store WordPress plugin before 4.6.60 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：110 | 回复：0
CVE漏洞

CVE-2021-24777

The view submission functionality in the Hotscot Contact Form WordPress plugin before 1.3 makes a get request with the sub_id parameter which not sanitised, escaped or validated before inserting to a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：96 | 回复：0
CVE漏洞

CVE-2021-24216

The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files' extension, which allows administrators to upload PHP files on their site, even on multisite installations ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：75 | 回复：0
CVE漏洞

CVE-2022-0767

Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：73 | 回复：0
CVE漏洞

CVE-2022-0766

Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：64 | 回复：0
CVE漏洞

CVE-2022-0697

Open Redirect in GitHub repository archivy/archivy prior to 1.7.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：70 | 回复：0
CVE漏洞

CVE-2021-44749

A vulnerability affecting F-Secure SAFE browser protection was discovered improper URL handling can be triggered to cause universal cross-site scripting through browsing protection in a SAFE web brows ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：84 | 回复：0
CVE漏洞

CVE-2021-44748

A vulnerability affecting F-Secure SAFE browser was discovered whereby browsers loads images automatically this vulnerability can be exploited remotely by an attacker to execute the JavaScript can be ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：59 | 回复：0
CVE漏洞

CVE-2022-0868

Open Redirect in GitHub repository medialize/uri.js prior to 1.19.10.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：60 | 回复：0
CVE漏洞

CVE-2022-0869

Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：65 | 回复：0
CVE漏洞

CVE-2022-26505

A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：66 | 回复：0
CVE漏洞

CVE-2021-46704

In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from ins ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：56 | 回复：0
CVE漏洞

CVE-2022-26496

In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO messa ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：56 | 回复：0
CVE漏洞

CVE-2022-26495

In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocate ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：59 | 回复：0
CVE漏洞

CVE-2021-46703

** UNSUPPORTED WHEN ASSIGNED ** In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can execute arbitrary .NET code in a sandboxed environment (if users can ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：51 | 回复：0
CVE漏洞

CVE-2022-26490

st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：42 | 回复：0
CVE漏洞

CVE-2022-26487

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-26143. Reason: This candidate is a reservation duplicate of CVE-2022-26143. Notes: All CVE users should reference CVE-2022-26143 ins ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：62 | 回复：0
CVE漏洞

CVE-2022-0845

Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：45 | 回复：0
CVE漏洞

CVE-2022-24921

regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：58 | 回复：0
CVE漏洞

CVE-2022-0849

Use After Free in r_reg_get_name_idx in GitHub repository radareorg/radare2 prior to 5.6.6.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：64 | 回复：0
CVE漏洞

CVE-2022-25465

Espruino 2v11 release was discovered to contain a stack buffer overflow via src/jsvar.c in jsvGetNextSibling.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：53 | 回复：0
CVE漏洞

CVE-2022-25044

Espruino 2v11.251 was discovered to contain a stack buffer overflow via src/jsvar.c in jsvNewFromString.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：61 | 回复：0
CVE漏洞

CVE-2022-25069

Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to perform remote code execution (RCE) via injecting a crafted payload into /lib ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：84 | 回复：0
CVE漏洞

CVE-2022-25312

An XML external entity (XXE) injection vulnerability was discovered in the Any23 RDFa XSLTStylesheet extractor and is known to affect Any23 versions 2.7. XML external entity injection (also known as ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：106 | 回复：0
CVE漏洞

CVE-2021-46384

https://gitee.com/mingSoft/MCMS MCMS =5.2.5 is affected by: RCE. The impact is: execute arbitrary code (remote). The attack vector is: ${freemarker.template.utility.Execute?new()(calc)}. ¶¶ MCMS has ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：56 | 回复：0
CVE漏洞

CVE-2021-46353

An information disclosure in web interface in D-Link DIR-X1860 before 1.03 RevA1 allows a remote unauthenticated attacker to send a specially crafted HTTP request and gain knowledge of different absol ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：75 | 回复：0
CVE漏洞

CVE-2021-44827

There is remote authenticated OS command injection on TP-Link Archer C20i 0.9.1 3.2 v003a.0 Build 170221 Rel.55462n devices vie the X_TP_ExternalIPv6Address HTTP parameter, allowing a remote attacker ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：70 | 回复：0
CVE漏洞

CVE-2021-40846

An issue was discovered in Rhinode Trading Paints through 2.0.36. TP Updater.exe uses cleartext HTTP to check, and request, updates. Thus, attackers can man-in-the-middle a victim to download a malici ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：60 | 回复：0
CVE漏洞

CVE-2021-32008

This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Improper Limitation of a Pathname to restricted directory, allows logged in GateManager admin to delete system Fil ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：73 | 回复：0
CVE漏洞

CVE-2021-27756

TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：42 | 回复：0
CVE漏洞

CVE-2021-43590

Dell EMC Enterprise Storage Analytics for vRealize Operations, versions 4.0.1 to 6.2.1, contain a Plain-text password storage vulnerability. A local high privileged malicious user may potentially expl ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：47 | 回复：0
CVE漏洞

CVE-2022-25106

D-Link DIR-859 v1.05 was discovered to contain a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：36 | 回复：0
CVE漏洞

CVE-2022-23915

The package weblate from 0 and before 4.11.1 are vulnerable to Remote Code Execution (RCE) via argument injection when using git or mercurial repositories. Authenticated users, can change the behavior ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：44 | 回复：0
CVE漏洞

CVE-2022-26484

An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. The web server fails to sanitize admin/cgi-bin/rulemgr.pl/getfile/ input d ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：36 | 回复：0
CVE漏洞

CVE-2022-26483

An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. A reflected cross-site scripting (XSS) vulnerability in admin/cgi-bin/list ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：43 | 回复：0