漏洞 - 第134页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-23898

MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：97 | 回复：0
CVE漏洞

CVE-2022-22700

CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header co ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：85 | 回复：0
CVE漏洞

CVE-2022-0492

A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_ ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：91 | 回复：0
CVE漏洞

CVE-2021-3620

A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：88 | 回复：0
CVE漏洞

CVE-2021-3609

.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：132 | 回复：0
CVE漏洞

CVE-2021-3602

An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variab ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：162 | 回复：0
CVE漏洞

CVE-2022-26129

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the subtlv length in the functions, parse_hello_subtlv, parse_ihu_subtlv, and parse_update_subtlv in babeld/mess ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：227 | 回复：0
CVE漏洞

CVE-2022-26128

A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to a wrong check on the input packet length in the babel_packet_examin function in babeld/message.c.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：389 | 回复：0
CVE漏洞

CVE-2022-26127

A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to missing a check on the input packet length in the babel_packet_examin function in babeld/message.c.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：152 | 回复：0
CVE漏洞

CVE-2022-26126

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isis_nb_notifications.c.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：134 | 回复：0
CVE漏洞

CVE-2022-26125

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isis_tlvs.c.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：83 | 回复：0
CVE漏洞

CVE-2022-25138

Axelor Open Suite v5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Name parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：91 | 回复：0
CVE漏洞

CVE-2022-0841

OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：86 | 回复：0
CVE漏洞

CVE-2022-0753

Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：70 | 回复：0
CVE漏洞

CVE-2022-25031

Remote Desktop Commander Suite Agent before v4.8 contains an unquoted service path which allows attackers to escalate privileges to the system level.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：93 | 回复：0
CVE漏洞

CVE-2022-22706

Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. This affects Midgard r26p0 through r31p0, Bifrost r0p0 through r35p0, and Valhall r19p0 throu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：128 | 回复：0
CVE漏洞

CVE-2021-45819

Wordline HIDCCEMonitorSVC before v5.2.4.3 contains an unquoted service path which allows attackers to escalate privileges to the system level.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：75 | 回复：0
CVE漏洞

CVE-2021-43774

A risky-algorithm issue was discovered on Fujifilm DocuCentre-VI C4471 1.8 devices. An attacker that obtained access to the administrative web interface of a printer (e.g., by using the default creden ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：61 | 回复：0
CVE漏洞

CVE-2021-40637

OS4ED openSIS 8.0 is affected by cross-site scripting (XSS) in EmailCheckOthers.php. An attacker can inject JavaScript code to get the user's cookie and take over the working session of user.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：56 | 回复：0
CVE漏洞

CVE-2022-23648

containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’ ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：76 | 回复：0
CVE漏洞

CVE-2021-40636

OS4ED openSIS 8.0 is affected by SQL Injection in CheckDuplicateName.php, which can extract information from the database.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：79 | 回复：0
CVE漏洞

CVE-2021-40635

OS4ED openSIS 8.0 is affected by SQL injection in ChooseCpSearch.php, ChooseRequestSearch.php. An attacker can inject a SQL query to extract information from the database.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：90 | 回复：0
CVE漏洞

CVE-2022-0528

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository transloadit/uppy prior to 3.3.1.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：147 | 回复：0
CVE漏洞

CVE-2022-23849

The biometric lock in Devolutions Password Hub for iOS before 2021.3.4 allows attackers to access the application because of authentication bypass. An attacker must rapidly make failed biometric authe ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：138 | 回复：0
CVE漏洞

CVE-2021-42950

Remote Code Execution (RCE) vulnerability exists in Zepl Notebooks all previous versions before October 25 2021. Users can register for an account and are allocated a set number of credits to try the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：189 | 回复：0
CVE漏洞

CVE-2022-24573

A stored cross-site scripting (XSS) vulnerability in the admin interface in Element-IT HTTP Commander 7.0.0 allows unauthenticated users to get admin access by injecting a malicious script in the User ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：135 | 回复：0
CVE漏洞

CVE-2022-24563

In Genixcms v1.1.11, a stored Cross-Site Scripting (XSS) vulnerability exists in /gxadmin/index.php?page=themesview=options via the intro_title and intro_image parameters.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：114 | 回复：0
CVE漏洞

CVE-2022-25471

An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any authenticated attacker to access and modify unauthorized areas via a crafted POST request to /modules/zend_modules/ ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：159 | 回复：0
CVE漏洞

CVE-2022-25146

The Remote App module in Liferay Portal through v7.4.3.8 and Liferay DXP through v7.4 does not check if the origin of event messages it receives matches the origin of the Remote App, allowing attacker ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：115 | 回复：0
CVE漏洞

CVE-2022-25089

Printix Secure Cloud Print Management through 1.3.1106.0 incorrectly uses Privileged APIs to modify values in HKEY_LOCAL_MACHINE via UITasks.PersistentRegistryData.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：134 | 回复：0
CVE漏洞

CVE-2022-22909

HotelDruid v3.0.3 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room mod ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：208 | 回复：0
CVE漏洞

CVE-2021-44343

David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurred in function ok_png_read_data() in /ok ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：152 | 回复：0
CVE漏洞

CVE-2021-44335

David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurs in function ok_png_transform_scanline() ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：173 | 回复：0
CVE漏洞

CVE-2021-38269

Cross-site scripting (XSS) vulnerability in the Gogo Shell module in Liferay Portal 7.1.0 through 7.3.6 and 7.4.0, and Liferay DXP 7.1 before fix pack 23, 7.2 before fix pack 13, and 7.3 before fix pa ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：192 | 回复：0
CVE漏洞

CVE-2021-38267

Cross-site scripting (XSS) vulnerability in the Blogs module's edit blog entry page in Liferay Portal 7.3.2 through 7.3.6, and Liferay DXP 7.3 before fix pack 2 allows remote attackers to inject a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：264 | 回复：0
CVE漏洞

CVE-2021-38265

Cross-site scripting (XSS) vulnerability in the Asset module in Liferay Portal 7.3.4 through 7.3.6 allow remote attackers to inject arbitrary web script or HTML when creating a collection page via the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：209 | 回复：0
CVE漏洞

CVE-2021-38264

Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 and 7.4.1 allows remote attackers to inject arbitrary web script or HTML into the management toolbar sear ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：189 | 回复：0
CVE漏洞

CVE-2021-38263

Cross-site scripting (XSS) vulnerability in the Server module's script console in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 20 and 7.2 before f ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：332 | 回复：0
CVE漏洞

CVE-2022-26171

Bank Management System v1.o was discovered to contain a SQL injection vulnerability via the email parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：186 | 回复：0
CVE漏洞

CVE-2022-26170

Simple Mobile Comparison Website v1.0 was discovered to contain a SQL injection vulnerability via the search parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：229 | 回复：0