漏洞 - 第135页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-26169

Air Cargo Management System v1.0 was discovered to contain a SQL injection vulnerability via the ref_code parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：155 | 回复：0
CVE漏洞

CVE-2022-25399

Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：133 | 回复：0
CVE漏洞

CVE-2022-25398

Auto Spare Parts Management v1.0 was discovered to contain a SQL injection vulnerability via the user parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：183 | 回复：0
CVE漏洞

CVE-2022-25396

Cosmetics and Beauty Product Online Store v1.0 was discovered to contain a SQL injection vulnerability via the search parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：169 | 回复：0
CVE漏洞

CVE-2022-25395

Cosmetics and Beauty Product Online Store v1.0 was discovered to contain multiple reflected cross-site scripting (XSS) attacks via the search parameter under the /cbpos/ app.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：171 | 回复：0
CVE漏洞

CVE-2022-25394

Medical Store Management System v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter under customer-add.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：197 | 回复：0
CVE漏洞

CVE-2022-25393

Simple Bakery Shop Management v1.0 was discovered to contain a SQL injection vulnerability via the username parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：168 | 回复：0
CVE漏洞

CVE-2022-25115

A remote code execution (RCE) vulnerability in the Avatar parameter under /admin/?page=user/manage_user of Home Owners Collection Management System v1.0 allows attackers to execute arbitrary code via ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：137 | 回复：0
CVE漏洞

CVE-2022-25114

Event Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the full_name parameter under register.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：126 | 回复：0
CVE漏洞

CVE-2022-24722

VIewComponent is a framework for building view components in Ruby on Rails. Versions prior to 2.31.2 and 2.49.1 contain a cross-site scripting vulnerability that has the potential to impact anyone usi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：145 | 回复：0
CVE漏洞

CVE-2021-4076

A flaw exists in tang, a network-based cryptographic binding server, which could result in leak of private keys.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：171 | 回复：0
CVE漏洞

CVE-2021-3772

A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used an ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：274 | 回复：0
CVE漏洞

CVE-2021-3738

In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called 'association groups'. These handles can reference connections to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：176 | 回复：0
CVE漏洞

CVE-2021-3716

A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY befo ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：126 | 回复：0
CVE漏洞

CVE-2021-3715

A flaw was found in the Routing decision classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：80 | 回复：0
CVE漏洞

CVE-2021-3677

A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：99 | 回复：0
CVE漏洞

CVE-2021-3667

An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not prope ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：73 | 回复：0
CVE漏洞

CVE-2021-3658

bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be dis ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：70 | 回复：0
CVE漏洞

CVE-2021-3654

A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：87 | 回复：0
CVE漏洞

CVE-2021-3631

A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：67 | 回复：0
CVE漏洞

CVE-2021-3623

A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：69 | 回复：0
CVE漏洞

CVE-2021-38266

The Portal Security module in Liferay Portal 7.2.1 and earlier, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17 and 7.2 before fix pack 5 does not correctly import users from LDAP, whic ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：68 | 回复：0
CVE漏洞

CVE-2021-23222

A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：58 | 回复：0
CVE漏洞

CVE-2021-23206

A flaw was found in htmldoc in v1.9.12 and prior. A stack buffer overflow in parse_table() in ps-pdf.cxx may lead to execute arbitrary code and denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：59 | 回复：0
CVE漏洞

CVE-2021-23192

A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their o ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：84 | 回复：0
CVE漏洞

CVE-2021-23191

A security issue was found in htmldoc v1.9.12 and before. A NULL pointer dereference in the function image_load_jpeg() in image.cxx may result in denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：100 | 回复：0
CVE漏洞

CVE-2021-23180

A flaw was found in htmldoc in v1.9.12 and before. Null pointer dereference in file_extension(),in file.c may lead to execute arbitrary code and denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：99 | 回复：0
CVE漏洞

CVE-2022-23958

Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：109 | 回复：0
CVE漏洞

CVE-2022-23957

Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：139 | 回复：0
CVE漏洞

CVE-2022-23955

Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：247 | 回复：0
CVE漏洞

CVE-2022-23954

Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：130 | 回复：0
CVE漏洞

CVE-2022-0711

A flaw was found in the way HAProxy processed HTTP responses containing the Set-Cookie2 header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：99 | 回复：0
CVE漏洞

CVE-2021-46270

JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：105 | 回复：0
CVE漏洞

CVE-2021-45074

JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other known users OAuth token, which will force a reauthentication on an ac ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：99 | 回复：0
CVE漏洞

CVE-2021-41003

Multiple unauthenticated command injection vulnerabilities were discovered in the AOS-CX API interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 S ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：100 | 回复：0
CVE漏洞

CVE-2021-41001

An authenticated remote code execution vulnerability was discovered in the AOS-CX Network Analytics Engine (NAE) in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Ar ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：128 | 回复：0
CVE漏洞

CVE-2022-23956

Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：102 | 回复：0
CVE漏洞

CVE-2021-41002

Multiple authenticated remote path traversal vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, A ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：140 | 回复：0
CVE漏洞

CVE-2021-41000

Multiple authenticated remote code execution vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, A ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：148 | 回复：0
CVE漏洞

CVE-2022-25045

Home Owners Collection Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：109 | 回复：0