漏洞 - 第136页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-23953

Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：102 | 回复：0
CVE漏洞

CVE-2022-23656

Zulip is an open source team chat app. The `main` development branch of Zulip Server from June 2021 and later is vulnerable to a cross-site scripting vulnerability on the recent topics page. An attack ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：103 | 回复：0
CVE漏洞

CVE-2022-22944

VMware Workspace ONE Boxer contains a stored cross-site scripting (XSS) vulnerability. Due to insufficient sanitization and validation, in VMware Workspace ONE Boxer calendar event descriptions, a mal ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：135 | 回复：0
CVE漏洞

CVE-2022-0675

In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. This could allow for unmanaged rules to exist ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：107 | 回复：0
CVE漏洞

CVE-2022-23640

Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Prior to xlsx-streamer 2.1.0, the XML parser that was used did apply all the necessary settings to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：161 | 回复：0
CVE漏洞

CVE-2022-23878

seacms V11.5 is affected by an arbitrary code execution vulnerability in admin_config.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：162 | 回复：0
CVE漏洞

CVE-2021-38268

The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.6, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 2 incorrectly set ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：206 | 回复：0
CVE漏洞

CVE-2022-25016

Home Owners Collection Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /student_attendance/index.php. This vulnerability allows attackers to e ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：248 | 回复：0
CVE漏洞

CVE-2022-22350

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service. IBM X-Force ID: 220394.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：474 | 回复：0
CVE漏洞

CVE-2021-43070

Multiple relative path traversal vulnerabilities in FortiWLM management interface 8.6.2 and below, 8.5.2 and below, 8.4.2 and below, 8.3.3 and below, 8.2.2 may allow an authenticated attacker to retr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：257 | 回复：0
CVE漏洞

CVE-2021-38996

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213076.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：180 | 回复：0
CVE漏洞

CVE-2022-0819

Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：108 | 回复：0
CVE漏洞

CVE-2022-25634

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：103 | 回复：0
CVE漏洞

CVE-2022-24447

An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. A service exposed by the application allows a user, with the level Operator, to access stored SSL certificates and associated ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：92 | 回复：0
CVE漏洞

CVE-2022-24306

Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：88 | 回复：0
CVE漏洞

CVE-2022-24305

Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：225 | 回复：0
CVE漏洞

CVE-2022-23779

Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：86 | 回复：0
CVE漏洞

CVE-2022-23395

jQuery Cookie 1.4.1 is affected by prototype pollution, which can lead to DOM cross-site scripting (XSS).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：134 | 回复：0
CVE漏洞

CVE-2022-0829

Improper Authorization in GitHub repository webmin/webmin prior to 1.990.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：82 | 回复：0
CVE漏洞

CVE-2022-0824

Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：114 | 回复：0
CVE漏洞

CVE-2022-22303

An exposure of sensitive system information to an unauthorized control sphere vulnerability in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9 may allow a low privileged authenticated user to g ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：90 | 回复：0
CVE漏洞

CVE-2022-22301

An improper neutralization of special elements used in an OS Command vulnerability in FortiAP-C console 5.4.0 through 5.4.3, 5.2.0 through 5.2.1 may allow an authenticated attacker to execute unautho ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：105 | 回复：0
CVE漏洞

CVE-2021-44166

An improper access control vulnerability in FortiToken Mobile (Android) external push notification 5.1.0 and below may allow a remote attacker having already obtained a user's password to access ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：105 | 回复：0
CVE漏洞

CVE-2022-0577

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：112 | 回复：0
CVE漏洞

CVE-2022-25051

An Off-by-one Error occurs in cmr113_decode of rtl_433 21.12 when decoding a crafted file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：113 | 回复：0
CVE漏洞

CVE-2022-25050

rtl_433 21.12 was discovered to contain a stack overflow in the function somfy_iohc_decode(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：119 | 回复：0
CVE漏洞

CVE-2021-45864

tsMuxer git-c6a0277 was discovered to contain a segmentation fault via DTSStreamReader::findFrame in dtsStreamReader.cpp.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：184 | 回复：0
CVE漏洞

CVE-2021-45863

tsMuxer git-2678966 was discovered to contain a heap-based buffer overflow via the function HevcUnit::updateBits in hevc.cpp.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：98 | 回复：0
CVE漏洞

CVE-2021-45861

There is an Assertion `num = INT_BIT' failed at BitStreamReader::skipBits in /bitStream.h:132 of tsMuxer git-c6a0277.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：81 | 回复：0
CVE漏洞

CVE-2021-45860

An integer overflow in DTSStreamReader::findFrame() of tsMuxer git-2678966 allows attackers to cause a Denial of Service (DoS) via a crafted file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：86 | 回复：0
CVE漏洞

CVE-2022-25012

Argus Surveillance DVR v4.0 employs weak password encryption.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：96 | 回复：0
CVE漏洞

CVE-2022-25010

The component /rootfs in RageFile of Stepmania v5.1b2 and below allows attackers access to the entire file system.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：86 | 回复：0
CVE漏洞

CVE-2022-24720

image_processing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the `#apply` method from image_processing to apply a series of operations tha ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：86 | 回复：0
CVE漏洞

CVE-2022-24255

Extensis Portfolio v4.0 was discovered to contain hardcoded credentials which allows attackers to gain administrator privileges.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：134 | 回复：0
CVE漏洞

CVE-2022-24254

An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：118 | 回复：0
CVE漏洞

CVE-2022-24253

Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：92 | 回复：0
CVE漏洞

CVE-2022-24252

An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：100 | 回复：0
CVE漏洞

CVE-2022-24251

Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：84 | 回复：0
CVE漏洞

CVE-2021-41652

Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 allows attackers to dump the entire database.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：89 | 回复：0
CVE漏洞

CVE-2021-41282

diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netsta ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：88 | 回复：0