漏洞 - 第137页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-24719

Fluture-Node is a FP-style HTTP and streaming utils for Node based on Fluture. Using `followRedirects` or `followRedirectsWith` with any of the redirection strategies built into fluture-node 4.0.0 or ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：105 | 回复：0
CVE漏洞

CVE-2022-24718

ssr-pages is an HTML page builder for the purpose of server-side rendering (SSR). In versions prior to 0.1.4, a path traversal issue can occur when providing untrusted input to the `svg` property as a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：117 | 回复：0
CVE漏洞

CVE-2022-24717

ssr-pages is an HTML page builder for the purpose of server-side rendering (SSR). In versions prior to 0.1.5, a cross site scripting (XSS) issue can occur when providing untrusted input to the `redire ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：130 | 回复：0
CVE漏洞

CVE-2022-22300

A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, FortiAnalyzer version 6.0.0 through 6.0.11, FortiAnalyzer version 6.2.0 through 6. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：152 | 回复：0
CVE漏洞

CVE-2021-43077

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：216 | 回复：0
CVE漏洞

CVE-2021-43075

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, ver ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：154 | 回复：0
CVE漏洞

CVE-2021-41193

wire-avs is the audio visual signaling (AVS) component of Wire, an open-source messenger. A remote format string vulnerability in versions prior to 7.1.12 allows an attacker to cause a denial of servi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：149 | 回复：0
CVE漏洞

CVE-2021-32586

An improper input validation vulnerability in the web server CGI facilities of FortiMail before 7.0.1 may allow an unauthenticated attacker to alter the environment of the underlying script interprete ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：131 | 回复：0
CVE漏洞

CVE-2020-15936

A improper input validation in Fortinet FortiGate version 6.4.3 and below, version 6.2.5 and below, version 6.0.11 and below, version 5.6.13 and below allows attacker to disclose sensitive information ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：132 | 回复：0
CVE漏洞

CVE-2021-36171

The use of a cryptographically weak pseudo-random number generator in the password reset feature of FortiPortal before 6.0.6 may allow a remote unauthenticated attacker to predict parts of or the whol ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：146 | 回复：0
CVE漏洞

CVE-2021-36166

An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently guess one administrative account's authentication token by means of the observation of ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：149 | 回复：0
CVE漏洞

CVE-2022-23387

An issue was discovered in taocms 3.0.2. This is a SQL blind injection that can obtain database data through the Comment Update field.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：171 | 回复：0
CVE漏洞

CVE-2022-22321

IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：179 | 回复：0
CVE漏洞

CVE-2021-38986

IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 212942.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：206 | 回复：0
CVE漏洞

CVE-2021-38955

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user with elevated privileges to cause a denial of service due to a file creation vulnerability in the audit commands. IBM X-Force ID: 211825.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：190 | 回复：0
CVE漏洞

CVE-2020-4925

A security vulnerability in the Spectrum Scale 5.0 and 5.1 allows a non-root user to overflow the mmfsd daemon with requests and preventing the daemon to service other requests. IBM X-Force ID: 191599 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：171 | 回复：0
CVE漏洞

CVE-2021-46387

ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：151 | 回复：0
CVE漏洞

CVE-2021-44238

AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE) via /aya/module/admin/ust_tab_e.inc.php,……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：142 | 回复：0
CVE漏洞

CVE-2022-23380

There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=adminid=2ctrl=edit.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：167 | 回复：0
CVE漏洞

CVE-2022-23377

Archeevo below 5.0 is affected by local file inclusion through file=~/web.config to allow an attacker to retrieve local files.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：182 | 回复：0
CVE漏洞

CVE-2021-44747

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the Fmlib component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can b ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：162 | 回复：0
CVE漏洞

CVE-2022-0777

Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：205 | 回复：0
CVE漏洞

CVE-2022-0776

Cross-site Scripting (XSS) - DOM in GitHub repository hakimel/reveal.js prior to 4.3.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：242 | 回复：0
CVE漏洞

CVE-2021-4039

A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：277 | 回复：0
CVE漏洞

CVE-2021-35036

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA due to lack of a reference providing provenance. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：255 | 回复：0
CVE漏洞

CVE-2021-43619

Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：302 | 回复：0
CVE漏洞

CVE-2021-42001

PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successf ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：303 | 回复：0
CVE漏洞

CVE-2021-41994

A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：305 | 回复：0
CVE漏洞

CVE-2021-41993

A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：280 | 回复：0
CVE漏洞

CVE-2021-41992

A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：240 | 回复：0
CVE漏洞

CVE-2022-28323

An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported,……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：296 | 回复：0
CVE漏洞

CVE-2022-29265

Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. The Standard Content Viewer service attempts to resolve XML External Ent ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：297 | 回复：0
CVE漏洞

CVE-2022-29967

static_compressed_inmemory_website_callback.c in Glewlwyd through 2.6.2 allows directory traversal.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：279 | 回复：0
CVE漏洞

CVE-2022-29947

Woodpecker before 0.15.1 allows XSS via build logs because web/src/components/repo/build/BuildLog.vue lacks escaping.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：229 | 回复：0
CVE漏洞

CVE-2022-28198

NVIDIA Omniverse Nucleus and Cache contain a vulnerability in its configuration of OpenSSL, where an attacker with physical access to the system can cause arbitrary code execution which can impact con ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：264 | 回复：0
CVE漏洞

CVE-2022-29945

DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator's physical location via the AeroScope protocol.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：240 | 回复：0
CVE漏洞

CVE-2022-25854

This affects the package @yaireo/tagify before 4.9.8. The package is used for rendering UI components inside the input or text fields, and an attacker can pass a malicious placeholder value to it to f ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：229 | 回复：0
CVE漏洞

CVE-2022-1543

Improper handling of Length parameter in GitHub repository erudika/scoold prior to 1.49.4. When the text size is large enough the service results in a momentary outage in a production environment. Tha ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：180 | 回复：0
CVE漏洞

CVE-2022-29937

USU Oracle Optimization before 5.17.5 allows authenticated DataCollection users to achieve agent root access because some common OS commands are blocked but (for example) an OS command for base64 deco ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：197 | 回复：0
CVE漏洞

CVE-2022-29936

USU Oracle Optimization before 5.17 allows authenticated quantum users to achieve remote code execution because of /v2/quantum/save-data-upload-big-file Java deserialization. NOTE: this is not an Orac ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：217 | 回复：0