漏洞 - 第140页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-41945

Encode OSS httpx 0.23.0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：120 | 回复：0
CVE漏洞

CVE-2022-29152

The Ericom PowerTerm WebConnect 6.0 login portal can unsafely write an XSS payload from the AppPortal cookie into the page.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：113 | 回复：0
CVE漏洞

CVE-2022-24935

Lexmark products through 2022-02-10 have Incorrect Access Control.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：112 | 回复：0
CVE漏洞

CVE-2021-41921

novel-plus V3.6.1 allows unrestricted file uploads. Unrestricted file suffixes and contents can lead to server attacks and arbitrary code execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：485 | 回复：0
CVE漏洞

CVE-2021-33436

NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：124 | 回复：0
CVE漏洞

CVE-2022-29821

In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possible……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：80 | 回复：0
CVE漏洞

CVE-2022-29820

In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：65 | 回复：0
CVE漏洞

CVE-2022-29819

In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：65 | 回复：0
CVE漏洞

CVE-2022-29818

In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：67 | 回复：0
CVE漏洞

CVE-2022-29817

In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：67 | 回复：0
CVE漏洞

CVE-2022-29816

In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：59 | 回复：0
CVE漏洞

CVE-2022-29815

In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：77 | 回复：0
CVE漏洞

CVE-2022-29814

In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：76 | 回复：0
CVE漏洞

CVE-2022-29813

In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：67 | 回复：0
CVE漏洞

CVE-2022-29812

In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：55 | 回复：0
CVE漏洞

CVE-2022-29811

In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：49 | 回复：0
CVE漏洞

CVE-2022-1509

Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：48 | 回复：0
CVE漏洞

CVE-2022-28719

Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauthenticated attacker with some knowledge on the system configuration to upload a crafted configuration ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：44 | 回复：0
CVE漏洞

CVE-2022-29869

cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：49 | 回复：0
CVE漏洞

CVE-2022-29859

component/common/network/dhcp/dhcps.c in ambiot amb1_sdk (aka SDK for Ameba1) before 2022-03-11 mishandles data structures for DHCP packet data.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：61 | 回复：0
CVE漏洞

CVE-2022-24891

ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in E ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：99 | 回复：0
CVE漏洞

CVE-2021-3523

A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request w ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：88 | 回复：0
CVE漏洞

CVE-2022-24736

Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will res ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：115 | 回复：0
CVE漏洞

CVE-2022-24735

Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：151 | 回复：0
CVE漏洞

CVE-2022-28197

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_mount function, where Insufficient validation of untrusted data may allow a highly privileged local attacker to cause an i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：188 | 回复：0
CVE漏洞

CVE-2022-28196

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot blob_decompress function, where insufficient validation of untrusted data may allow a local attacker with elevated privileges t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：118 | 回复：0
CVE漏洞

CVE-2022-28195

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_read_file function, where insufficient validation of untrusted data may allow a highly privileged local attacker to cause ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：135 | 回复：0
CVE漏洞

CVE-2022-28194

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where, if TFTP is enabled, a local attacker with elevated privileges can cause a memory buffer overflow, ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：262 | 回复：0
CVE漏洞

CVE-2022-28193

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to ca ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：133 | 回复：0
CVE漏洞

CVE-2022-24372

Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link to the root directory of a NAS SMB share.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：144 | 回复：0
CVE漏洞

CVE-2022-22315

IBM UrbanCode Deploy (UCD) 7.2.2.1 could allow an authenticated user with special permissions to obtain elevated privileges due to improper handling of permissions. IBM X-Force ID: 217955.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：212 | 回复：0
CVE漏洞

CVE-2022-23822

In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader (FSBL) by bypassing authentication and loading a malicious image onto the device. This in turn ma ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：144 | 回复：0
CVE漏洞

CVE-2022-22278

A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacke ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：92 | 回复：0
CVE漏洞

CVE-2022-22277

A vulnerability in SonicOS SNMP service resulting exposure of Wireless Access Point sensitive information in cleartext.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：77 | 回复：0
CVE漏洞

CVE-2022-22276

A vulnerability in SonicOS SNMP service resulting exposure of sensitive information to an unauthorized user.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：65 | 回复：0
CVE漏洞

CVE-2022-22275

Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake potentially resulting in Denial of Service (DoS) attack if a t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：55 | 回复：0
CVE漏洞

CVE-2022-1507

chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. in GitHub repository hpjansson/c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：50 | 回复：0
CVE漏洞

CVE-2021-25266

An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：52 | 回复：0
CVE漏洞

CVE-2022-27336

Seacms v11.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/weixin.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：65 | 回复：0
CVE漏洞

CVE-2022-22521

In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed with users privileges. An attacker with low privileges may trick a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：90 | 回复：0