漏洞 - 第141页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-22345

IBM QRadar 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentiall ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：52 | 回复：0
CVE漏洞

CVE-2022-22323

IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Sy ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：42 | 回复：0
CVE漏洞

CVE-2022-22312

IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Sy ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-38939

IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive information in log files that could be read by an user with access to creating domains. IBM X-Force ID: 211037.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-38919

IBM QRadar SIEM 7.3, 7.4, and 7.5 in some senarios may reveal authorized service tokens to other QRadar users. IBM X-Force ID: 210021……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-38878

IBM QRadar 7.3, 7.4, and 7.5 could allow a malicious actor to impersonate an actor due to key exchange without entity authentication. IBM X-Force ID: 208756.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：48 | 回复：0
CVE漏洞

CVE-2021-38874

IBM QRadar SIEM 7.3, 7.4, and 7.5 allows for users to access information across tenant and domain boundaries in some situations. IBM X-Force ID: 208397.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：63 | 回复：0
CVE漏洞

CVE-2021-38869

IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatically log users out after they exceede their idle timeout. IBM X-Force ID: 208341.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：60 | 回复：0
CVE漏洞

CVE-2021-34602

In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields that are executed w ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：90 | 回复：0
CVE漏洞

CVE-2021-34601

In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：110 | 回复：0
CVE漏洞

CVE-2021-34592

In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：197 | 回复：0
CVE漏洞

CVE-2021-34591

In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：108 | 回复：0
CVE漏洞

CVE-2021-34590

In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escap ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：73 | 回复：0
CVE漏洞

CVE-2021-34589

In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：74 | 回复：0
CVE漏洞

CVE-2021-34588

In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot .……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：72 | 回复：0
CVE漏洞

CVE-2021-34587

In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：52 | 回复：0
CVE漏洞

CVE-2021-29776

IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information from another user's dashboard providing the dashboard ID of that user. IBM X-Force ID: 203030. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：61 | 回复：0
CVE漏洞

CVE-2022-29505

Due to build misconfiguration in openssl dependency, LINE for Windows before 7.8 is vulnerable to DLL injection that could lead to privilege escalation.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：126 | 回复：0
CVE漏洞

CVE-2022-24889

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 21.0.8, 22.2.4, and 23.0.1, it is possible to trick administrators into enabling reco ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：66 | 回复：0
CVE漏洞

CVE-2022-24888

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders tha ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：41 | 回复：0
CVE漏洞

CVE-2022-28464

Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS) which can lead to remote code execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：46 | 回复：0
CVE漏洞

CVE-2022-27905

In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:\) to exploit this.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：74 | 回复：0
CVE漏洞

CVE-2022-27239

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：62 | 回复：0
CVE漏洞

CVE-2022-24887

Nextcloud Talk is a video and audio conferencing app for Nextcloud, a self-hosted productivity platform. Prior to versions 11.3.4, 12.2.2, and 13.0.0, when sharing a Deck card in conversation, the met ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：49 | 回复：0
CVE漏洞

CVE-2022-24886

Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. In versions prior to 3.19.0, any application with notification permission can access contacts if Nextclo ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：31 | 回复：0
CVE漏洞

CVE-2022-24885

Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.1, users can bypass a lock on the Nextcloud app on an Android device by repeatedly ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-46424

Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-46423

Telesquare TLR-2005KSH 1.0.0 is affected by an unauthenticated file download vulnerability that allows a remote attacker to download a full configuration file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：47 | 回复：0
CVE漏洞

CVE-2021-46422

Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：50 | 回复：0
CVE漏洞

CVE-2022-1504

XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS attacks.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-46442

In the webupg binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters autoupgrade.asp, and perform functions such as downloading configuration files and updating firmware w ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-46441

In the webupg binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use cmd parameters to execute arbitrary system commands after obtaining authorization.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-46421

Franklin Fueling Systems FFS T5 Series 1.8.7.7299 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-46420

Franklin Fueling Systems FFS TS-550 evo 2.23.4.8936 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：26 | 回复：0
CVE漏洞

CVE-2022-1503

A vulnerability, which was classified as problematic, has been found in GetSimple CMS. Affected by this issue is the file /admin/edit.php of the Content Module. The manipulation of the argument post-c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：28 | 回复：0
CVE漏洞

CVE-2022-29810

The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：28 | 回复：0
CVE漏洞

CVE-2022-29701

A lack of rate limiting in the 'forgot password' feature of Zammad v5.1.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：26 | 回复：0
CVE漏洞

CVE-2022-29700

A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service (DoS) during password verification.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：28 | 回复：0
CVE漏洞

CVE-2022-28085

A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：26 | 回复：0
CVE漏洞

CVE-2022-27332

An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication. This vulnerability can allow attackers to execute phishing attacks or cause a D ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：30 | 回复：0