漏洞 - 第145页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-1445

Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：20 | 回复：0
CVE漏洞

CVE-2022-1444

heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.7.0. This vulnerability is capable of inducing denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：19 | 回复：0
CVE漏洞

CVE-2022-1427

Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby/mruby prior to 3.2. # Impact: Possible arbitrary code execution if being exploited.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：25 | 回复：0
CVE漏洞

CVE-2022-1108

A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated pri ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：16 | 回复：0
CVE漏洞

CVE-2022-1107

During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：16 | 回复：0
CVE漏洞

CVE-2022-0636

A denial of service vulnerability was reported in Lenovo Thin Installer prior to version 1.3.0039 that could trigger a system crash.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：20 | 回复：0
CVE漏洞

CVE-2022-0354

A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：17 | 回复：0
CVE漏洞

CVE-2022-0192

A DLL search path vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow privilege escalation.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-4212

A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arb ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-4211

A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevat ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-4210

A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privilege ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-3972

A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices' BIOS that was mistakenly not deactivated may allow an attacker with elevated privi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-3971

A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with ele ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-3970

A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute ar ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-3898

Versions of Motorola Ready For and Motorola Device Help Android applications prior to 2021-04-08 do not properly verify the server certificate which could lead to the communication channel being acces ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-3897

An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware during an that could allow an ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-3849

An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthentic ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-3722

A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow configuration files to be written to non-standard locations during installation.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-3721

A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.20.10282 that could allow an attacker with local access to trigger a blue screen error.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：10 | 回复：0
CVE漏洞

CVE-2022-27342

Link-Admin v0.0.1 was discovered to contain a SQL injection vulnerability via DictRest.ResponseResult().……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：12 | 回复：0
CVE漏洞

CVE-2022-27341

JFinalCMS v2.0 was discovered to contain a SQL injection vulnerability via the Article Management function.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：13 | 回复：0
CVE漏洞

CVE-2022-27340

MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/saveOrUpdateRole.do. This vulnerability allows attackers to escalate privileges and modify data.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：13 | 回复：0
CVE漏洞

CVE-2022-1440

Command Injection vulnerability in [email protected] in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a `--upload-pack` command-line arg ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：15 | 回复：0
CVE漏洞

CVE-2022-29589

Crypt Server before 3.3.0 allows XSS in the index view. This is related to serial, computername, and username.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：16 | 回复：0
CVE漏洞

CVE-2022-1439

Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found worki ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-38946

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended funct ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-38905

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to. IBM X-Force ID: 209697.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-38904

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings. IBM X-Force ID: 209693.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-38903

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to injec ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-38886

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-29824

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the 'Data Connections' page to which they don't ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-20464

IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. IBM X-Force ID: 196813.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：13 | 回复：0
CVE漏洞

CVE-2022-29583

service_windows.go in the kardianos service package for Go omits quoting that is sometimes needed for execution of a Windows service executable from the intended directory.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：28 | 回复：0
CVE漏洞

CVE-2022-29582

In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; howev ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：34 | 回复：0
CVE漏洞

CVE-2020-14123

There is a pointer double free vulnerability in Some MIUI Services. When a function is called, the memory pointer is copied to two function modules, and an attacker can cause the pointer to be repeate ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：28 | 回复：0
CVE漏洞

CVE-2022-1437

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-36203

The affected product may allow an attacker to identify and forge requests to internal systems by way of a specially crafted request.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-32929

All versions of Uffizio GPS Tracker may allow an attacker to perform unintended actions on behalf of a user.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-32927

An attacker may be able to inject client-side JavaScript code on multiple instances within all versions of Uffizio GPS Tracker.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：33 | 回复：0
CVE漏洞

CVE-2022-28074

Halo-1.5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via \admin\index.html#/system/tools.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：31 | 回复：0