• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号
登陆 注册
描述文字
OGeek|极客世界-中国程序员成长平台 门户 漏洞

漏洞

RSS

下级分类:

  • CVE-2022-20788
    CVE漏洞
    CVE-2022-20788
    A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unity Connection cou ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:32 | 回复:0
  • CVE-2022-20787
    CVE漏洞
    CVE-2022-20787
    A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) Software and Cisco Unified CM Session Management Edition (SME) Software could allow an authen ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:31 | 回复:0
  • CVE-2022-20786
    CVE漏洞
    CVE-2022-20786
    A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM amp; Presence Service (Unified CM IMamp;P) could allow an authenticated, remote attacker to conduct SQL ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:28 | 回复:0
  • CVE-2022-20783
    CVE漏洞
    CVE-2022-20783
    A vulnerability in the packet processing functionality of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a d ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:31 | 回复:0
  • CVE-2022-20778
    CVE漏洞
    CVE-2022-20778
    A vulnerability in the authentication component of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based i ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:24 | 回复:0
  • CVE-2022-20773
    CVE漏洞
    CVE-2022-20773
    A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance (VA) could allow an unauthenticated, remote attacker to impersonate a VA. This vulnerability is due to ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:25 | 回复:0
  • CVE-2022-20732
    CVE漏洞
    CVE-2022-20732
    A vulnerability in the configuration file protections of Cisco Virtualized Infrastructure Manager (VIM) could allow an authenticated, local attacker to access confidential information and elevate priv ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:25 | 回复:0
  • CVE-2021-43708
    CVE漏洞
    CVE-2021-43708
    The Labeling tool in Titus Classification Suite 18.8.1910.140 allows users to avoid the generation of a classification label by using Excel's safe mode.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:30 | 回复:0
  • CVE-2021-35229
    CVE漏洞
    CVE-2021-35229
    Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:21 | 回复:0
  • CVE-2021-23055
    CVE漏洞
    CVE-2021-23055
    On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects. Note: Software versions which ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:20 | 回复:0
  • CVE-2022-24875
    CVE漏洞
    CVE-2022-24875
    The CVEProject/cve-services is an open source project used to operate the CVE services api. In versions up to and including 1.1.1 the `org.conroller.js` code would erroneously log user secrets. This h ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:23 | 回复:0
  • CVE-2020-14122
    CVE漏洞
    CVE-2020-14122
    Some Xiaomi phones have information leakage vulnerabilities, and some of them may be able to forge a specific identity due to the lack of parameter verification, resulting in user information leakage.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:26 | 回复:0
  • CVE-2020-14121
    CVE漏洞
    CVE-2020-14121
    A business logic vulnerability exists in Mi App Store. The vulnerability is caused by incomplete permission checks of the products being bypassed, and an attacker can exploit the vulnerability to perf ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:26 | 回复:0
  • CVE-2020-14120
    CVE漏洞
    CVE-2020-14120
    Some Xiaomi models have a vulnerability in a certain application. The vulnerability is caused by the lack of checksum when using a three-party application to pass in parameters, and attackers can indu ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:31 | 回复:0
  • CVE-2020-14118
    CVE漏洞
    CVE-2020-14118
    An intent redirection vulnerability in the Mi App Store product. This vulnerability is caused by the Mi App Store does not verify the validity of the incoming data, can cause the app store to automati ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:30 | 回复:0
  • CVE-2020-14117
    CVE漏洞
    CVE-2020-14117
    A improper permission configuration vulnerability in Xiaomi Content Center APP. This vulnerability is caused by the lack of correct permission verification in the Xiaomi content center APP, and attack ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:30 | 回复:0
  • CVE-2020-14116
    CVE漏洞
    CVE-2020-14116
    An intent redirection vulnerability in the Mi Browser product. This vulnerability is caused by the Mi Browser does not verify the validity of the incoming data. Attackers can perform sensitive operati ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:27 | 回复:0
  • CVE-2022-24870
    CVE漏洞
    CVE-2022-24870
    Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to 3.0.0 beta3 a malicious script can be injected in tooltips using iTop customization mechanism. This provides a s ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:27 | 回复:0
  • CVE-2022-24869
    CVE漏洞
    CVE-2022-24869
    GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to 10.0.0 one can use ticket's followu ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:31 | 回复:0
  • CVE-2022-24868
    CVE漏洞
    CVE-2022-24868
    GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to 10.0.0 one can exploit a lack of saniti ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:46 | 回复:0
  • CVE-2022-24867
    CVE漏洞
    CVE-2022-24867
    GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. When you pass the config to the javascript, some entries are ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:61 | 回复:0
  • CVE-2022-22436
    CVE漏洞
    CVE-2022-22436
    IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pot ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:60 | 回复:0
  • CVE-2022-22435
    CVE漏洞
    CVE-2022-22435
    IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pot ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:58 | 回复:0
  • CVE-2022-0272
    CVE漏洞
    CVE-2022-0272
    Improper Restriction of XML External Entity Reference in GitHub repository detekt/detekt prior to 1.20.0.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:72 | 回复:0
  • CVE-2021-41162
    CVE漏洞
    CVE-2021-41162
    Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to beta6 the `ajax.render.php?operation=wizard_helper` page did not properly escape the user supplied parameters, a ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:57 | 回复:0
  • CVE-2021-41161
    CVE漏洞
    CVE-2021-41161
    Combodo iTop is a web based IT Service Management tool. In versions prior to 3.0.0-beta6 the export CSV page don't properly escape the user supplied parameters, allowing for javascript injection i ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:62 | 回复:0
  • CVE-2022-1022
    CVE漏洞
    CVE-2022-1022
    Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chatwoot prior to 2.5.0.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:66 | 回复:0
  • CVE-2022-24272
    CVE漏洞
    CVE-2022-24272
    An authenticated user may trigger an invariant assertion during command dispatch due to incorrect validation on the $external database. This may result in mongod denial of service or server crash. Thi ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:39 | 回复:0
  • CVE-2022-1420
    CVE漏洞
    CVE-2022-1420
    Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:34 | 回复:0
  • CVE-2022-29498
    CVE漏洞
    CVE-2022-29498
    Blazer before 2.6.0 allows SQL Injection. In certain circumstances, an attacker could get a user to run a query they would not have normally run.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:35 | 回复:0
  • CVE-2022-27237
    CVE漏洞
    CVE-2022-27237
    There is a cross-site scripting (XSS) vulnerability in an NI Web Server component installed with several NI products. Depending on the product(s) in use, remediation guidance includes: install SystemL ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:39 | 回复:0
  • CVE-2016-20014
    CVE漏洞
    CVE-2016-20014
    In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:39 | 回复:0
  • CVE-2022-29548
    CVE漏洞
    CVE-2022-29548
    A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2 ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:40 | 回复:0
  • CVE-2022-29547
    CVE漏洞
    CVE-2022-29547
    The CreateRedirect extension before 2022-04-14 for MediaWiki does not properly check whether the user has permissions to edit the target page. This could lead to an unauthorised (or blocked) user bein ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:26 | 回复:0
  • CVE-2022-27926
    CVE漏洞
    CVE-2022-27926
    A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web script ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:25 | 回复:0
  • CVE-2022-27925
    CVE漏洞
    CVE-2022-27925
    Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to up ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:35 | 回复:0
  • CVE-2022-27924
    CVE漏洞
    CVE-2022-27924
    Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance. These memcache commands becomes unescaped, causing an o ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:26 | 回复:0
  • CVE-2022-29537
    CVE漏洞
    CVE-2022-29537
    gp_rtp_builder_do_hevc in ietf/rtp_pck_mpeg4.c in GPAC 2.0.0 has a heap-based buffer over-read, as demonstrated by MP4Box.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:23 | 回复:0
  • CVE-2022-29536
    CVE漏洞
    CVE-2022-29536
    In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:22 | 回复:0
  • CVE-2022-29534
    CVE漏洞
    CVE-2022-29534
    An issue was discovered in MISP before 2.4.158. In UsersController.php, password confirmation can be bypassed via vectors involving an Accept: application/json header.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:24 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap