漏洞 - 第164页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-27458

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：24 | 回复：0
CVE漏洞

CVE-2022-27457

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：23 | 回复：0
CVE漏洞

CVE-2022-27456

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：24 | 回复：0
CVE漏洞

CVE-2022-27455

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：25 | 回复：0
CVE漏洞

CVE-2022-27452

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：19 | 回复：0
CVE漏洞

CVE-2022-27451

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：26 | 回复：0
CVE漏洞

CVE-2022-27449

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：27 | 回复：0
CVE漏洞

CVE-2022-27448

There is an Assertion failure in MariaDB Server v10.9 and below via 'node-pcur-rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：28 | 回复：0
CVE漏洞

CVE-2022-27447

MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：31 | 回复：0
CVE漏洞

CVE-2022-27446

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：43 | 回复：0
CVE漏洞

CVE-2022-27445

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：29 | 回复：0
CVE漏洞

CVE-2022-27444

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：27 | 回复：0
CVE漏洞

CVE-2022-26507

** UNSUPPORTED WHEN ASSIGNED ** A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in ATT Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-43633

Sourcecodester Messaging Web Application 1.0 is vulnerable to stored XSS. If a sender inserts valid scripts into the chat, the script will be executed on the receiver chat.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-43290

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into a directory of a GoCD server. They can control the filename bu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-43289

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into an arbitrary directory of a GoCD server, but does not control ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-43288

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript into a failed Job Report.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-43286

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL Test Connection feat ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-43287

An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets known to the GoCD server to unauthenticated attackers.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：25 | 回复：0
CVE漏洞

CVE-2022-1351

Stored XSS in Tooltip in GitHub repository pimcore/pimcore prior to 10.4.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：21 | 回复：0
CVE漏洞

CVE-2022-1279

A vulnerability in the encryption implementation of EBICS messages in the open source librairy ebics-java/ebics-java-client allows an attacker sniffing network traffic to decrypt EBICS payloads. This ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：24 | 回复：0
CVE漏洞

CVE-2022-1350

A vulnerability classified as problematic was found in GhostPCL 9.55.0. This vulnerability affects the function chunk_free_object of the file gsmchunk.c. The manipulation with a malicious file leads t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-43154

Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：32 | 回复：0
CVE漏洞

CVE-2022-24847

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn ca ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：21 | 回复：0
CVE漏洞

CVE-2022-24845

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In affected versions, the return of `iface.returns_int128()` is not validated to fall within the bounds of `int128`. This ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：24 | 回复：0
CVE漏洞

CVE-2022-24843

Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Gin-vue-admin 2.50 has arbitrary file read vulnerability due to a lack of par ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：24 | 回复：0
CVE漏洞

CVE-2022-24844

Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. The problem occurs in the following code in server/service/system/sys_auto_co ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：20 | 回复：0
CVE漏洞

CVE-2022-24828

Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call `VcsDriver::getFileContent` can have a code injection vulnerability if the user can control t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：19 | 回复：0
CVE漏洞

CVE-2022-24818

GeoTools is an open source Java library that provides tools for geospatial data. The GeoTools library has a number of data sources that can perform unchecked JNDI lookups, which in turn can be used to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：19 | 回复：0
CVE漏洞

CVE-2022-24816

JAI-EXT is an open-source project which aims to extend the Java Advanced Imaging (JAI) API. Programs allowing Jiffle script to be provided via network request can lead to a Remote Code Execution as th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：20 | 回复：0
CVE漏洞

CVE-2022-27479

Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Users should update to 1.4.2 or higher which addresses this issue.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：20 | 回复：0
CVE漏洞

CVE-2022-24788

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：19 | 回复：0
CVE漏洞

CVE-2022-1347

Stored XSS in the Username Email input fields leads to account takeover of Admin Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：18 | 回复：0
CVE漏洞

CVE-2022-1345

Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijack ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：21 | 回复：0
CVE漏洞

CVE-2022-0023

An improper handling of exceptional conditions vulnerability exists in the DNS proxy feature of Palo Alto Networks PAN-OS software that enables a meddler-in-the-middle (MITM) to send specifically craf ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-41119

Wire-server is the system server for the wire back-end services. Releases prior to v2022-03-01 are subject to a denial of service attack via a crafted object causing a hash collision. This collision c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：25 | 回复：0
CVE漏洞

CVE-2022-27847

Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider = 2.0.0 on WordPress allows attackers to import templates.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：35 | 回复：0
CVE漏洞

CVE-2022-27846

Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider = 2.0.0 on WordPress allows attackers to create or modify slider.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：48 | 回复：0
CVE漏洞

CVE-2022-27524

An out-of-bounds read can be exploited in Autodesk TrueView 2022 may lead to an exposure of sensitive information or a crash through using a maliciously crafted DWG file as an Input. This vulnerabilit ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：30 | 回复：0
CVE漏洞

CVE-2022-27523

A buffer over-read can be exploited in Autodesk TrueView 2022 may lead to an exposure of sensitive information or a crash through using a maliciously crafted DWG file as an Input. This vulnerability i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：45 | 回复：0