漏洞 - 第165页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-27506

Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：39 | 回复：0
CVE漏洞

CVE-2022-27505

Reflected cross site scripting (XSS)……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：37 | 回复：0
CVE漏洞

CVE-2022-27503

Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects version 1912 before CU5 and version 3.12 before CU9……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：33 | 回复：0
CVE漏洞

CVE-2022-25797

A Memory Corruption Vulnerability in Autodesk TrueView 2022 and 2021 may lead to remote code execution through maliciously crafted DWG files.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：66 | 回复：0
CVE漏洞

CVE-2022-25795

A maliciously crafted PDF file can be used to dereference for a write beyond the allocated buffer while parsing PDFTron files. The vulnerability exists because the application fails to handle a crafte ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：41 | 回复：0
CVE漏洞

CVE-2022-22961

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：40 | 回复：0
CVE漏洞

CVE-2022-22960

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：36 | 回复：0
CVE漏洞

CVE-2022-22959

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to uni ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：39 | 回复：0
CVE漏洞

CVE-2022-22958

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 CVE-2022-22958). A malicious actor with administrative access c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：42 | 回复：0
CVE漏洞

CVE-2022-22957

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 CVE-2022-22958). A malicious actor with administrative access c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：49 | 回复：0
CVE漏洞

CVE-2022-22956

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and ex ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：64 | 回复：0
CVE漏洞

CVE-2022-22955

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and ex ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：62 | 回复：0
CVE漏洞

CVE-2022-1346

Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitiv ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：84 | 回复：0
CVE漏洞

CVE-2022-1344

Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：56 | 回复：0
CVE漏洞

CVE-2022-1337

The image proxy component in Mattermost version 6.4.1 and earlier allocates memory for multiple copies of a proxied image, which allows an authenticated attacker to crash the server via links to very ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：38 | 回复：0
CVE漏洞

CVE-2022-1333

Mattermost Playbooks plugin v1.24.0 and earlier fails to properly check the limit on the number of webhooks, which allows authenticated and authorized users to create a specifically drafted Playbook w ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：39 | 回复：0
CVE漏洞

CVE-2022-1332

One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions an ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：45 | 回复：0
CVE漏洞

CVE-2022-1280

A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：43 | 回复：0
CVE漏洞

CVE-2022-1246

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-1280. Reason: This candidate is a reservation duplicate of CVE-2022-1280. Notes: All CVE users should reference CVE-2022-1280 instea ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：41 | 回复：0
CVE漏洞

CVE-2022-0221

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could result in information disclosure when opening a malicious solution file provided by an attacker with SC ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：46 | 回复：0
CVE漏洞

CVE-2021-42136

A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows remote attackers to execute JavaScript code in the client's browser by stor ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：49 | 回复：0
CVE漏洞

CVE-2021-22797

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may re ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：43 | 回复：0
CVE漏洞

CVE-2021-22795

A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when performed over the network. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：45 | 回复：0
CVE漏洞

CVE-2021-22794

A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution. Affected Product: StruxureWare Data Center ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：73 | 回复：0
CVE漏洞

CVE-2019-6834

A CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker to execute arbitrary code on the targeted system with SYSTEM privileges when placing a malicious user to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：45 | 回复：0
CVE漏洞

CVE-2015-20107

In Python (aka CPython) through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into ap ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：47 | 回复：0
CVE漏洞

CVE-2022-28052

Directory Traversal vulnerability in file cn/roothub/store/FileSystemStorageService in function store in Roothub 2.6.0 allows remote attackers with low privlege to arbitrarily upload files via /common ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：65 | 回复：0
CVE漏洞

CVE-2021-46167

An access control issue in the authentication module of wizplat PD065 v1.19 allows attackers to access sensitive data and cause a Denial of Service (DoS).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：67 | 回复：0
CVE漏洞

CVE-2022-27256

A PHP Local File inclusion vulnerability in the Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：71 | 回复：0
CVE漏洞

CVE-2022-26643

An issue in EasyIO CPT Graphics v0.8 allows attackers to discover valid users in the application.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：62 | 回复：0
CVE漏洞

CVE-2022-26144

An XSS issue was discovered in MantisBT before 2.25.3. Improper escaping of a Plugin name allows execution of arbitrary code (if CSP allows it) in manage_plugin_page.php and manage_plugin_uninstall.ph ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：74 | 回复：0
CVE漏洞

CVE-2021-43741

CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes the file name to malicious file on config.php leading to remote code execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：87 | 回复：0
CVE漏洞

CVE-2022-24308

Automox Agent prior to version 37 on Windows and Linux and Version 36 on OSX could allow for a non privileged user to obtain sensitive information during the install process.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：150 | 回复：0
CVE漏洞

CVE-2021-43742

CMSimple 5.4 is vulnerable to Cross Site Scripting (XSS) via the file upload feature.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：279 | 回复：0
CVE漏洞

CVE-2020-29653

Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET parameter. The value of this parameter is reflected in the login webpage, allowing the injection of arb ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：116 | 回复：0
CVE漏洞

CVE-2022-27475

Cross site scripting (XSS) vulnerability in tramyardg hotel-mgmt-system, allows attackers to execute arbitrary code when when /admin.php is loaded.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：63 | 回复：0
CVE漏洞

CVE-2022-1339

SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：57 | 回复：0
CVE漏洞

CVE-2022-29156

drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：53 | 回复：0
CVE漏洞

CVE-2022-22279

** UNSUPPORTED WHEN ASSIGNED ** A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (S ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：61 | 回复：0
CVE漏洞

CVE-2022-26589

A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to delete arbitrary pages.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：49 | 回复：0