漏洞 - 第166页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-26151

Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：48 | 回复：0
CVE漏洞

CVE-2021-44520

In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：43 | 回复：0
CVE漏洞

CVE-2022-1330

stored xss due to unsantized anchor url in GitHub repository alvarotrigo/fullpage.js prior to 4.0.4. stored xss .……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：70 | 回复：0
CVE漏洞

CVE-2022-0436

Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：45 | 回复：0
CVE漏洞

CVE-2022-29052

Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private keys unencrypted in cloud agent config.xml files on the Jenkins controller where they can be viewed by users with Extended Read pe ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：51 | 回复：0
CVE漏洞

CVE-2022-29051

Missing permission checks in Jenkins Publish Over FTP Plugin 1.16 and earlier allow attackers with Overall/Read permission to connect to an FTP server using attacker-specified credentials.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：47 | 回复：0
CVE漏洞

CVE-2022-29050

A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over FTP Plugin 1.16 and earlier allows attackers to connect to an FTP server using attacker-specified credentials.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：32 | 回复：0
CVE漏洞

CVE-2022-29049

Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not validate the names of promotions defined in Job DSL, allowing attackers with Job/Configure permission to create a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：28 | 回复：0
CVE漏洞

CVE-2022-29048

A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：39 | 回复：0
CVE漏洞

CVE-2022-29047

Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a_4eb_b_e039 and earlier, except 2.21.3, allows attackers able to submit pull requests (or equivalent), but not able to commit directly to the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：26 | 回复：0
CVE漏洞

CVE-2022-29046

Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：22 | 回复：0
CVE漏洞

CVE-2022-29045

Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not escape the name and description of Promoted Build parameters on views displaying parameters, resulting in a store ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：18 | 回复：0
CVE漏洞

CVE-2022-29044

Jenkins Node and Label parameter Plugin 1.10.3 and earlier does not escape the name and description of Node and Label parameters on views displaying parameters, resulting in a stored cross-site script ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：20 | 回复：0
CVE漏洞

CVE-2022-29043

Jenkins Mask Passwords Plugin 3.0 and earlier does not escape the name and description of Non-Stored Password parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：21 | 回复：0
CVE漏洞

CVE-2022-29042

Jenkins Job Generator Plugin 1.22 and earlier does not escape the name and description of Generator Parameter and Generator Choice parameters on Job Generator jobs' Build With Parameters views, re ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：21 | 回复：0
CVE漏洞

CVE-2022-29041

Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored cros ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：20 | 回复：0
CVE漏洞

CVE-2022-29040

Jenkins Git Parameter Plugin 0.9.15 and earlier does not escape the name and description of Git parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerabilit ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：21 | 回复：0
CVE漏洞

CVE-2022-29039

Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：21 | 回复：0
CVE漏洞

CVE-2022-29038

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the name and description of Extended Choice parameters on views displaying parameters, resulting in a stored cro ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：24 | 回复：0
CVE漏洞

CVE-2022-29037

Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerabil ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：27 | 回复：0
CVE漏洞

CVE-2022-29036

Jenkins Credentials Plugin 1111.v35a_307992395 and earlier, except 1087.1089.v2f1b_9a_b_040e4, 1074.1076.v39c30cecb_0e2, and 2.6.1.1, does not escape the name and description of Credentials parameters ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：31 | 回复：0
CVE漏洞

CVE-2022-27419

rtl_433 21.12 was discovered to contain a stack overflow in the function acurite_00275rm_decode at /devices/acurite.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a craf ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：48 | 回复：0
CVE漏洞

CVE-2022-27418

Tcpreplay v4.4.1 has a heap-based buffer overflow in do_checksum_math at /tcpedit/checksum.c.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：33 | 回复：0
CVE漏洞

CVE-2022-27416

Tcpreplay v4.4.1 was discovered to contain a double-free via __interceptor_free.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：51 | 回复：0
CVE漏洞

CVE-2022-27387

MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：44 | 回复：0
CVE漏洞

CVE-2022-27386

MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：48 | 回复：0
CVE漏洞

CVE-2022-27385

An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via speci ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：50 | 回复：0
CVE漏洞

CVE-2022-27384

An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL state ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：45 | 回复：0
CVE漏洞

CVE-2022-27383

MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：50 | 回复：0
CVE漏洞

CVE-2022-27382

MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：38 | 回复：0
CVE漏洞

CVE-2022-27381

An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：44 | 回复：0
CVE漏洞

CVE-2022-27380

An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：35 | 回复：0
CVE漏洞

CVE-2022-27379

An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statemen ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：33 | 回复：0
CVE漏洞

CVE-2022-27378

An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：23 | 回复：0
CVE漏洞

CVE-2022-27377

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：21 | 回复：0
CVE漏洞

CVE-2022-27376

MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：24 | 回复：0
CVE漏洞

CVE-2022-0915

There is a Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability in Logitech Sync for Windows prior to 2.4.574. Successful exploitation of these vulnerabilities may escalate the permission t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：24 | 回复：0
CVE漏洞

CVE-2022-24765

Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：24 | 回复：0
CVE漏洞

CVE-2022-24842

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. A security issue was found where an non-admin user is able to create service accounts for root or othe ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：21 | 回复：0
CVE漏洞

CVE-2022-24767

GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：22 | 回复：0