漏洞 - 第173页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-1193

Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows a malicious actor to obtain details of the latest commit in a private proje ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：24 | 回复：0
CVE漏洞

CVE-2022-1161

An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable p ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：20 | 回复：0
CVE漏洞

CVE-2022-1157

Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 of GitLab CE/EE causes potential sensitive values in invalid URLs to b ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：21 | 回复：0
CVE漏洞

CVE-2022-1067

Navigating to a specific URL with a patient ID number will result in the server generating a PDF of a lab report without authentication and rate limiting.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：24 | 回复：0
CVE漏洞

CVE-2022-0999

An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：30 | 回复：0
CVE漏洞

CVE-2022-0835

AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to an attacker or a low-privileged user.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：44 | 回复：0
CVE漏洞

CVE-2022-0552

A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-ht ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：70 | 回复：0
CVE漏洞

CVE-2021-4047

The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. This issue only affects Red Hat OpenShift 4.9.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：85 | 回复：0
CVE漏洞

CVE-2021-46742

The multi-window module has a vulnerability of unauthorized insertion and tampering of Settings.Secure data.Successful exploitation of this vulnerability may affect the availability.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：78 | 回复：0
CVE漏洞

CVE-2021-46740

The device authentication service module has a defect vulnerability introduced in the design process.Successful exploitation of this vulnerability may affect data confidentiality.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：47 | 回复：0
CVE漏洞

CVE-2021-43177

As a result of an incomplete fix for CVE-2015-7225, in versions of devise-two-factor prior to 4.0.2 it is possible to reuse a One-Time-Password (OTP) for one (and only one) immediately trailing interv ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：39 | 回复：0
CVE漏洞

CVE-2021-40065

The communication module has a service logic error vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-38125

Unauthenticated remote code execution in Micro Focus Operations Bridge containerized, affecting versions 2021.05, 2021.08, and newer versions of Micro Focus Operations Bridge containerized if the depl ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：39 | 回复：0
CVE漏洞

CVE-2021-36910

Authenticated (admin user role) Stored Cross-Site Scripting (XSS) in WP-Appbox (WordPress plugin) = 4.3.20.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-36896

Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Pricing Table (WordPress plugin) versions = 1.5.2……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-36893

Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Responsive Tabs (WordPress plugin) = 4.0.5……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-36848

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Feather (WordPress plugin) versions = 2.0.4……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：46 | 回复：0
CVE漏洞

CVE-2021-36846

Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Premio Chaty (WordPress plugin) = 2.8.3……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：42 | 回复：0
CVE漏洞

CVE-2021-22055

The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the package parameter. Attackers can also insert malicious data and fake entries.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：75 | 回复：0
CVE漏洞

CVE-2022-29035

In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：99 | 回复：0
CVE漏洞

CVE-2021-43442

A Logic Flaw vulnerability exists in i3 International Inc Annexxus Camera V5.2.0 build 150317 (Ax46), V5.0.9 build 151106 (Ax68), and V5.0.9 build 150615 (Ax78) due to a failure to allow the creation ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：123 | 回复：0
CVE漏洞

CVE-2021-39068

IBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：114 | 回复：0
CVE漏洞

CVE-2021-38930

IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9.1 89.1x.0.0, and R9.2 89.2x.0.0 could allow a remote attacker to obtain sensitive information through unpublished URLs. IBM X-Forc ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：76 | 回复：0
CVE漏洞

CVE-2021-38929

IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9.1 89.1x.0.0, and R9.2 89.2x.0.0 could allow a remote attacker to obtain sensitive information through unpublished URLs. IBM X-Forc ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：63 | 回复：0
CVE漏洞

CVE-2021-37293

A Directory Traversal vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 via the page GET parameter in index.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：70 | 回复：0
CVE漏洞

CVE-2021-37292

An Access Control vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 due to an undocumented backdoor account. A malicious user can log in using the backdor account w ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：83 | 回复：0
CVE漏洞

CVE-2021-37291

An SQL Injection vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 ivia the input_id POST parameter in index.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：85 | 回复：0
CVE漏洞

CVE-2022-27115

In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：51 | 回复：0
CVE漏洞

CVE-2021-40219

Bolt CMS = 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme to inject server-side template injection that leads to remote code executio ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：61 | 回复：0
CVE漏洞

CVE-2022-27156

Daylight Studio Fuel CMS 1.5.1 is vulnerable to HTML Injection.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：61 | 回复：0
CVE漏洞

CVE-2022-27111

Jfinal_CMS 5.1.0 allows attackers to use the feedback function to send malicious XSS code to the administrator backend and execute it.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：67 | 回复：0
CVE漏洞

CVE-2022-1023

The Podcast Importer SecondLine WordPress plugin before 1.3.8 does not sanitise and properly escape some imported data, which could allow SQL injection attacks to be performed by imported a malicious ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：65 | 回复：0
CVE漏洞

CVE-2022-1008

The One Click Demo Import WordPress plugin before 3.1.0 does not validate the imported file, allowing high privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：60 | 回复：0
CVE漏洞

CVE-2022-1007

The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the room parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：46 | 回复：0
CVE漏洞

CVE-2022-1006

The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：51 | 回复：0
CVE漏洞

CVE-2022-0989

An unprivileged user could use the functionality of the NS WooCommerce Watermark WordPress plugin through 2.11.3 to load images that hide malware for example from passing malicious domains to hide the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：47 | 回复：0
CVE漏洞

CVE-2022-0969

The Image optimization Lazy Load by Optimole WordPress plugin before 3.3.2 does not sanitise and escape its Lazyload background images for selectors settings, which could allow high privilege users s ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：47 | 回复：0
CVE漏洞

CVE-2022-0949

The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the fingerprint parameter before using it in a SQ ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：46 | 回复：0
CVE漏洞

CVE-2022-0920

The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer&#3 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：43 | 回复：0
CVE漏洞

CVE-2022-0919

The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated users to search other's booking, as well ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：51 | 回复：0