漏洞 - 第179页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-20754

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：42 | 回复：0
CVE漏洞

CVE-2022-20741

A vulnerability in the web-based management interface of the Network Diagrams application for Cisco Secure Network Analytics, formerly Stealthwatch Enterprise, could allow an authenticated, remote att ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：45 | 回复：0
CVE漏洞

CVE-2022-20675

A vulnerability in the TCP/IP stack of Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Secure Email and Web Manager, formerly Security Management Appliance, could a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：37 | 回复：0
CVE漏洞

CVE-2022-20665

A vulnerability in the CLI of Cisco StarOS could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient input validation of CLI c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：28 | 回复：0
CVE漏洞

CVE-2022-26850

When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. On most platforms, the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：32 | 回复：0
CVE漏洞

CVE-2022-24822

Podium is a library for building micro frontends. @podium/layout is a module for building a Podium layout server, and @podium/proxy is a module for proxying HTTP requests from a layout server to a pod ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：28 | 回复：0
CVE漏洞

CVE-2022-20784

A vulnerability in the Web-Based Reputation Score (WBRS) engine of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass established w ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-43138

In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：29 | 回复：0
CVE漏洞

CVE-2022-22410

IBM Watson Query with Cloud Pak for Data as a Service could allow an authenticated user to obtain sensitive information that would allow them to examine or alter system configurations or data sources ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-41026

A relative path traversal in FortiWeb versions 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially craft ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-32585

An improper neutralization of input during web page generation vulnerability in FortiWAN before 4.5.9 may allow an attacker to perform a stored cross-site scripting attack via specifically crafted HT ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-26116

An improper neutralization of special elements used in an OS command vulnerability in the command line interpreter of FortiAuthenticator before 6.3.1 may allow an authenticated attacker to execute una ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-26113

A use of a one-way hash with a predictable salt vulnerability in FortiWAN before 4.5.9 may allow an attacker who has previously come in possession of the password file to potentially guess passwords ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-26104

Multiple OS command injection (CWE-78) vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, FortiAnalyzer 6.2.7 an ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-22127

An improper input validation vulnerability in FortiClient for Linux 6.4.x before 6.4.3, FortiClient for Linux 6.2.x before 6.2.9 may allow an unauthenticated attacker to execute arbitrary code on the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：29 | 回复：0
CVE漏洞

CVE-2022-27110

OrangeHRM 4.10 is vulnerable to a Host header injection redirect via viewPersonalDetails endpoint.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：37 | 回复：0
CVE漏洞

CVE-2022-27109

OrangeHRM 4.10 suffers from a Referer header injection redirect vulnerability.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：37 | 回复：0
CVE漏洞

CVE-2022-27108

OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference (IDOR) via the end point symfony/web/index.php/time/createTimesheet`. Any user can create a timesheet in another user's account. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：33 | 回复：0
CVE漏洞

CVE-2022-27107

OrangeHRM 4.10 is vulnerable to Stored XSS in the Share Video section under OrangeBuzz via the GET/POST createVideo parameter……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：30 | 回复：0
CVE漏洞

CVE-2022-24793

PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.12 and prior affects applications that uses PJSIP DNS resolution. It doesn ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：30 | 回复：0
CVE漏洞

CVE-2022-24786

PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI (Reference Picture Selection Indication) packet, b ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：25 | 回复：0
CVE漏洞

CVE-2022-1253

Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：26 | 回复：0
CVE漏洞

CVE-2022-1240

Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub repository radareorg/radare2 prior to 5.8.6. If address sanitizer is disabled during the compiling, the program should executes into the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：28 | 回复：0
CVE漏洞

CVE-2022-23440

A use of hard-coded cryptographic key vulnerability in the registration mechanism of FortiEDR collectors versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow a local attacker to disable and uninstall the co ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：27 | 回复：0
CVE漏洞

CVE-2022-1238

Heap-based Buffer Overflow in libr/bin/format/ne/ne.c in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：30 | 回复：0
CVE漏洞

CVE-2022-1237

Improper Validation of Array Index in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overfl ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-44169

A improper initialization in Fortinet FortiClient (Windows) version 6.0.10 and below, version 6.2.9 and below, version 6.4.7 and below, version 7.0.3 and below allows attacker to gain administrative p ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-43205

An exposure of sensitive information to an unauthorized actor vulnerability in FortiClient for Linux version 7.0.2 and below, 6.4.7 and below and 6.2.9 and below may allow an unauthenticated attacker ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-32593

A use of a broken or risky cryptographic algorithm vulnerability in the Dynamic Tunnel Protocol of FortiWAN before 4.5.9 may allow an unauthenticated remote attacker to decrypt and forge protocol com ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：46 | 回复：0
CVE漏洞

CVE-2021-26114

Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiWAN before 4.5.9 may allow an unauthenticated attacker to execute unauthorized code or commands via ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：42 | 回复：0
CVE漏洞

CVE-2021-26112

Multiple stack-based buffer overflow vulnerabilities both in network daemons and in the command line interpreter of FortiWAN before 4.5.9 may allow an unauthenticated attacker to potentially corrupt ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：60 | 回复：0
CVE漏洞

CVE-2021-24009

Multiple improper neutralization of special elements used in an OS command vulnerabilities (CWE-78) in the Web GUI of FortiWAN before 4.5.9 may allow an authenticated attacker to execute arbitrary com ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：60 | 回复：0
CVE漏洞

CVE-2022-23446

A improper control of a resource through its lifetime in Fortinet FortiEDR version 5.0.3 and earlier allows attacker to make the whole application unresponsive via changing its root directory access p ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：57 | 回复：0
CVE漏洞

CVE-2022-23441

A use of hard-coded cryptographic key vulnerability in FortiEDR versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow an unauthenticated attacker on the network to disguise as and forge messages from other c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：58 | 回复：0
CVE漏洞

CVE-2020-29013

An improper input validation vulnerability in the sniffer interface of FortiSandbox before 3.2.2 may allow an authenticated attacker to silently halt the sniffer via specifically crafted requests.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：54 | 回复：0
CVE漏洞

CVE-2022-1234

XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malici ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：72 | 回复：0
CVE漏洞

CVE-2022-1248

A vulnerability was found in SAP Information System 1.0 which has been rated as critical. Affected by this issue is the file /SAP_Information_System/controllers/add_admin.php. An unauthenticated attac ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：47 | 回复：0
CVE漏洞

CVE-2022-26110

An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before 9.0.10, and 9.1.x before 9.6.0. When a user authenticates to an HTCondor daemon via the CLAIMTOBE method, the user can then impers ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：44 | 回复：0
CVE漏洞

CVE-2021-45104

An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker who can capture HTCondor network data can interfere with users' jobs and data.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-40375

Apperta Foundation OpenEyes 3.5.1 allows remote attackers to view the sensitive information of patients without having the intended level of privilege. Despite OpenEyes returning a Forbidden error mes ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：36 | 回复：0