漏洞 - 第181页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-27463

Open redirect vulnerability in objects/login.json.php in WWBN AVideo through 11.6, allows attackers to arbitrarily redirect users from a crafted url to the login page.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：15 | 回复：0
CVE漏洞

CVE-2022-27462

Cross Site Scripting (XSS) vulnerability in objects/function.php in function getDeviceID in WWBN AVideo through 11.6, via the yptDevice parameter to view/include/head.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：19 | 回复：0
CVE漏洞

CVE-2022-24795

yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：17 | 回复：0
CVE漏洞

CVE-2022-0602

Cross-site Scripting (XSS) - DOM in GitHub repository tastyigniter/tastyigniter prior to 3.3.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-41752

Stack overflow vulnerability in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021 due to an unbounded recursive call to the new opt() function.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-41751

Buffer overflow vulnerability in file ecma-builtin-array-prototype.c:909 in function ecma_builtin_array_prototype_object_slice in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-30080

An issue was discovered in the route lookup process in beego through 2.0.1, allows attackers to bypass access control.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-28428

File upload vulnerability in HorizontCMS before 1.0.0-beta.3 via uploading a .htaccess and *.hello files using the Media Files upload functionality. The original file upload vulnerability (CVE-2020-27 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-27117

An issue was discovered in file profile.go in function GetCPUProfile in beego through 2.0.2, allows attackers to launch symlink attacks locally.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-27116

An issue was discovered in file profile.go in function MemProf in beego through 2.0.2, allows attackers to launch symlink attacks locally.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：28 | 回复：0
CVE漏洞

CVE-2020-28847

Cross Site Scripting (XSS) vulnerability in xCss Valine v1.4.14 via the nick parameter to /classes/Comment.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：30 | 回复：0
CVE漏洞

CVE-2020-23349

An intent redirection issue was doscovered in Sina Weibo Android SDK 4.2.7 (com.sina.weibo.sdk.share.WbShareTransActivity), any unexported Activities could be started by the com.sina.weibo.sdk.share.W ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：32 | 回复：0
CVE漏洞

CVE-2020-19229

Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this version of the java deserialization vulnerability, an attacker could exploit the vulnerability to execute a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：27 | 回复：0
CVE漏洞

CVE-2022-26986

SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this allows an attacker to read and modify the sensitive information from the database ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：29 | 回复：0
CVE漏洞

CVE-2022-26982

SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：28 | 回复：0
CVE漏洞

CVE-2022-1243

CRHTLF can lead to invalid protocol extraction potentially leading to XSS in GitHub repository medialize/uri.js prior to 1.19.11.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-41245

Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, CSRF tokens generated by `privUITransactionFile` aren't properly checked. Versions 2.7.6 and 3.0.0 con ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：24 | 回复：0
CVE漏洞

CVE-2022-26361

IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, RMRR) for Intel V ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：23 | 回复：0
CVE漏洞

CVE-2022-26360

IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, RMRR) for Intel V ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：20 | 回复：0
CVE漏洞

CVE-2022-26359

IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, RMRR) for Intel V ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：19 | 回复：0
CVE漏洞

CVE-2022-26358

IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, RMRR) for Intel V ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：19 | 回复：0
CVE漏洞

CVE-2022-26357

race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a physical device with a particular domain. The ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：20 | 回复：0
CVE漏洞

CVE-2022-26356

Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was named HVMOP_track_dirty_vram before Xen 4.9) is racy w ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-38834

easy-mock v1.5.0-v1.6.0 allows remote attackers to bypass the vm2 sandbox and execute arbitrary system commands through special js code.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：19 | 回复：0
CVE漏洞

CVE-2022-1236

Weak Password Requirements in GitHub repository weseek/growi prior to v5.0.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：16 | 回复：0
CVE漏洞

CVE-2022-1235

Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：17 | 回复：0
CVE漏洞

CVE-2022-25154

A DLL hijacking vulnerability in Samsung portable SSD T5 PC software before 1.6.9 could allow a local attacker to escalate privileges. (An attacker must already have user privileges on Windows 7, 10, ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：22 | 回复：0
CVE漏洞

CVE-2022-23909

There is an unquoted service path in Sherpa Connector Service (SherpaConnectorService.exe) 2020.2.20328.2050. This might allow a local user to escalate privileges by creating a C:\Program Files\Sherpa ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：23 | 回复：0
CVE漏洞

CVE-2022-1213

SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：20 | 回复：0
CVE漏洞

CVE-2022-1212

Use-After-Free in str_escape in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-39114

Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands b ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-33207

The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an HTTP response with a 570 status code.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：21 | 回复：0
CVE漏洞

CVE-2022-26615

A cross-site scripting (XSS) vulnerability in College Website Content Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User Prof ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：22 | 回复：0
CVE漏洞

CVE-2022-26281

BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：20 | 回复：0
CVE漏洞

CVE-2022-25356

Alt-N MDaemon Security Gateway through 8.5.0 allows SecurityGateway.dll?view=login XML Injection.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：21 | 回复：0
CVE漏洞

CVE-2022-24231

Simple Student Information System v1.0 was discovered to contain a SQL injection vulnerability via add/Student.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-45893

An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is Improper Handling of Case Sensitivity, which makes password guessing easier.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-45892

An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is storage of Passwords in a Recoverable Format.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-45891

An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4., that allows attackers to escalate privileges within the application, since all permission checks are done client-side, not server-side.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-44109

A buffer overflow in lib/sbi/message.c in Open5GS 2.3.6 and earlier allows remote attackers to Denial of Service via a crafted sbi request.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：15 | 回复：0