漏洞 - 第184页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-1105

An improper access control vulnerability in GitLab CE/EE affecting all versions from 13.11 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an unauthorized user to access pipelin ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：24 | 回复：0
CVE漏洞

CVE-2022-1100

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 13.1 prior to 14.7.7, 14.8.0 prior to 14.8.5, and 14.9.0 prior to 14.9.2. The api to update an asset as a link ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：24 | 回复：0
CVE漏洞

CVE-2022-1099

Adding a very large number of tags to a runner in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to impact the performance of Gi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：25 | 回复：0
CVE漏洞

CVE-2022-0740

Incorrect authorization in the Asana integration's branch restriction feature in all versions of GitLab CE/EE starting from version 7.8.0 before 14.7.7, all versions starting from 14.8 before 14.8 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-36851

Authenticated (editor or higher user role) Cross-Site Scripting (XSS) vulnerability in Web-Settler Testimonial Slider – Free Testimonials Slider Plugin (WordPress plugin) via parameters mpsp_posts_bg ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-36826

Authenticated (subscriber or higher user role if allowed to access projects) Stored Cross-Site Scripting (XSS) vulnerability in weDevs WP Project Manager (WordPress plugin) versions = 2.4.13.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：47 | 回复：0
CVE漏洞

CVE-2021-33010

An exception is thrown from a function in AVEVA System Platform versions 2017 through 2020 R2 P01, but it is not caught, which may cause a denial-of-service condition.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-33008

AVEVA System Platform versions 2017 through 2020 R2 P01 does not perform any authentication for functionality that requires a provable user identity.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：42 | 回复：0
CVE漏洞

CVE-2021-32994

Softing OPC UA C++ SDK (Software Development Kit) versions from 5.59 to 5.64 exported library functions don't properly validate received extension objects, which may allow an attacker to crash the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：44 | 回复：0
CVE漏洞

CVE-2021-32986

After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupte ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：56 | 回复：0
CVE漏洞

CVE-2021-32985

AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source of data or communication is valid.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：74 | 回复：0
CVE漏洞

CVE-2021-32984

All programming connections receive the same unlocked privileges, which can result in a privilege escalation. During the time Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：117 | 回复：0
CVE漏洞

CVE-2021-32982

Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 passwords are sent as plaintext during unlocking and project transfers. An attacker who has network visibility can obse ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：68 | 回复：0
CVE漏洞

CVE-2021-32981

AVEVA System Platform versions 2017 through 2020 R2 P01 uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent dire ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：45 | 回复：0
CVE漏洞

CVE-2021-32980

Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an exist ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：43 | 回复：0
CVE漏洞

CVE-2021-32978

The programming protocol allows for a previously entered password and lock state to be read by an attacker. If the previously entered password was successful, the attacker can then use the password to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：47 | 回复：0
CVE漏洞

CVE-2021-32977

AVEVA System Platform versions 2017 through 2020 R2 P01 does not verify, or incorrectly verifies, the cryptographic signature for data.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：59 | 回复：0
CVE漏洞

CVE-2022-26572

Xerox ColorQube 8580 was discovered to contain an access control issue which allows attackers to print, view the status, and obtain sensitive information.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：53 | 回复：0
CVE漏洞

CVE-2022-25569

Bettini Srl GAMS Product Line v4.3.0 was discovered to re-use static SSH keys across installations, allowing unauthenticated attackers to login as root users via extracting a key from the software.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：59 | 回复：0
CVE漏洞

CVE-2022-24814

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.7.0, unauthorized JavaScript (JS) can be executed by inserting an iframe into the rich text html int ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：51 | 回复：0
CVE漏洞

CVE-2022-24813

CreateWiki is Miraheze's MediaWiki extension for requesting creating wikis. Without the patch for this issue, anonymous comments can be made using Special:RequestWikiQueue when sent directly via ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：46 | 回复：0
CVE漏洞

CVE-2022-24801

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed sev ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：41 | 回复：0
CVE漏洞

CVE-2022-24787

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：34 | 回复：0
CVE漏洞

CVE-2022-0990

Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：56 | 回复：0
CVE漏洞

CVE-2021-43464

A Remiote Code Execution (RCE) vulnerability exiss in Subrion CMS 4.2.1 via modified code in a background field; when the information is modified, the data in it will be executed through eval().……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：36 | 回复：0
CVE漏洞

CVE-2022-24785

Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：37 | 回复：0
CVE漏洞

CVE-2020-28062

An Access Control vulnerability exists in HisiPHP 2.0.11 via special packets that are constructed in $files = Dir::getList($decompath. '/ Upload/Plugins /, which could let a remote malicious user ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：35 | 回复：0
CVE漏洞

CVE-2022-1170

In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：33 | 回复：0
CVE漏洞

CVE-2022-1169

There is a XSS vulnerability in Careerfy.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：30 | 回复：0
CVE漏洞

CVE-2022-1168

There is a Cross-Site Scripting vulnerability in the JobSearch WP JobSearch WordPress plugin before 1.5.1.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：35 | 回复：0
CVE漏洞

CVE-2022-1167

There are unauthenticated reflected Cross-Site Scripting (XSS) vulnerabilities in CareerUp Careerup WordPress theme before 2.3.1, via the filter parameters.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：43 | 回复：0
CVE漏洞

CVE-2022-1166

The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. This could expose personal data suc ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：54 | 回复：0
CVE漏洞

CVE-2022-1165

The Blackhole for Bad Bots WordPress plugin before 3.3.2 uses headers such as CF-CONNECTING-IP, CLIENT-IP etc to determine the IP address of requests hitting the blackhole URL, which allows them to be ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：57 | 回复：0
CVE漏洞

CVE-2022-1164

The Wyzi Theme was affected by reflected XSS vulnerabilities in the business search feature……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：101 | 回复：0
CVE漏洞

CVE-2022-0958

The Mark Posts WordPress plugin before 2.0.1 does not escape new markers, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：124 | 回复：0
CVE漏洞

CVE-2022-0901

The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUEST_URI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in brows ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：166 | 回复：0
CVE漏洞

CVE-2022-0887

The Easy Social Icons WordPress plugin before 3.1.4 does not sanitize the selected_icons attribute to the cnss_widget before using it in an SQL statement, leading to a SQL injection vulnerability.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：88 | 回复：0
CVE漏洞

CVE-2022-0884

The Profile Builder WordPress plugin before 3.6.8 does not sanitise and escape Form Fields titles and description, which could allow high privilege user such as admin to perform Criss-Site Scripting a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：72 | 回复：0
CVE漏洞

CVE-2022-0864

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 does not sanitise and escape the updraft_interval parameter before outputting it back in an admin page, leading to a Reflected Cr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：58 | 回复：0
CVE漏洞

CVE-2022-0837

The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：63 | 回复：0