漏洞 - 第189页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-30332

Possible assertion due to improper validation of OTA configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：113 | 回复：0
CVE漏洞

CVE-2021-30331

Possible buffer overflow due to improper data validation of external commands sent via DIAG interface in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdrag ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：160 | 回复：0
CVE漏洞

CVE-2021-30329

Possible assertion due to improper validation of TCI configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：172 | 回复：0
CVE漏洞

CVE-2021-30328

Possible assertion due to improper validation of invalid NR CSI-IM resource configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：134 | 回复：0
CVE漏洞

CVE-2021-1950

Improper cleaning of secure memory between authenticated users can lead to face authentication bypass in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：168 | 回复：0
CVE漏洞

CVE-2021-1942

Improper handling of permissions of a shared memory region can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:10 | 阅读：209 | 回复：0
CVE漏洞

CVE-2021-27778

HCL Traveler is vulnerable to a cross-site scripting (XSS) caused by improper validation of the Name parameter for Approved Applications in the Traveler administration web pages. An attacker could exp ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：366 | 回复：0
CVE漏洞

CVE-2022-31015

Waitress is a Web Server Gateway Interface server for Python 2 and 3. Waitress versions 2.1.0 and 2.1.1 may terminate early due to a thread closing a socket while the main thread is about to call sele ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：328 | 回复：0
CVE漏洞

CVE-2022-31013

Chat Server is the chat server for Vartalap, an open-source messaging application. Versions 2.3.2 until 2.6.0 suffer from a bug in validating the access token, resulting in authentication bypass. The ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：337 | 回复：0
CVE漏洞

CVE-2022-1947

Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：332 | 回复：0
CVE漏洞

CVE-2022-1893

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository polonel/trudesk prior to 1.2.3.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：286 | 回复：0
CVE漏洞

CVE-2022-1808

Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：307 | 回复：0
CVE漏洞

CVE-2022-31011

TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing (HTAP) workloads. Under certain conditions, an attacker can construct malicious authentication reque ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：377 | 回复：0
CVE漏洞

CVE-2022-31007

eLabFTW is an electronic lab notebook manager for research teams. Prior to version 4.3.0, a vulnerability allows an authenticated user with an administrator role in a team to assign itself system admi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：325 | 回复：0
CVE漏洞

CVE-2022-31005

Vapor is an HTTP web framework for Swift. Users of Vapor prior to version 4.60.3 with FileMiddleware enabled are vulnerable to an integer overflow vulnerability that can crash the application. Version ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：323 | 回复：0
CVE漏洞

CVE-2022-31003

Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, `rest = record + 2` will access the memory behind `\ ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：305 | 回复：0
CVE漏洞

CVE-2022-31001

Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：232 | 回复：0
CVE漏洞

CVE-2022-31002

Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This typ ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：274 | 回复：0
CVE漏洞

CVE-2022-29258

XWiki Platform Filter UI provides a generic user interface to convert from a XWiki Filter input stream to an output stream with settings for each stream. Starting with versions 6.0-milestone-2 and 5.4 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：253 | 回复：0
CVE漏洞

CVE-2022-29245

SSH.NET is a Secure Shell (SSH) library for .NET. In versions 2020.0.0 and 2020.0.1, during an `X25519` key exchange, the clientâ€™s private key is generated with `System.Random`. `System.Random` i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：301 | 回复：0
CVE漏洞

CVE-2022-29243

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.7 and 23.0.4, missing input-size validation of new session names allows users to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：217 | 回复：0
CVE漏洞

CVE-2022-29220

github-action-merge-dependabot is an action that automatically approves and merges dependabot pull requests (PRs). Prior to version 3.2.0, github-action-merge-dependabot does not check if a commit cre ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：242 | 回复：0
CVE漏洞

CVE-2022-22361

IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：250 | 回复：0
CVE漏洞

CVE-2022-23082

In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function isFileOutsideDir fails to sanitize the user input which may lead to path traversal.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：292 | 回复：0
CVE漏洞

CVE-2022-30973

We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler co ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：324 | 回复：0
CVE漏洞

CVE-2022-1942

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：232 | 回复：0
CVE漏洞

CVE-2021-3555

A Buffer Overflow vulnerability in the RSTP server component of Eufy Indoor 2K Indoor Camera allows a local attacker to achieve remote code execution. This issue affects: Eufy Indoor 2K Indoor Camera ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：313 | 回复：0
CVE漏洞

CVE-2022-1926

Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.3.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：229 | 回复：0
CVE漏洞

CVE-2022-1934

Use After Free in GitHub repository mruby/mruby prior to 3.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：282 | 回复：0
CVE漏洞

CVE-2022-1931

Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：250 | 回复：0
CVE漏洞

CVE-2022-1646

The Simple Real Estate Pack WordPress plugin through 1.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scriptin ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：317 | 回复：0
CVE漏洞

CVE-2022-1645

The Amazon Link WordPress plugin through 3.2.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even whe ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：271 | 回复：0
CVE漏洞

CVE-2022-1644

The CallBook Mobile Bar WordPress plugin through 1.2.2 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks e ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：248 | 回复：0
CVE漏洞

CVE-2022-1643

The Birthdays Widget WordPress plugin through 1.7.18 does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attack ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：204 | 回复：0
CVE漏洞

CVE-2022-1611

The Bulk Page Creator WordPress plugin before 1.1.4 does not protect its page creation functionalities with nonce checks, which makes them vulnerable to CSRF.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：248 | 回复：0
CVE漏洞

CVE-2022-1589

The Change wp-admin login WordPress plugin before 1.1.0 does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：264 | 回复：0
CVE漏洞

CVE-2022-1583

The External Links in New Window / New Tab WordPress plugin before 1.43 does not ensure window.opener is set to null when links to external sites are clicked, which may enable tabnabbing attacks to oc ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：161 | 回复：0
CVE漏洞

CVE-2022-1582

The External Links in New Window / New Tab WordPress plugin before 1.43 does not properly escape URLs it concatenates to onclick event handlers, which makes Stored Cross-Site Scripting attacks possibl ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：160 | 回复：0
CVE漏洞

CVE-2022-1568

The Team Members WordPress plugin before 5.1.1 does not escape some of its Team settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilte ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：151 | 回复：0
CVE漏洞

CVE-2022-1566

The Quotes llama WordPress plugin through 0.7 does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_htm ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：124 | 回复：0