漏洞 - 第199页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-1816

A vulnerability, which was classified as problematic, has been found in Zoo Management System 1.0. Affected by this issue is /zoo/admin/public_html/view_accounts?type=zookeeper of the content module. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：35 | 回复：0
CVE漏洞

CVE-2022-1810

Improper Access Control in GitHub repository publify/publify prior to 9.2.9.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：21 | 回复：0
CVE漏洞

CVE-2022-29599

In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：26 | 回复：0
CVE漏洞

CVE-2022-28874

Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer overflo ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：28 | 回复：0
CVE漏洞

CVE-2022-1825

Cross-site Scripting (XSS) - Reflected in GitHub repository collectiveaccess/providence prior to 1.8.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-42586

A heap buffer overflow was discovered in copy_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-42585

A heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：29 | 回复：0
CVE漏洞

CVE-2022-1558

The Curtain WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：25 | 回复：0
CVE漏洞

CVE-2022-1547

The Check Log Email WordPress plugin before 1.0.6 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：26 | 回复：0
CVE漏洞

CVE-2022-1320

The Sliderby10Web WordPress plugin before 1.2.52 does not properly sanitize and escape some of its settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attac ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：30 | 回复：0
CVE漏洞

CVE-2022-1298

The Tabs WordPress plugin before 2.2.8 does not sanitise and escape Tab descriptions, which could allow high privileged users with a role as low as editor to perform Cross-Site Scripting attacks even ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：24 | 回复：0
CVE漏洞

CVE-2022-1268

The Donate Extra WordPress plugin through 2.02 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected cross-Site Scripting……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：22 | 回复：0
CVE漏洞

CVE-2022-1221

The Gwyn's Imagemap Selector WordPress plugin through 0.3.3 does not sanitise and escape some parameters before outputting them back in attributes, leading to a Reflected Cross-Site Scripting.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：25 | 回复：0
CVE漏洞

CVE-2022-1218

The Domain Replace WordPress plugin through 1.3.8 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：25 | 回复：0
CVE漏洞

CVE-2022-1192

The Turn off all comments WordPress plugin through 1.0 does not sanitise and escape the rows parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：25 | 回复：0
CVE漏洞

CVE-2022-1093

The WP Meta SEO WordPress plugin before 4.4.7 does not sanitise or escape the breadcrumb separator before outputting it to the page, allowing a high privilege user such as an administrator to inject a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：21 | 回复：0
CVE漏洞

CVE-2022-1014

The WP Contacts Manager WordPress plugin through 2.2.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to an SQL injec ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：18 | 回复：0
CVE漏洞

CVE-2022-0781

The Nirweb support WordPress plugin before 2.8.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action (available to unauthenticated users), leading to an SQL ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：18 | 回复：0
CVE漏洞

CVE-2022-0346

The XML Sitemap Generator for Google WordPress plugin before 2.0.4 does not validate a parameter which can be set to an arbitrary value, thus causing XSS via error message or RCE if allow_url_include ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-41834

JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：16 | 回复：0
CVE漏洞

CVE-2022-1813

OS Command Injection in GitHub repository yogeshojha/rengine prior to 1.2.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：15 | 回复：0
CVE漏洞

CVE-2022-1809

Access of Uninitialized Pointer in GitHub repository radareorg/radare2 prior to 5.7.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：10 | 回复：0
CVE漏洞

CVE-2022-31268

A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname).……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：7 | 回复：0
CVE漏洞

CVE-2022-31267

Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext '[email protected]\n\trole = #ad ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：7 | 回复：0
CVE漏洞

CVE-2022-31264

Solana solana_rbpf before 0.2.29 has an addition integer overflow via invalid ELF program headers. elf.rs has a panic via a malformed eBPF program.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：7 | 回复：0
CVE漏洞

CVE-2022-31259

The route lookup process in beego through 1.12.4 and 2.x through 2.0.2 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：7 | 回复：0
CVE漏洞

CVE-2022-1752

Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE漏洞

CVE-2022-29222

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.5, a DTLS Client could provide a Certificate that it doesn't posses the private key for and Pion DTLS wo ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：5 | 回复：0
CVE漏洞

CVE-2022-29216

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's `saved_model_cli` tool is vulnerable to a code injection. This can be use ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：5 | 回复：0
CVE漏洞

CVE-2022-29215

RegionProtect is a plugin that allows users to manage certain events in certain regions of the world. Versions prior to 1.1.0 contain a YAML injection vulnerability that can cause an instant server cr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：5 | 回复：0
CVE漏洞

CVE-2022-29214

NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. Prior to versions 3.29.3 and 4.3.3, an open redirect vulnerability is present when the developer is implemen ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：5 | 回复：0
CVE漏洞

CVE-2022-29213

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the `tf.compat.v1.signal.rfft2d` and `tf.compat.v1.signal.rfft3d` lack input validation an ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：5 | 回复：0
CVE漏洞

CVE-2022-29212

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, certain TFLite models that were created using TFLite model converter would crash when load ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：5 | 回复：0
CVE漏洞

CVE-2022-29211

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.histogram_fixed_width` is vulnerable to a crash when the values ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：5 | 回复：0
CVE漏洞

CVE-2022-29210

TensorFlow is an open source platform for machine learning. In version 2.8.0, the `TensorKey` hash function used total estimated `AllocatedBytes()`, which (a) is an estimate per tensor, and (b) is a v ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：5 | 回复：0
CVE漏洞

CVE-2022-29209

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions (e.g., `CHECK_LT`, `CHECK_GT`, etc. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：5 | 回复：0
CVE漏洞

CVE-2022-29190

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, an attacker can send packets that sends Pion DTLS into an infinite loop when processing. Version 2.1.4 co ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：5 | 回复：0
CVE漏洞

CVE-2022-29189

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, a buffer that was used for inbound network traffic had no upper limit. Pion DTLS would buffer all network ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：5 | 回复：0
CVE漏洞

CVE-2022-29188

Smokescreen is an HTTP proxy. The primary use case for Smokescreen is to prevent server-side request forgery (SSRF) attacks in which external attackers leverage the behavior of applications to connect ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：5 | 回复：0
CVE漏洞

CVE-2022-31258

In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：5 | 回复：0