漏洞 - 第203页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-28985

A stored cross-site scripting (XSS) vulnerability in the addNewPost component of OrangeHRM v4.10.1 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：95 | 回复：0
CVE漏洞

CVE-2022-28965

Multiple DLL hijacking vulnerabilities via the components instup.exe and wsc_proxy.exe in Avast Premium Security before v21.11.2500 allows attackers to execute arbitrary code or cause a Denial of Serv ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：65 | 回复：0
CVE漏洞

CVE-2022-28964

An arbitrary file write vulnerability in Avast Premium Security before v21.11.2500 (build 21.11.6809.528) allows attackers to cause a Denial of Service (DoS) via a crafted DLL file.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：58 | 回复：0
CVE漏洞

CVE-2022-21500

Vulnerability in Oracle E-Business Suite (component: Manage Proxies). The supported version that is affected is 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network acce ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：49 | 回复：0
CVE漏洞

CVE-2020-4107

HCL Domino is affected by an Insufficient Access Control vulnerability. An authenticated attacker with local access to the system could exploit this vulnerability to attain escalation of privileges, d ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：31 | 回复：0
CVE漏洞

CVE-2022-29652

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=save_client.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：30 | 回复：0
CVE漏洞

CVE-2022-29304

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /classes/master.php?f=delete_ Facility.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：41 | 回复：0
CVE漏洞

CVE-2022-28962

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=delete_client.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：23 | 回复：0
CVE漏洞

CVE-2022-28961

Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：23 | 回复：0
CVE漏洞

CVE-2022-28960

A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：22 | 回复：0
CVE漏洞

CVE-2022-28959

Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：17 | 回复：0
CVE漏洞

CVE-2022-28948

An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：19 | 回复：0
CVE漏洞

CVE-2022-28946

An issue in the component ast/parser.go of Open Policy Agent v0.39.0 causes the application to incorrectly interpret every expression, causing a Denial of Service (DoS) via triggering out-of-range mem ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：18 | 回复：0
CVE漏洞

CVE-2022-30618

An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for API users if content types accessible to the authenticated ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：18 | 回复：0
CVE漏洞

CVE-2022-30617

An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for other admin panel users that have a relationship (e.g., cr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：16 | 回复：0
CVE漏洞

CVE-2022-1423

Improper access control in the CI/CD cache mechanism in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 bef ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：18 | 回复：0
CVE漏洞

CVE-2022-1416

Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：17 | 回复：0
CVE漏洞

CVE-2022-1413

Missing input masking in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 causes potentially ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-32934

The affected ThroughTek P2P products (SDKs using versions before 3.1.5, any versions with nossl tag, device firmware not using AuthKey for IOTC conneciton, firmware using AVAPI module without enabling ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：18 | 回复：0
CVE漏洞

CVE-2020-16235

Inadequate encryption may allow the credentials used by Emerson OpenEnterprise, up through version 3.3.5, to access field devices and external systems to be obtained.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：16 | 回复：0
CVE漏洞

CVE-2020-16231

The affected Bachmann Electronic M-Base Controllers of version MSYS v1.06.14 and later use weak cryptography to protect device passwords. Affected controllers that are actively supported include MX207 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：17 | 回复：0
CVE漏洞

CVE-2020-16209

A malicious attacker could exploit the interface of the Fieldcomm Group HART-IP (release 1.0.0.0) by constructing messages with sufficiently large payloads to overflow the internal buffer and crash th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：14 | 回复：0
CVE漏洞

CVE-2020-14496

Successful exploitation of this vulnerability for multiple Mitsubishi Electric Factory Automation Engineering Software Products of various versions could allow an attacker to escalate privilege and ex ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：14 | 回复：0
CVE漏洞

CVE-2022-29449

Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Opal Hotel Room Booking plugin = 1.2.7 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：12 | 回复：0
CVE漏洞

CVE-2022-29446

Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Counter Box plugin = 1.1.1 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：11 | 回复：0
CVE漏洞

CVE-2022-28927

A remote code execution (RCE) vulnerability in Subconverter v0.7.2 allows attackers to execute arbitrary code via crafted config and url parameters.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：10 | 回复：0
CVE漏洞

CVE-2022-1796

Use After Free in GitHub repository vim/vim prior to 8.2.4979.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：10 | 回复：0
CVE漏洞

CVE-2020-4970

IBM Security Identity Governance and Intelligence 5.2.4, 5.2.5, and 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：9 | 回复：0
CVE漏洞

CVE-2022-22978

In Spring Security versions 5.5.6 and 5.6.3 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMa ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：8 | 回复：0
CVE漏洞

CVE-2022-22976

Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work facto ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-45730

JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Repository Layouts while Repository Layouts configuration should onl ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-37413

GRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in the admin login interface. A remote unauthenticated attacker can exploit this vulnerability to obtain administrative access to the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-26631

Improper input validation vulnerability in Mangboard commerce package could lead to occur for abnormal request. A remote attacker can exploit this vulnerability to manipulate the total order amount in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-26630

Improper input validation vulnerability in HANDY Groupware’s ActiveX moudle allows attackers to download or execute arbitrary files. This vulnerability can be exploited by using the file download or ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：8 | 回复：0
CVE漏洞

CVE-2022-30018

Mobotix Control Center (MxCC) through 2.5.4.5 has Insufficiently Protected Credentials, Storing Passwords in a Recoverable Format via the MxCC.ini config file. The credential storage method in this so ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：8 | 回复：0
CVE漏洞

CVE-2022-1730

Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 18.0.4.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-41938

An issue was discovered in ShopXO CMS 2.2.0. After entering the management page, there is an arbitrary file upload vulnerability in three locations.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：8 | 回复：0
CVE漏洞

CVE-2022-1785

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：7 | 回复：0
CVE漏洞

CVE-2022-1183

On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-o ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE漏洞

CVE-2022-1670

When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users. It was possible to bypass this restriction of validity to create extra us ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0