漏洞 - 第211页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-30011

In HMS 1.0 when requesting appointment.php through POST, multiple parameters can lead to a SQL injection vulnerability.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：5 | 回复：0
CVE漏洞

CVE-2022-30782

Openmoney API through 2020-06-29 uses the JavaScript Math.random function, which does not provide cryptographically secure random numbers.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：5 | 回复：0
CVE漏洞

CVE-2022-29588

Konica Minolta bizhub MFP devices before 2022-04-14 use cleartext password storage for the /var/log/nginx/html/ADMINPASS and /etc/shadow files.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：5 | 回复：0
CVE漏洞

CVE-2022-29587

Konica Minolta bizhub MFP devices before 2022-04-14 have an internal Chromium browser that executes with root (aka superuser) access privileges.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：5 | 回复：0
CVE漏洞

CVE-2022-29586

Konica Minolta bizhub MFP devices before 2022-04-14 allow a Sandbox Escape. An attacker must attach a keyboard to a USB port, press F12, and then escape from the kiosk mode.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE漏洞

CVE-2022-30781

Gitea before 1.16.7 does not escape git fetch remote.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE漏洞

CVE-2022-30779

Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution via an unserialize pop chain in __destruct in GuzzleHttp\Cookie\FileCookieJar.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：5 | 回复：0
CVE漏洞

CVE-2022-30778

Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution via an unserialize pop chain in __destruct in Illuminate\Broadcasting\PendingBroadcast.php and ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：5 | 回复：0
CVE漏洞

CVE-2022-30775

xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE漏洞

CVE-2022-30770

Terminalfour before 8.3.8 allows XSS, aka RDSM-31817. 8.2.18.2.1 and 8.2.18.5 are also fixed versions.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE漏洞

CVE-2022-30767

nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：5 | 回复：0
CVE漏洞

CVE-2022-30763

Janet before 1.22.0 mishandles arrays.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE漏洞

CVE-2022-30765

Calibre-Web before 0.6.18 allows user table SQL Injection.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：5 | 回复：0
CVE漏洞

CVE-2022-30049

A Server-Side Request Forgery (SSRF) in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：5 | 回复：0
CVE漏洞

CVE-2022-28930

ERP-Pro v3.7.5 was discovered to contain a SQL injection vulnerability via the component /base/SysEveMenuAuthPointMapper.xml..……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE漏洞

CVE-2022-28937

FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via an invalid proposal with an invalid header, will cause normal nodes to stop producing new blocks and process ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE漏洞

CVE-2022-28936

FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node can trigger an integer overflow and cause a Denial of Service (DoS) via an unusually large viewchange message pac ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：5 | 回复：0
CVE漏洞

CVE-2022-28929

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the delid parameter at viewtreatmentrecord.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-41965

A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4.5 that allows an authenticated attacker to issue an arbitrary SQL command to the database through the unsanitized EN_tyid, theID ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE漏洞

CVE-2022-30708

Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-e ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE漏洞

CVE-2022-1379

URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：5 | 回复：0
CVE漏洞

CVE-2022-24831

OpenClinica is an open source software for Electronic Data Capture (EDC) and Clinical Data Management (CDM). Versions prior to 3.16.1 are vulnerable to SQL injection due to the use of string concatena ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：5 | 回复：0
CVE漏洞

CVE-2022-24830

OpenClinica is an open source software for Electronic Data Capture (EDC) and Clinical Data Management (CDM). OpenClinica prior to version 3.16 is vulnerable to path traversal in multiple endpoints, le ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE漏洞

CVE-2022-25865

The package workspace-tools before 0.18.4 are vulnerable to Command Injection via git argument injection. When calling the fetchRemoteBranch(remote: string, remoteBranch: string, cwd: string) function ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：5 | 回复：0
CVE漏洞

CVE-2022-25862

This affects the package sds from 0.0.0. The library could be tricked into adding or modifying properties of the Object.prototype by abusing the set function located in js/set.js. **Note:** This vulne ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE漏洞

CVE-2022-22282

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connections from an unauthorized actor leading to Improper Access Cont ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE漏洞

CVE-2022-22281

A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client (32 and 64 bit) in 10.2.322 and earlier versions, allows an attacker to potentially execute arbitrary code in the ho ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE漏洞

CVE-2022-21190

This affects the package convict before 6.2.3. This is a bypass of (https://security.snyk.io/vuln/SNYK-JS-CONVICT-2340604). The (https://github.com/mozilla/node-convict/commit/3b86be087d8f14681a9c889d ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE漏洞

CVE-2022-1702

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Ope ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE漏洞

CVE-2022-1701

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE漏洞

CVE-2022-22393

IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.5 , with the adminCenter-1.0 feature configured, could allow an authenticated user to issue a request to obtain the status of HTTP/HTTP ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：5 | 回复：0
CVE漏洞

CVE-2022-22325

IBM MQ (IBM MQ for HPE NonStop 8.1.0) can inadvertently disclose sensitive information under certain circumstances to a local user from a stack trace. IBM X-Force ID: 218853.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE漏洞

CVE-2022-1715

Account Takeover in GitHub repository neorazorx/facturascripts prior to 2022.07.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：5 | 回复：0
CVE漏洞

CVE-2022-29433

Authenticated (contributor or higher role) Cross-Site Scripting (XSS) vulnerability in Donations plugin = 1.8 on WordPress.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE漏洞

CVE-2022-22252

The DFX module has a UAF vulnerability.Successful exploitation of this vulnerability may affect system stability.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-33013

mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive system information.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：5 | 回复：0
CVE漏洞

CVE-2021-33009

mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to the file system.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：5 | 回复：0
CVE漏洞

CVE-2021-33005

mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to arbitrary directories.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：5 | 回复：0
CVE漏洞

CVE-2021-27505

mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive directory listing information.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：5 | 回复：0
CVE漏洞

CVE-2022-30417

Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via ctpms/admin/?page=user/manage_userid=.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0