漏洞 - 第226页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-1629

Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：71 | 回复：0
CVE漏洞

CVE-2022-1621

Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possib ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：55 | 回复：0
CVE漏洞

CVE-2022-1537

file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：49 | 回复：0
CVE漏洞

CVE-2022-1397

API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Full system takeover.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：33 | 回复：0
CVE漏洞

CVE-2022-29591

Tenda TX9 Pro 22.03.02.10 devices have a SetNetControlList buffer overflow.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：30 | 回复：0
CVE漏洞

CVE-2022-28110

Hotel Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at the login page.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-43094

An SQL Injection vulnerability exists in OpenMRS Reference Application Standalone Edition =2.11 and Platform Standalone Edition =2.4.0 via GET requests on arbitrary parameters in patient.page.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-42645

CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnerability. To exploit this vulnerability, an attacker must use the File parameter to upload a PHP payload to get a reverse shell from ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：31 | 回复：0
CVE漏洞

CVE-2022-24042

A vulnerability has been identified in Desigo DXR2 (All versions V01.21.142.5-22), Desigo PXC3 (All versions V01.21.142.4-18), Desigo PXC4 (All versions V02.20.142.10-10884), Desigo PXC5 (All versi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：30 | 回复：0
CVE漏洞

CVE-2022-24041

A vulnerability has been identified in Desigo DXR2 (All versions V01.21.142.5-22), Desigo PXC3 (All versions V01.21.142.4-18), Desigo PXC4 (All versions V02.20.142.10-10884), Desigo PXC5 (All versi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：29 | 回复：0
CVE漏洞

CVE-2022-24040

A vulnerability has been identified in Desigo DXR2 (All versions V01.21.142.5-22), Desigo PXC3 (All versions V01.21.142.4-18), Desigo PXC4 (All versions V02.20.142.10-10884), Desigo PXC5 (All versi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：30 | 回复：0
CVE漏洞

CVE-2022-24039

A vulnerability has been identified in Desigo PXC4 (All versions V02.20.142.10-10884), Desigo PXC5 (All versions V02.20.142.10-10884). The “addCell” JavaScript function fails to properly sanitize ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-42581

** DISPUTED ** Prototype poisoning in function mapObjIndexed in Ramda 0.27.0 and earlier allows attackers to compromise integrity or availability of application via supplying a crafted object (that co ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-41545

A vulnerability has been identified in Desigo DXR2 (All versions V01.21.142.5-22), Desigo PXC3 (All versions V01.21.142.4-18), Desigo PXC4 (All versions V02.20.142.10-10884), Desigo PXC5 (All versi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：37 | 回复：0
CVE漏洞

CVE-2022-23705

A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays, and HPE Nimble Storage Secondary Flash Arrays which could potentially allow ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：54 | 回复：0
CVE漏洞

CVE-2022-23704

A potential security vulnerability has been identified in Integrated Lights-Out 4 (iLO 4). The vulnerability could allow remote Denial of Service. The vulnerability is resolved in Integrated Lights-Ou ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：50 | 回复：0
CVE漏洞

CVE-2021-43712

Stored XSS in Add New Employee Form in Sourcecodester Employee Daily Task Management System 1.0 Allows Remote Attacker to Inject/Store Arbitrary Code via the Name Field.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：64 | 回复：0
CVE漏洞

CVE-2022-30335

Bonanza Wealth Management System (BWM) 7.3.2 allows SQL injection via the login form. Users who supply the application with a SQL injection payload in the User Name textbox could collect all passwords ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：91 | 回复：0
CVE漏洞

CVE-2022-29868

1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass. Malicious software running on the same computer can exfiltrate secrets from 1Password provided that 1Pa ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：66 | 回复：0
CVE漏洞

CVE-2022-30524

There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by (for example) ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：58 | 回复：0
CVE漏洞

CVE-2022-30240

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift JDBC Driver 1.2.40 through 1.2.55 may allow a local user to execute code. NOTE: ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：47 | 回复：0
CVE漏洞

CVE-2022-30239

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena JDBC Driver 2.0.25 through 2.0.28 may allow a local user to execute code. NOTE: t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：49 | 回复：0
CVE漏洞

CVE-2022-29972

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift ODBC Driver (1.4.14 through 1.4.21.1001 and 1.4.22 through 1.4.x before 1.4.52) ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：40 | 回复：0
CVE漏洞

CVE-2022-29971

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena ODBC Driver 1.1.1 through 1.1.x before 1.1.17 may allow a local user to execute a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：43 | 回复：0
CVE漏洞

CVE-2022-29933

Craft CMS through 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid username, to reset the account's password and take over the account by providing a crafted HTTP head ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：51 | 回复：0
CVE漏洞

CVE-2022-28739

There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：40 | 回复：0
CVE漏洞

CVE-2022-28738

A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to u ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：44 | 回复：0
CVE漏洞

CVE-2022-27412

Explore CMS v1.0 was discovered to contain a SQL injection vulnerability via a /page.php?id= request.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：39 | 回复：0
CVE漏洞

CVE-2022-27308

A stored cross-site scripting (XSS) vulnerability in PHProjekt PhpSimplyGest v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a project title.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：92 | 回复：0
CVE漏洞

CVE-2022-28162

Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：88 | 回复：0
CVE漏洞

CVE-2022-28161

An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh pas ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：70 | 回复：0
CVE漏洞

CVE-2022-27114

There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls malloc,'img-width' and 'img-height' they are large enough to cause an integer overflow. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：63 | 回复：0
CVE漏洞

CVE-2022-22481

IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could allow a remote attacker to obtain access to the web interface without valid credentials. By modifying the sign on request, an attacker ca ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：81 | 回复：0
CVE漏洞

CVE-2022-22319

IBM Robotic Process Automation 21.0.1 could allow a register user on the system to physically delete a queue that could cause disruption for any scripts dependent on the queue. IBM X-Force ID: 218366.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：81 | 回复：0
CVE漏洞

CVE-2022-1338

The Easily Generate Rest API Url WordPress plugin through 1.0.0 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：113 | 回复：0
CVE漏洞

CVE-2022-1303

The Slide Anything WordPress plugin before 2.3.44 does not sanitize and escape sliders' description, which could allow high privilege users such as editor and above to perform Cross-Site Scripting ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：184 | 回复：0
CVE漏洞

CVE-2022-1171

The Vertical scroll recent post WordPress plugin before 14.0 does not sanitise and escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：116 | 回复：0
CVE漏洞

CVE-2022-1104

The Popup Maker WordPress plugin before 1.16.5 does not sanitise and escape some of its Popup settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting atta ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：67 | 回复：0
CVE漏洞

CVE-2022-1047

The Themify Post Type Builder Search Addon WordPress plugin before 1.4.0 does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scriptin ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：68 | 回复：0
CVE漏洞

CVE-2022-1013

The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：51 | 回复：0