漏洞 - 第240页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-1544

Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in GitHub repository luyadev/yii-helpers prior to 1.2.1. Successful exploitation can lead to impacts such ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:31 | 阅读：132 | 回复：0
CVE漏洞

CVE-2022-32159

In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are vulnerable to Stored XSS.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：280 | 回复：0
CVE漏洞

CVE-2022-23081

In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are vulnerable to Reflected XSS.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：289 | 回复：0
CVE漏洞

CVE-2022-23080

In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality which allows a low privileged user to perform internal network p ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：294 | 回复：0
CVE漏洞

CVE-2022-32549

Apache Sling Commons Log = 5.4.0 and Apache Sling API = 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：342 | 回复：0
CVE漏洞

CVE-2022-20651

A vulnerability in the logging component of Cisco Adaptive Security Device Manager (ASDM) could allow an authenticated, local attacker to view sensitive information in clear text on an affected system ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：348 | 回复：0
CVE漏洞

CVE-2022-23079

In motor-admin versions 0.0.1 through 0.2.56 are vulnerable to host header injection in the password reset functionality where malicious actor can send fake password reset email to arbitrary victim.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：347 | 回复：0
CVE漏洞

CVE-2022-2174

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：321 | 回复：0
CVE漏洞

CVE-2022-23078

In habitica versions v4.119.0 through v4.232.2 are vulnerable to open redirect via the login page.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：295 | 回复：0
CVE漏洞

CVE-2022-23077

In habitica versions v4.119.0 through v4.232.2 are vulnerable to DOM XSS via the login page.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：310 | 回复：0
CVE漏洞

CVE-2022-31248

A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Mana ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：314 | 回复：0
CVE漏洞

CVE-2022-21952

An Uncontrolled Resource Consumption vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to D ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：311 | 回复：0
CVE漏洞

CVE-2022-23055

In ERPNext, versions v11.0.0-beta through v13.0.2 are vulnerable to Missing Authorization, in the chat rooms functionality. A low privileged attacker can send a direct message or a group message to an ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：268 | 回复：0
CVE漏洞

CVE-2022-23058

ERPNext in versions v12.0.9-v13.0.3 are affected by a stored XSS vulnerability that allows low privileged users to store malicious scripts in the ‘username’ field in ‘my settings’ which can lead t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：280 | 回复：0
CVE漏洞

CVE-2022-23057

In ERPNext, versions v12.0.9--v13.0.3 are vulnerable to Stored Cross-Site-Scripting (XSS), due to user input not being validated properly. A low privileged attacker could inject arbitrary code into in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：251 | 回复：0
CVE漏洞

CVE-2022-23056

In ERPNext, versions v13.0.0-beta.13 through v13.30.0 are vulnerable to Stored XSS at the Patient History page which allows a low privilege user to conduct an account takeover attack.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：246 | 回复：0
CVE漏洞

CVE-2017-20084

A vulnerability has been found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832 and classified as critical. Affected by this vulnerability is an unknown functionality of the component KNX Group Addre ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：264 | 回复：0
CVE漏洞

CVE-2017-20083

A vulnerability, which was classified as critical, was found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832. Affected is an unknown function of the component SSH Server. The manipulation leads to b ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：274 | 回复：0
CVE漏洞

CVE-2017-20082

A vulnerability, which was classified as problematic, has been found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832. This issue affects some unknown processing. The manipulation leads to backdoor. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：290 | 回复：0
CVE漏洞

CVE-2022-31095

discourse-chat is a chat plugin for the Discourse application. Versions prior to 0.4 are vulnerable to an exposure of sensitive information, where an attacker who knows the message ID for a channel th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：305 | 回复：0
CVE漏洞

CVE-2021-40511

OBDA systems’ Mastro 1.0 is vulnerable to XML Entity Expansion (aka “billion laughs”) attack allowing denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：223 | 回复：0
CVE漏洞

CVE-2021-40510

XML eXternal Entity (XXE) in OBDA systems’ Mastro 1.0 allows remote attackers to read system files via custom DTDs.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：227 | 回复：0
CVE漏洞

CVE-2021-36761

The GeoAnalytics feature in Qlik Sense April 2020 patch 4 allows SSRF.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：234 | 回复：0
CVE漏洞

CVE-2021-39006

IBM QRadar WinCollect Agent 10.0 and 10.0.1 could allow an attacker to obtain sensitive information due to missing best practices. IBM X-Force ID: 213549.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：280 | 回复：0
CVE漏洞

CVE-2022-34008

Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privilege escalation. To escalate privilege, a low-privileged attacker can use an NTFS directory junction to restore a malicious DLL from ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：258 | 回复：0
CVE漏洞

CVE-2022-33995

A path traversal issue in entry attachments in Devolutions Remote Desktop Manager before 2022.2 allows attackers to create or overwrite files in an arbitrary location.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：262 | 回复：0
CVE漏洞

CVE-2022-32974

An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：248 | 回复：0
CVE漏洞

CVE-2022-32973

An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：301 | 回复：0
CVE漏洞

CVE-2022-31786

IdeaLMS 2022 allows reflected Cross Site Scripting (XSS) via the IdeaLMS/Class/Assessment/ PATH_INFO.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：202 | 回复：0
CVE漏洞

CVE-2022-30874

There is a Cross Site Scripting Stored (XSS) vulnerability in NukeViet CMS before 4.5.02.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：258 | 回复：0
CVE漏洞

CVE-2022-2068

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command inje ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：513 | 回复：0
CVE漏洞

CVE-2022-27872

A maliciously crafted PDF file may be used to dereference a pointer for read or write operation while parsing PDF files in Autodesk Navisworks 2022. The vulnerability exists because the application fa ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：232 | 回复：0
CVE漏洞

CVE-2022-27871

Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulner ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：181 | 回复：0
CVE漏洞

CVE-2022-27870

A maliciously crafted TGA file in Autodesk AutoCAD 2023 may be used to write beyond the allocated buffer while parsing TGA file. This vulnerability may be exploited to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：176 | 回复：0
CVE漏洞

CVE-2022-27869

A maliciously crafted TIFF file in Autodesk AutoCAD 2023 can be forced to read and write beyond allocated boundaries when parsing the TIFF file. This vulnerability can be exploited to execute arbitrar ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：165 | 回复：0
CVE漏洞

CVE-2022-27868

A maliciously crafted CAT file in Autodesk AutoCAD 2023 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：180 | 回复：0
CVE漏洞

CVE-2022-27867

A maliciously crafted JT file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：174 | 回复：0
CVE漏洞

CVE-2022-26147

The Quectel RG502Q-EA modem before 2022-02-23 allow OS Command Injection.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：190 | 回复：0
CVE漏洞

CVE-2022-23171

AtlasVPN - Privilege Escalation Lack of proper security controls on named pipe messages can allow an attacker with low privileges to send a malicious payload and gain SYSTEM permissions on a windows c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：201 | 回复：0
CVE漏洞

CVE-2022-22979

In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the cachin ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：167 | 回复：0