漏洞 - 第252页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-32299

YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the id parameter at /App/Lib/Action/Admin/SiteAction.class.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：12 | 回复：0
CVE漏洞

CVE-2022-32158

Splunk Enterprise deployment servers in versions before 9.0 let clients deploy forwarder bundles to other deployment clients through the deployment server. An attacker that compromised a Universal For ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：14 | 回复：0
CVE漏洞

CVE-2022-32157

Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configur ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：15 | 回复：0
CVE漏洞

CVE-2022-32156

In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface (CLI) did not validate TLS certificates while connecting to a remote Splunk platform instance by def ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：15 | 回复：0
CVE漏洞

CVE-2022-32155

In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：15 | 回复：0
CVE漏洞

CVE-2022-32154

Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasse ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：15 | 回复：0
CVE漏洞

CVE-2022-32153

Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by defa ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：15 | 回复：0
CVE漏洞

CVE-2022-32152

Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by defa ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：16 | 回复：0
CVE漏洞

CVE-2022-32151

The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：16 | 回复：0
CVE漏洞

CVE-2022-32101

kkcms v1.3.7 was discovered to contain a SQL injection vulnerability via the cid parameter at /template/wapian/vlist.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：20 | 回复：0
CVE漏洞

CVE-2022-1342

A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. A caching issue can cause sensitive fields to sometimes stay revealed ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-42732

Access of Memory Location After End of Buffer (CWE-788)……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-40940

Monstra 3.0.4 does not filter the case of php, which leads to an unrestricted file upload vulnerability.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-40727

Access of Memory Location After End of Buffer (CWE-788……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-39820

Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：24 | 回复：0
CVE漏洞

CVE-2022-29453

Cross-Site Request Forgery (CSRF) vulnerability in API KEY for Google Maps plugin = 1.2.1 at WordPress leading to Google Maps API key update.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：29 | 回复：0
CVE漏洞

CVE-2022-29442

Authenticated (subscriber or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Messages For WordPress = 2.1.10 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：27 | 回复：0
CVE漏洞

CVE-2022-29441

Cross-Site Request Forgery (CSRF) vulnerability in Private Messages For WordPress plugin = 2.1.10 at WordPress allows attackers to send messages.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：33 | 回复：0
CVE漏洞

CVE-2022-29440

Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Promotion Slider plugin = 3.3.4 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：30 | 回复：0
CVE漏洞

CVE-2022-29439

Cross-Site Request Forgery (CSRF) vulnerability in Image Slider by NextCode plugin = 1.1.2 at WordPress allows deleting slides.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：23 | 回复：0
CVE漏洞

CVE-2022-29438

Authenticated (author or higher user role) Persistent Cross-Site Scripting (XSS) vulnerability in Image Slider by NextCode plugin = 1.1.2 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：25 | 回复：0
CVE漏洞

CVE-2022-29437

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Image Slider by NextCode plugin = 1.1.2 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：24 | 回复：0
CVE漏洞

CVE-2022-22444

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user to exploit a vulnerability in the lpd daemon to cause a denial of service. IBM X-Force ID: 224444.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-41672

PEEL Shopping CMS 9.4.0 is vulnerable to authenticated SQL injection in utilisateurs.php. A user that belongs to the administrator group can inject a malicious SQL query in order to affect the executi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-40910

There is a reflective cross-site scripting (XSS) vulnerability in the PHPCMS V9.6.3 management side.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：22 | 回复：0
CVE漏洞

CVE-2019-4575

IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.9 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：18 | 回复：0
CVE漏洞

CVE-2022-33140

The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operatin ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-33036

In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：23 | 回复：0
CVE漏洞

CVE-2022-29406

Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in DynamicWebLab's WordPress Team Manager plugin = 1.6.9 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：21 | 回复：0
CVE漏洞

CVE-2022-27859

Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark d.o.o. Travel Management plugin = 2.0 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：22 | 回复：0
CVE漏洞

CVE-2022-20233

In param_find_digests_internal and related functions of the Titan-M source, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege w ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：23 | 回复：0
CVE漏洞

CVE-2022-20210

The UE and the EMM communicate with each other using NAS messages. When a new NAS message arrives from the EMM, the modem parses it and fills in internal objects based on the received data. A bug in t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：26 | 回复：0
CVE漏洞

CVE-2022-20209

In hme_add_new_node_to_a_sorted_array of hme_utils.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional executio ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：29 | 回复：0
CVE漏洞

CVE-2022-20208

In parseRecursively of cppbor_parse.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges neede ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：34 | 回复：0
CVE漏洞

CVE-2022-20207

In static definitions of GattServiceConfig.java, there is a possible permission bypass due to an insecure default value. This could lead to local escalation of privilege with no additional execution p ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：31 | 回复：0
CVE漏洞

CVE-2022-20206

In setPackageOrComponentEnabled of NotificationManagerService.java, there is a missing permission check. This could lead to local information disclosure about enabled notification listeners with User ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：20 | 回复：0
CVE漏洞

CVE-2022-20205

In isFileUri of FileUtil.java, there is a possible way to bypass the check for a file:// scheme due to improper input validation. This could lead to local information disclosure with no additional exe ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：17 | 回复：0
CVE漏洞

CVE-2022-20204

In registerRemoteBugreportReceivers of DevicePolicyManagerService.java, there is a possible reporting of falsified bug reports due to a missing permission check. This could lead to local escalation of ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：19 | 回复：0
CVE漏洞

CVE-2022-20202

In ih264_resi_trans_quant_4x4_sse42 of ih264_resi_trans_quant_sse42.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no ad ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：17 | 回复：0
CVE漏洞

CVE-2022-20201

In getAppSize of InstalldNativeService.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges need ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：18 | 回复：0