漏洞 - 第51页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-31514

The Caoyongqi912/Fan_Platform repository through 2021-04-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:11 | 阅读：868 | 回复：0
CVE漏洞

CVE-2022-31513

The BolunHan/Krypton repository through 2021-06-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:11 | 阅读：665 | 回复：0
CVE漏洞

CVE-2022-31512

The Atom02/flask-mvc repository through 2020-09-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:11 | 阅读：883 | 回复：0
CVE漏洞

CVE-2022-31511

The AFDudley/equanimity repository through 2014-04-23 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:11 | 阅读：542 | 回复：0
CVE漏洞

CVE-2022-31510

The sergeKashkin/Simple-RAT repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:11 | 阅读：566 | 回复：0
CVE漏洞

CVE-2022-31509

The iedadata/usap-dc-website repository through 1.0.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:11 | 阅读：487 | 回复：0
CVE漏洞

CVE-2022-31508

The idayrus/evoting repository before 2022-05-08 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:11 | 阅读：519 | 回复：0
CVE漏洞

CVE-2022-31507

The ganga-devs/ganga repository before 8.5.10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:11 | 阅读：600 | 回复：0
CVE漏洞

CVE-2022-31506

The cmusatyalab/opendiamond repository through 10.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:11 | 阅读：510 | 回复：0
CVE漏洞

CVE-2022-31505

The cheo0/MercadoEnLineaBack repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:11 | 阅读：635 | 回复：0
CVE漏洞

CVE-2022-31504

The ChangeWeDer/BaiduWenkuSpider_flaskWeb repository before 2021-11-29 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:11 | 阅读：643 | 回复：0
CVE漏洞

CVE-2022-31503

The orchest/orchest repository before 2022.05.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:11 | 阅读：1238 | 回复：0
CVE漏洞

CVE-2022-31502

The operatorequals/wormnest repository through 0.4.7 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:11 | 阅读：758 | 回复：0
CVE漏洞

CVE-2022-31501

The ChaoticOnyx/OnyxForum repository before 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:11 | 阅读：564 | 回复：0
CVE漏洞

CVE-2022-31472

Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to obtain the data of Cabinet.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:11 | 阅读：538 | 回复：0
CVE漏洞

CVE-2022-30943

Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data of Bulletin.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:11 | 阅读：655 | 回复：0
CVE漏洞

CVE-2022-30602

Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:11 | 阅读：780 | 回复：0
CVE漏洞

CVE-2022-29512

Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data without the viewing ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:11 | 阅读：464 | 回复：0
CVE漏洞

CVE-2022-27168

Cross-site scripting vulnerability in LiteCart versions prior to 2.4.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:11 | 阅读：578 | 回复：0
CVE漏洞

CVE-2022-2365

Cross-site Scripting (XSS) - Stored in GitHub repository zadam/trilium prior to 0.53.3.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:11 | 阅读：618 | 回复：0
CVE漏洞

CVE-2022-27910

In Joomla component 'Joomlatools - DOCman 3.5.13 (and likely most versions below)' are affected to an reflected Cross-Site Scripting (XSS) in an image upload function……

作者：菜鸟教程小白 | 时间：2022-7-29 17:11 | 阅读：732 | 回复：0
CVE漏洞

CVE-2022-2353

Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:11 | 阅读：738 | 回复：0
CVE漏洞

CVE-2022-2345

Use After Free in GitHub repository vim/vim prior to 9.0.0046.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:11 | 阅读：586 | 回复：0
CVE漏洞

CVE-2022-35412

Digital Guardian Agent 7.7.4.0042 allows an administrator (who ordinarily does not have a supported way to uninstall the product) to disable some of the agent functionality and then exfiltrate files t ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:11 | 阅读：652 | 回复：0
CVE漏洞

CVE-2022-31137

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remote ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:11 | 阅读：737 | 回复：0
CVE漏洞

CVE-2022-35411

rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the serializer: pickle HTTP header is sent. In other words, although JSON (not Pickle) is the default data format, an ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:11 | 阅读：627 | 回复：0
CVE漏洞

CVE-2022-34914

Webswing before 22.1.3 allows X-Forwarded-For header injection. The client IP address is associated with a variable in the configuration page. The {clientIp} variable can be used as an application sta ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:11 | 阅读：700 | 回复：0
CVE漏洞

CVE-2022-2344

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:11 | 阅读：608 | 回复：0
CVE漏洞

CVE-2022-35410

mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ directory traversal during the ZIP archive cleaning process. This primarily affects mat2 web instances, in which clients could obtain ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:11 | 阅读：865 | 回复：0
CVE漏洞

CVE-2022-2343

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:11 | 阅读：588 | 回复：0
CVE漏洞

CVE-2022-22476

IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request. IBM X-Force ID: 2256 ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:11 | 阅读：549 | 回复：0
CVE漏洞

CVE-2022-22465

IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 could allow a local user to obtain elevated privileges due to improper access permissions. IBM X-Force ID: 225082.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:11 | 阅读：512 | 回复：0
CVE漏洞

CVE-2022-22464

IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:11 | 阅读：657 | 回复：0
CVE漏洞

CVE-2022-22463

IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the at ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:11 | 阅读：581 | 回复：0
CVE漏洞

CVE-2022-22370

IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus alter ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:11 | 阅读：849 | 回复：0
CVE漏洞

CVE-2015-8819

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:11 | 阅读：593 | 回复：0
CVE漏洞

CVE-2015-7800

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:11 | 阅读：664 | 回复：0
CVE漏洞

CVE-2015-5597

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:11 | 阅读：713 | 回复：0
CVE漏洞

CVE-2015-5596

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:11 | 阅读：825 | 回复：0
CVE漏洞

CVE-2015-5328

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:11 | 阅读：568 | 回复：0