漏洞 - 第62页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-25046

A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows attackers to execute arbitrary code via a crafted POST request.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：597 | 回复：0
CVE漏洞

CVE-2022-32567

The Appfire Jira Misc Custom Fields (JMCF) app 2.4.6 for Atlassian Jira allows XSS via a crafted project name to the Add Auto Indexing Rule function.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：790 | 回复：0
CVE漏洞

CVE-2022-2342

Cross-site Scripting (XSS) - Stored in GitHub repository outline/outline prior to v0.64.4.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：807 | 回复：0
CVE漏洞

CVE-2022-2339

With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the server and read it's contents. This attack can lead to leak of sensitive information.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：711 | 回复：0
CVE漏洞

CVE-2022-27549

HCL Launch may store certain data for recurring activities in a plain text format.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：585 | 回复：0
CVE漏洞

CVE-2022-27548

HCL Launch stores user credentials in plain clear text which can be read by a local user.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：544 | 回复：0
CVE漏洞

CVE-2022-20862

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could al ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：973 | 回复：0
CVE漏洞

CVE-2022-20859

A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM amp; Presence Service (Unified CM IMamp;P), and Cisco U ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：955 | 回复：0
CVE漏洞

CVE-2022-20815

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communicatio ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：1250 | 回复：0
CVE漏洞

CVE-2022-20813

Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwr ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：496 | 回复：0
CVE漏洞

CVE-2022-20812

Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwr ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：577 | 回复：0
CVE漏洞

CVE-2022-20808

A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerabili ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：529 | 回复：0
CVE漏洞

CVE-2022-20800

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unif ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：615 | 回复：0
CVE漏洞

CVE-2022-20791

A vulnerability in the database user privileges of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unifie ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：954 | 回复：0
CVE漏洞

CVE-2022-20768

A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：672 | 回复：0
CVE漏洞

CVE-2022-20752

A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauth ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：640 | 回复：0
CVE漏洞

CVE-2021-4234

OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting i ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：859 | 回复：0
CVE漏洞

CVE-2015-3173

custom-content-type-manager Wordpress plugin can be used by an administrator to achieve arbitrary PHP remote code execution.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：728 | 回复：0
CVE漏洞

CVE-2015-3172

EidoGo is susceptible to Cross-Site Scripting (XSS) attacks via maliciously crafted SGF input.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：521 | 回复：0
CVE漏洞

CVE-2014-8164

A insecure configuration for certificate verification (http.verify_mode = OpenSSL::SSL::VERIFY_NONE) may lead to verification bypass in Red Hat CloudForms 5.x.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：838 | 回复：0
CVE漏洞

CVE-2022-33047

OTFCC v0.10.4 was discovered to contain a heap buffer overflow after free via otfccbuild.c.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：512 | 回复：0
CVE漏洞

CVE-2022-2318

There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：664 | 回复：0
CVE漏洞

CVE-2022-2316

HTML injection vulnerability in secure messages of Devolutions Server before 2022.2 allows attackers to alter the rendering of the page or redirect a user to another site.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：1262 | 回复：0
CVE漏洞

CVE-2022-31131

Nextcloud mail is a Mail app for the Nextcloud home server product. Versions of Nextcloud mail prior to 1.12.2 were found to be missing user account ownership checks when performing tasks related to m ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：541 | 回复：0
CVE漏洞

CVE-2022-31129

moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using stri ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：615 | 回复：0
CVE漏洞

CVE-2022-31127

NextAuth.js is a complete open source authentication solution for Next.js applications. An attacker can pass a compromised input to the e-mail (https://next-auth.js.org/getting-started/rest-api#post-a ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：515 | 回复：0
CVE漏洞

CVE-2022-31126

Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to code execution by sending a ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：549 | 回复：0
CVE漏洞

CVE-2022-31125

Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to bypass authentication and ac ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：512 | 回复：0
CVE漏洞

CVE-2022-31124

openssh_key_parser is an open source Python package providing utilities to parse and pack OpenSSH private and public key files. In versions prior to 0.0.6 if a field of a key is shorter than it is dec ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：943 | 回复：0
CVE漏洞

CVE-2022-31111

Frontier is Substrate's Ethereum compatibility layer. In affected versions the truncation done when converting between EVM balance type and Substrate balance type was incorrectly implemented. This ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：531 | 回复：0
CVE漏洞

CVE-2022-34598

The udpserver in H3C Magic R100 V200R004 and V100R005 has the 9034 port opened, allowing attackers to execute arbitrary commands.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：570 | 回复：0
CVE漏洞

CVE-2022-34597

Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability via the function WanParameterSetting.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：599 | 回复：0
CVE漏洞

CVE-2022-34596

Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function WanParameterSetting.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：756 | 回复：0
CVE漏洞

CVE-2022-34595

Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function setipv6status.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：521 | 回复：0
CVE漏洞

CVE-2022-26348

Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk, an ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：633 | 回复：0
CVE漏洞

CVE-2022-26078

Gallagher Controller 6000 is vulnerable to a Denial of Service attack via conflicting ARP packets with a duplicate IP address. This issue affects: Gallagher Gallagher Controller 6000 vCR8.60 versions ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：609 | 回复：0
CVE漏洞

CVE-2022-33738

OpenVPN Access Server before 2.11 uses a weak random generator used to create user session token for the web portal……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：664 | 回复：0
CVE漏洞

CVE-2022-33737

The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：688 | 回复：0
CVE漏洞

CVE-2021-3697

A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some tri ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：689 | 回复：0
CVE漏洞

CVE-2021-3696

A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：474 | 回复：0