漏洞 - 第64页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-37839

Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：493 | 回复：0
CVE漏洞

CVE-2021-31679

An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that allows attackers to delete admin and other members' account numbers.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：662 | 回复：0
CVE漏洞

CVE-2021-31678

An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can delete import information about a user's company.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：637 | 回复：0
CVE漏洞

CVE-2021-31677

An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can modify admin and other members' passwords.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：1188 | 回复：0
CVE漏洞

CVE-2021-31676

A reflected XSS was discovered in PESCMS-V2.3.3. When combined with CSRF in the same file, they can cause bigger destruction.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：842 | 回复：0
CVE漏洞

CVE-2022-32386

Tenda AC23 v16.03.07.44 was discovered to contain a buffer overflow via fromAdvSetMacMtuWan.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：724 | 回复：0
CVE漏洞

CVE-2022-32385

Tenda AC23 v16.03.07.44 is vulnerable to Stack Overflow that will allow for the execution of arbitrary code (remote).……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：657 | 回复：0
CVE漏洞

CVE-2022-32383

Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via the AdvSetMacMtuWan function.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：456 | 回复：0
CVE漏洞

CVE-2022-32290

The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. It listens on a random, unprivileged TCP port and exposes an HTTP proxy to facilitate API calls from additional ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：689 | 回复：0
CVE漏洞

CVE-2022-30591

** DISPUTED ** quic-go through 0.27.0 allows remote attackers to cause a denial of service (CPU consumption) via a Slowloris variant in which incomplete QUIC or HTTP/3 requests are sent. This occurs b ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：1430 | 回复：0
CVE漏洞

CVE-2022-35230

An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the v ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：717 | 回复：0
CVE漏洞

CVE-2022-35229

An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users. The payload can be executed only with a known CSRF token value of th ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：471 | 回复：0
CVE漏洞

CVE-2022-32533

** UNSUPPORTED WHEN ASSIGNED ** Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configurati ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：449 | 回复：0
CVE漏洞

CVE-2021-46687

JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API. This issue affects: JFrog JFrog Artifactory JFrog Artifactor ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：556 | 回复：0
CVE漏洞

CVE-2021-45721

JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting (XSS) through one of the XHR parameters in Users REST API endpoint. This issue affects: JFrog JFro ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：1023 | 回复：0
CVE漏洞

CVE-2021-23163

JFrog Artifactory prior to version 7.33.6 and 6.23.38, is vulnerable to CSRF ( Cross-Site Request Forgery) for specific endpoints. This issue affects: JFrog JFrog Artifactory JFrog Artifactory version ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：520 | 回复：0
CVE漏洞

CVE-2022-22681

Session fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allows remote attackers to bypass security constraint via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：879 | 回复：0
CVE漏洞

CVE-2022-34972

So Filter Shop v3.x was discovered to contain multiple blind SQL injection vulnerabilities via the att_value_id , manu_value_id , opt_value_id , and subcate_value_id parameters at /index.php?route=ext ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：752 | 回复：0
CVE漏洞

CVE-2022-32413

An arbitrary file upload vulnerability in Dice v4.2.0 allows attackers to execute arbitrary code via a crafted file.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：665 | 回复：0
CVE漏洞

CVE-2022-32311

Ingredient Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /isms/admin/stocks/view_stock.php.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：787 | 回复：0
CVE漏洞

CVE-2022-32310

An access control issue in Ingredient Stock Management System v1.0 allows attackers to take over user accounts via a crafted POST request to /isms/classes/Users.php.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：683 | 回复：0
CVE漏洞

CVE-2022-31856

Newsletter Module v3.x was discovered to contain a SQL injection vulnerability via the zemez_newsletter_email parameter at /index.php.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：1128 | 回复：0
CVE漏洞

CVE-2022-2321

Improper Restriction of Excessive Authentication Attempts in GitHub repository heroiclabs/nakama prior to 3.13.0. This results in login brute-force attacks.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：1156 | 回复：0
CVE漏洞

CVE-2022-33075

A stored cross-site scripting (XSS) vulnerability in the Add Classification function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：689 | 回复：0
CVE漏洞

CVE-2022-31117

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause th ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：451 | 回复：0
CVE漏洞

CVE-2022-31116

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped su ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：543 | 回复：0
CVE漏洞

CVE-2022-31014

Nextcloud server is an open source personal cloud server. Affected versions were found to be vulnerable to SMTP command injection. The impact varies based on which commands are supported by the backen ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：573 | 回复：0
CVE漏洞

CVE-2021-44915

Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：445 | 回复：0
CVE漏洞

CVE-2022-34879

Reflected Cross Site Scripting (XSS) vulnerabilities in AST Agent Time Sheet interface (/vicidial/AST_agent_time_sheet.php) of VICIdial via agent, and search_archived_data parameters. This issue affec ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：661 | 回复：0
CVE漏洞

CVE-2022-34878

SQL Injection vulnerability in User Stats interface (/vicidial/user_stats.php) of VICIdial via the file_download parameter allows attacker to spoof identity, tamper with existing data, allow the compl ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：493 | 回复：0
CVE漏洞

CVE-2022-34877

SQL Injection vulnerability in AST Agent Time Sheet interface ((/vicidial/AST_agent_time_sheet.php) of VICIdial via the agent parameter allows attacker to spoof identity, tamper with existing data, al ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：583 | 回复：0
CVE漏洞

CVE-2022-34876

SQL Injection vulnerability in admin interface (/vicidial/admin.php) of VICIdial via modify_email_accounts, access_recordings, and agentcall_email parameters allows attacker to spoof identity, tamper ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：452 | 回复：0
CVE漏洞

CVE-2022-31770

IBM App Connect Enterprise Certified Container 4.2 could allow a user from the administration console to cause a denial of service by creating a specially crafted request. IBM X-Force ID: 228221.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：497 | 回复：0
CVE漏洞

CVE-2022-31836

The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：533 | 回复：0
CVE漏洞

CVE-2021-43116

An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malic ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：797 | 回复：0
CVE漏洞

CVE-2022-33744

Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely w ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：526 | 回复：0
CVE漏洞

CVE-2022-33743

network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retaine ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：538 | 回复：0
CVE漏洞

CVE-2022-33742

Linux disk/nic frontends data leaks T Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：492 | 回复：0
CVE漏洞

CVE-2022-33741

Linux disk/nic frontends data leaks T Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：609 | 回复：0
CVE漏洞

CVE-2022-33740

Linux disk/nic frontends data leaks T Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：2034 | 回复：0