漏洞 - 第65页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-30290

In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the identified vulnerability in order to arbitrarily change their reg ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：1167 | 回复：0
CVE漏洞

CVE-2022-2304

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：657 | 回复：0
CVE漏洞

CVE-2022-26365

Linux disk/nic frontends data leaks T Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：461 | 回复：0
CVE漏洞

CVE-2022-30289

A stored Cross-site Scripting (XSS) vulnerability was identified in the Data Import functionality of OpenCTI through 5.2.4. An attacker can abuse the vulnerability to upload a malicious file that will ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：627 | 回复：0
CVE漏洞

CVE-2021-43702

ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the rou ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：819 | 回复：0
CVE漏洞

CVE-2022-2097

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data tha ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：548 | 回复：0
CVE漏洞

CVE-2022-2309

NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlie ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：566 | 回复：0
CVE漏洞

CVE-2022-2306

Old session tokens can be used to authenticate to the application and send authenticated requests.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：632 | 回复：0
CVE漏洞

CVE-2022-34918

An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a differe ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：1234 | 回复：0
CVE漏洞

CVE-2022-34829

Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of service (application restart) via a crafted payload to the Mobile App Deployment API.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：1022 | 回复：0
CVE漏洞

CVE-2022-31603

NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with high privileges and preconditioned IpSecDxe global data can exploit improper validation of an array index to cause ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：595 | 回复：0
CVE漏洞

CVE-2022-31602

NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with elevated privileges and a preconditioned heap can exploit an out-of-bounds write vulnerability, which may lead to c ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：906 | 回复：0
CVE漏洞

CVE-2022-31601

NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmbiosPei, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of serv ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：962 | 回复：0
CVE漏洞

CVE-2022-31600

NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmmCore, where a user with high privileges can chain another vulnerability to this vulnerability, causing an integer overflow, possibly leading ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：723 | 回复：0
CVE漏洞

CVE-2022-31599

NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated privileges can cause access to an uninitialized pointer, which may lead to code execution, escalation of ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：569 | 回复：0
CVE漏洞

CVE-2022-34265

An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name valu ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：1246 | 回复：0
CVE漏洞

CVE-2022-33171

** DISPUTED ** The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplyi ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：584 | 回复：0
CVE漏洞

CVE-2022-2268

The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：923 | 回复：0
CVE漏洞

CVE-2022-1967

The WP Championship WordPress plugin before 9.3 is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary tea ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：478 | 回复：0
CVE漏洞

CVE-2022-1946

The Gallery WordPress plugin before 2.0.0 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated user ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：482 | 回复：0
CVE漏洞

CVE-2022-1301

The WP Contact Slider WordPress plugin before 2.4.7 does not sanitize and escape the Text to Display settings of sliders, which could allow high privileged users such as editor and above to perform Cr ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：533 | 回复：0
CVE漏洞

CVE-2022-0250

The Redirection for Contact Form 7 WordPress plugin before 2.5.0 does not escape a link generated before outputting it in an attribute, leading to a Reflected Cross-Site Scripting……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：539 | 回复：0
CVE漏洞

CVE-2021-25066

The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitize and escape some imported data, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilte ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：901 | 回复：0
CVE漏洞

CVE-2021-25056

The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitise and escape field labels, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_ht ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：505 | 回复：0
CVE漏洞

CVE-2022-2301

Buffer Over-read in GitHub repository hpjansson/chafa prior to 1.10.3.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：629 | 回复：0
CVE漏洞

CVE-2022-2300

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：538 | 回复：0
CVE漏洞

CVE-2022-29892

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：846 | 回复：0
CVE漏洞

CVE-2022-29513

Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：512 | 回复：0
CVE漏洞

CVE-2022-29484

Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：724 | 回复：0
CVE漏洞

CVE-2022-29471

Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：534 | 回复：0
CVE漏洞

CVE-2022-29467

Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：470 | 回复：0
CVE漏洞

CVE-2022-28718

Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：475 | 回复：0
CVE漏洞

CVE-2022-28713

Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：776 | 回复：0
CVE漏洞

CVE-2022-28692

Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Scheduler.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：625 | 回复：0
CVE漏洞

CVE-2022-27807

Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：929 | 回复：0
CVE漏洞

CVE-2022-27803

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：535 | 回复：0
CVE漏洞

CVE-2022-27661

Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：559 | 回复：0
CVE漏洞

CVE-2022-27627

Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user's web browser. ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：562 | 回复：0
CVE漏洞

CVE-2022-26368

Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter and/or obtain the data of Cabinet.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：590 | 回复：0
CVE漏洞

CVE-2022-26054

Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Link.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：529 | 回复：0