漏洞 - 第69页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-1963

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. Git ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：835 | 回复：0
CVE漏洞

CVE-2022-2281

An information disclosure vulnerability in GitLab EE affecting all versions from 12.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows disclosure of release titles if group mil ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：800 | 回复：0
CVE漏洞

CVE-2022-2254

A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 can store a script that could impact other logged in users.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：590 | 回复：0
CVE漏洞

CVE-2022-2250

An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary l ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：862 | 回复：0
CVE漏洞

CVE-2022-2244

An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows project memebers with reporter role to ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：927 | 回复：0
CVE漏洞

CVE-2022-2243

An access control vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows authenticated users to enumerate issues in non ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：836 | 回复：0
CVE漏洞

CVE-2022-2235

Insufficient sanitization in GitLab EE's external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to perform cros ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：845 | 回复：0
CVE漏洞

CVE-2022-2230

A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an at ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：527 | 回复：0
CVE漏洞

CVE-2022-2227

Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer of a project with a ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：517 | 回复：0
CVE漏洞

CVE-2022-2185

A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where it was possible for an unauthorised user ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：520 | 回复：0
CVE漏洞

CVE-2022-1983

Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allowed an attacker already in possession of a valid Deploy Key ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：502 | 回复：0
CVE漏洞

CVE-2022-2253

A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 may send OS commands to execute on the host server.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：606 | 回复：0
CVE漏洞

CVE-2014-3650

Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content. A remote attacker could use these flaws to compromise the application with sp ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：746 | 回复：0
CVE漏洞

CVE-2014-3648

The simplepush server iterates through the application installations and pushes a notification to the server provided by deviceToken. But this is user controlled. If a bogus applications is registered ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：716 | 回复：0
CVE漏洞

CVE-2022-2282

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent acciden ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：424 | 回复：0
CVE漏洞

CVE-2022-33103

Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir().……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：738 | 回复：0
CVE漏洞

CVE-2022-33099

An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：517 | 回复：0
CVE漏洞

CVE-2022-2264

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：712 | 回复：0
CVE漏洞

CVE-2022-34894

In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services……

作者：菜鸟教程小白 | 时间：2022-7-8 08:03 | 阅读：323 | 回复：0
CVE漏洞

CVE-2022-2280

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:03 | 阅读：365 | 回复：0
CVE漏洞

CVE-2022-2279

NULL Pointer Dereference in GitHub repository bfabiszewski/libmobi prior to 0.11.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:03 | 阅读：429 | 回复：0
CVE漏洞

CVE-2022-2274

The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:03 | 阅读：610 | 回复：0
CVE漏洞

CVE-2022-34894

In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services……

作者：菜鸟教程小白 | 时间：2022-7-8 08:03 | 阅读：675 | 回复：0
CVE漏洞

CVE-2022-2280

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:03 | 阅读：537 | 回复：0
CVE漏洞

CVE-2022-2279

NULL Pointer Dereference in GitHub repository bfabiszewski/libmobi prior to 0.11.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:03 | 阅读：772 | 回复：0
CVE漏洞

CVE-2022-2274

The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:03 | 阅读：708 | 回复：0
CVE漏洞

CVE-2022-32988

Cross Site Scripting (XSS) vulnerability in router Asus DSL-N14U-B1 1.1.2.3_805 via the *list parameters (e.g. filter_lwlist, keyword_rulelist, etc) in every .asp page containing a list of stored stri ...……

作者：菜鸟教程小白 | 时间：2022-7-7 09:16 | 阅读：601 | 回复：0
CVE漏洞

CVE-2022-32295

On Ampere Altra and AltraMax devices before SRP 1.09, the the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component.……

作者：菜鸟教程小白 | 时间：2022-7-7 09:16 | 阅读：561 | 回复：0
CVE漏洞

CVE-2022-27904

The Automox Agent installation package before 37 on macOS allows an unprivileged user to obtain root access because of incorrect access control on a file used within the PostInstall script.……

作者：菜鸟教程小白 | 时间：2022-7-7 09:16 | 阅读：566 | 回复：0
CVE漏洞

CVE-2021-32428

SQL Injection vulnerability in viaviwebtech Android EBook App (Books App, PDF, ePub, Online Book Reading, Download Books) 10 via the author_id parameter to api.php.……

作者：菜鸟教程小白 | 时间：2022-7-7 09:16 | 阅读：540 | 回复：0
CVE漏洞

CVE-2022-33087

A stack overflow in the function DM_ In fillobjbystr() of TP-Link Archer C50A5(US)_V5_200407 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.……

作者：菜鸟教程小白 | 时间：2022-7-7 09:16 | 阅读：514 | 回复：0
CVE漏洞

CVE-2022-33085

ESPCMS P8 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the fetch_filename function at \espcms_public\espcms_templates\ESPCMS_Templates.……

作者：菜鸟教程小白 | 时间：2022-7-7 09:16 | 阅读：570 | 回复：0
CVE漏洞

CVE-2022-33082

An issue in the AST parser (ast/compile.go) of Open Policy Agent v0.10.2 allows attackers to cause a Denial of Service (DoS) via a crafted input.……

作者：菜鸟教程小白 | 时间：2022-7-7 09:16 | 阅读：547 | 回复：0
CVE漏洞

CVE-2022-31115

opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ruby `YAML.load` function was used instead of `YAML.safe_load`. As a result opensearch-rub ...……

作者：菜鸟教程小白 | 时间：2022-7-7 09:16 | 阅读：524 | 回复：0
CVE漏洞

CVE-2022-2257

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.……

作者：菜鸟教程小白 | 时间：2022-7-7 09:15 | 阅读：557 | 回复：0
CVE漏洞

CVE-2014-0156

Awesome spawn contains OS command injection vulnerability, which allows execution of additional commands passed to Awesome spawn as arguments. If untrusted input was included in command arguments, att ...……

作者：菜鸟教程小白 | 时间：2022-7-7 09:15 | 阅读：510 | 回复：0
CVE漏洞

CVE-2014-0068

It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log/watchman.ouput with world writable permission.……

作者：菜鸟教程小白 | 时间：2022-7-7 09:15 | 阅读：508 | 回复：0
CVE漏洞

CVE-2013-7253

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-7 09:15 | 阅读：516 | 回复：0
CVE漏洞

CVE-2013-6498

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-7 09:15 | 阅读：465 | 回复：0
CVE漏洞

CVE-2013-6471

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-7 09:15 | 阅读：495 | 回复：0