漏洞 - 第74页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-25238

Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not install ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:53 | 阅读：93 | 回复：0
CVE漏洞

CVE-2022-24444

Silverstripe silverstripe/framework through 4.10 allows Session Fixation.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:53 | 阅读：94 | 回复：0
CVE漏洞

CVE-2021-41559

Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:53 | 阅读：102 | 回复：0
CVE漏洞

CVE-2020-19897

A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:53 | 阅读：102 | 回复：0
CVE漏洞

CVE-2020-19896

File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:53 | 阅读：105 | 回复：0
CVE漏洞

CVE-2022-31886

Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery (CSRF). An attacker can disable the 2FA by sending the user a malicious form.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:53 | 阅读：92 | 回复：0
CVE漏洞

CVE-2022-31885

Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to the insecure handling of VBScripts.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:52 | 阅读：106 | 回复：0
CVE漏洞

CVE-2022-31883

Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:52 | 阅读：136 | 回复：0
CVE漏洞

CVE-2022-2246

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent acciden ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:52 | 阅读：131 | 回复：0
CVE漏洞

CVE-2022-2231

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:52 | 阅读：187 | 回复：0
CVE漏洞

CVE-2021-3435

Information leakage in le_ecred_conn_req(). Zephyr versions = v2.4.0 Use of Uninitialized Resource (CWE-908). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:52 | 阅读：134 | 回复：0
CVE漏洞

CVE-2021-3434

Stack based buffer overflow in le_ecred_conn_req(). Zephyr versions = v2.5.0 Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advi ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:52 | 阅读：110 | 回复：0
CVE漏洞

CVE-2021-3433

Invalid channel map in CONNECT_IND results to Deadlock. Zephyr versions = v2.5.0 Improper Check or Handling of Exceptional Conditions (CWE-703). For more information, see https://github.com/zephyrproj ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:52 | 阅读：96 | 回复：0
CVE漏洞

CVE-2021-3432

Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr versions = v1.14.0 Divide By Zero (CWE-369). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisorie ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:51 | 阅读：89 | 回复：0
CVE漏洞

CVE-2021-3431

Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions = v2.5.0 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/adviso ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:51 | 阅读：92 | 回复：0
CVE漏洞

CVE-2021-3430

Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr versions = v1.14 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/securit ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:51 | 阅读：84 | 回复：0
CVE漏洞

CVE-2022-31230

Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full sys ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:51 | 阅读：81 | 回复：0
CVE漏洞

CVE-2022-31229

Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive inf ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:51 | 阅读：73 | 回复：0
CVE漏洞

CVE-2022-31108

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary ` ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:51 | 阅读：82 | 回复：0
CVE漏洞

CVE-2022-31106

Underscore.deep is a collection of Underscore mixins that operate on nested objects. Versions of `underscore.deep` prior to version 0.5.3 are vulnerable to a prototype pollution vulnerability. An atta ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:51 | 阅读：74 | 回复：0
CVE漏洞

CVE-2022-31068

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all GLPI instances with the native inv ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:50 | 阅读：75 | 回复：0
CVE漏洞

CVE-2022-31061

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions there is a SQL injection vulnerability ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:50 | 阅读：76 | 回复：0
CVE漏洞

CVE-2022-31056

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all assistance forms (Ticket/Change/Pr ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:50 | 阅读：77 | 回复：0
CVE漏洞

CVE-2022-2145

Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from its ProgramData folder. During installation of the WARP client, it was possible to escalate privileges ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:50 | 阅读：75 | 回复：0
CVE漏洞

CVE-2022-28621

A remote disclosure of sensitive information vulnerability was discovered in HPE NonStop DSM/SCM version: T6031H03^ADP. HPE has provided a software update to resolve this vulnerability in HPE NonStop ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:50 | 阅读：69 | 回复：0
CVE漏洞

CVE-2022-33108

XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:50 | 阅读：72 | 回复：0
CVE漏洞

CVE-2022-31052

Synapse is an open source home server implementation for the Matrix chat network. In versions prior to 1.61.1 URL previews of some web pages can exhaust the available stack space for the Synapse proce ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:50 | 阅读：73 | 回复：0
CVE漏洞

CVE-2022-0987

A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and kn ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:49 | 阅读：77 | 回复：0
CVE漏洞

CVE-2021-40553

piwigo 11.5.0 is affected by a remote code execution (RCE) vulnerability in the LocalFiles Editor.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:49 | 阅读：68 | 回复：0
CVE漏洞

CVE-2021-3779

A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 a ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:49 | 阅读：63 | 回复：0
CVE漏洞

CVE-2022-0085

Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:49 | 阅读：70 | 回复：0
CVE漏洞

CVE-2022-30563

When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user's login packet.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:49 | 阅读：66 | 回复：0
CVE漏洞

CVE-2022-30562

If the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:49 | 阅读：71 | 回复：0
CVE漏洞

CVE-2022-30561

When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user's login packet.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:49 | 阅读：52 | 回复：0
CVE漏洞

CVE-2022-30560

When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:49 | 阅读：69 | 回复：0
CVE漏洞

CVE-2022-23763

Origin validation error vulnerability in NeoRS’s ActiveX moudle allows attackers to download and execute arbitrary files. Remote attackers can use this vulerability to encourage users to access craft ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:48 | 阅读：67 | 回复：0
CVE漏洞

CVE-2022-34750

An issue was discovered in MediaWiki through 1.38.1. The lemma length of a Wikibase lexeme is currently capped at a thousand characters. Unfortunately, this length is not validated, allowing much larg ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:48 | 阅读：76 | 回复：0
CVE漏洞

CVE-2022-30997

Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change configuratio ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:48 | 阅读：73 | 回复：0
CVE漏洞

CVE-2022-30707

Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:48 | 阅读：64 | 回复：0
CVE漏洞

CVE-2022-29519

Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4.31, which may allow an adjacent attacker to login the affected products an ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:48 | 阅读：61 | 回复：0