漏洞 - 第75页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-23896

Admidio 4.1.2 version is affected by stored cross-site scripting (XSS).……

作者：菜鸟教程小白 | 时间：2022-7-7 08:48 | 阅读：71 | 回复：0
CVE漏洞

CVE-2021-41690

DCMTK through 3.6.6 does not handle memory free properly. The malloced memory for storing all file information are recorded in a global variable LST and are not freed properly. Sending specific reques ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:48 | 阅读：75 | 回复：0
CVE漏洞

CVE-2021-41689

DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:48 | 阅读：54 | 回复：0
CVE漏洞

CVE-2021-41688

DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in other locations. Sending specific requests to the dcmqrdb program will incu ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:47 | 阅读：64 | 回复：0
CVE漏洞

CVE-2021-41687

DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb progra ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:47 | 阅读：58 | 回复：0
CVE漏洞

CVE-2021-41460

ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:47 | 阅读：58 | 回复：0
CVE漏洞

CVE-2021-40944

In GPAC MP4Box 1.1.0, there is a Null pointer reference in the function gf_filter_pid_get_packet function in src/filter_core/filter_pid.c:5394, as demonstrated by GPAC. This can cause a denial of serv ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:47 | 阅读：51 | 回复：0
CVE漏洞

CVE-2021-40943

In Bento4 1.6.0-638, there is a null pointer reference in the function AP4_DescriptorListInspector::Action function in Ap4Descriptor.h:124 , as demonstrated by GPAC. This can cause a denial of service ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:47 | 阅读：51 | 回复：0
CVE漏洞

CVE-2021-40609

The GetHintFormat function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:47 | 阅读：54 | 回复：0
CVE漏洞

CVE-2021-40608

The gf_hinter_track_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:47 | 阅读：53 | 回复：0
CVE漏洞

CVE-2021-40607

The schm_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:47 | 阅读：48 | 回复：0
CVE漏洞

CVE-2021-40606

The gf_bs_write_data function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:46 | 阅读：48 | 回复：0
CVE漏洞

CVE-2022-0624

Authorization Bypass Through User-Controlled Key in GitHub repository ionicabizau/parse-path prior to 5.0.0.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:46 | 阅读：48 | 回复：0
CVE漏洞

CVE-2017-20107

A vulnerability, which was classified as problematic, was found in ShadeYouVPN.com Client 2.0.1.11. Affected is an unknown function. The manipulation leads to improper privilege management. Local acce ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:46 | 阅读：49 | 回复：0
CVE漏洞

CVE-2017-20106

A vulnerability, which was classified as critical, has been found in Lithium Forum 2017 Q1. This issue affects some unknown processing of the component Compose Message Handler. The manipulation of the ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:46 | 阅读：50 | 回复：0
CVE漏洞

CVE-2017-20105

A vulnerability was found in Simplessus 3.7.7. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument path with the input ..%2f..%2f..%2f..%2f..%2f ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:46 | 阅读：43 | 回复：0
CVE漏洞

CVE-2017-20104

A vulnerability was found in Simplessus 3.7.7. It has been declared as critical. This vulnerability affects unknown code of the component Cookie Handler. The manipulation of the argument UWA_SID leads ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:46 | 阅读：47 | 回复：0
CVE漏洞

CVE-2022-34134

Benjamin BALET Jorani v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /application/controllers/Users.php.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:46 | 阅读：41 | 回复：0
CVE漏洞

CVE-2022-34133

Benjamin BALET Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Comment parameter at application/controllers/Leaves.php.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:45 | 阅读：49 | 回复：0
CVE漏洞

CVE-2022-34132

Benjamin BALET Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at application/controllers/Leaves.php.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:45 | 阅读：46 | 回复：0
CVE漏洞

CVE-2022-31104

Wasmtime is a standalone runtime for WebAssembly. In affected versions wasmtime's implementation of the SIMD proposal for WebAssembly on x86_64 contained two distinct bugs in the instruction lower ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:45 | 阅读：39 | 回复：0
CVE漏洞

CVE-2022-33009

A stored cross-site scripting (XSS) vulnerability in LightCMS v1.3.11 allows attackers to execute arbitrary web scripts or HTML via uploading a crafted PDF file.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:45 | 阅读：45 | 回复：0
CVE漏洞

CVE-2022-32995

Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:45 | 阅读：43 | 回复：0
CVE漏洞

CVE-2022-32994

Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:45 | 阅读：40 | 回复：0
CVE漏洞

CVE-2022-31103

lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:45 | 阅读：47 | 回复：0
CVE漏洞

CVE-2022-31101

prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is f ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:45 | 阅读：41 | 回复：0
CVE漏洞

CVE-2022-31099

rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, the stack may overflow, possibly enabling a Denial of Service attack. This happens when parsing an expr ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:44 | 阅读：43 | 回复：0
CVE漏洞

CVE-2022-33879

The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the Standa ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:44 | 阅读：45 | 回复：0
CVE漏洞

CVE-2022-33007

TRENDnet Wi-Fi routers TEW751DR v1.03 and TEW-752DRU v1.03 were discovered to contain a stack overflow via the function genacgi_main.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:44 | 阅读：44 | 回复：0
CVE漏洞

CVE-2022-32092

D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter at __ajax_explorer.sgi.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:44 | 阅读：45 | 回复：0
CVE漏洞

CVE-2022-31100

rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, rulex may crash, possibly enabling a Denial of Service attack. This happens when the expression contain ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:44 | 阅读：60 | 回复：0
CVE漏洞

CVE-2022-31098

Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in the logging of Weave GitOps could allow ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:44 | 阅读：52 | 回复：0
CVE漏洞

CVE-2022-31096

Discourse is an open source discussion platform. Under certain conditions, a logged in user can redeem an invite with an email that either doesn't match the invite's email or does not adhere t ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:44 | 阅读：67 | 回复：0
CVE漏洞

CVE-2022-31093

NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid `callbackUrl` qu ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:43 | 阅读：52 | 回复：0
CVE漏洞

CVE-2022-31092

Pimcore is an Open Source Data Experience Management Platform. Pimcore offers developers listing classes to make querying data easier. This listing classes also allow to order or group the results ba ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:43 | 阅读：58 | 回复：0
CVE漏洞

CVE-2022-31091

Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:43 | 阅读：56 | 回复：0
CVE漏洞

CVE-2022-31090

Guzzle, an extensible PHP HTTP client. `Authorization` headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the `CURLOPT_HTTPAUTH` opt ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:43 | 阅读：54 | 回复：0
CVE漏洞

CVE-2017-20103

A vulnerability classified as critical has been found in Kama Click Counter Plugin up to 3.4.8. This affects an unknown part of the file wp-admin/admin.php. The manipulation of the argument order_by/o ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:43 | 阅读：57 | 回复：0
CVE漏洞

CVE-2022-33116

An issue in the jmpath variable in /modules/mindmap/index.php of GUnet Open eClass Platform (aka openeclass) v3.12.4 and below allows attackers to read arbitrary files via a directory traversal.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:43 | 阅读：60 | 回复：0
CVE漏洞

CVE-2022-33005

A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload i ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:43 | 阅读：51 | 回复：0