漏洞 - 第85页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-29301

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-20660. Reason: This candidate is a reservation duplicate of CVE-2021-20660. Notes: All CVE users should reference CVE-2021-20660 ins ...……

作者：菜鸟教程小白 | 时间：2022-7-7 07:54 | 阅读：71 | 回复：0
CVE漏洞

CVE-2022-29299

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-20660. Reason: This candidate is a reservation duplicate of CVE-2021-20660. Notes: All CVE users should reference CVE-2021-20660 ins ...……

作者：菜鸟教程小白 | 时间：2022-7-7 07:54 | 阅读：78 | 回复：0
CVE漏洞

CVE-2022-22980

A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value bi ...……

作者：菜鸟教程小白 | 时间：2022-7-7 07:54 | 阅读：82 | 回复：0
CVE漏洞

CVE-2022-22967

An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still r ...……

作者：菜鸟教程小白 | 时间：2022-7-7 07:54 | 阅读：72 | 回复：0
CVE漏洞

CVE-2021-46824

Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Lastname parameter to the Update Account form in student_profile.php.……

作者：菜鸟教程小白 | 时间：2022-7-7 07:54 | 阅读：85 | 回复：0
CVE漏洞

CVE-2021-41432

A stored cross-site scripting (XSS) vulnerability exists in FlatPress 1.2.1 that allows for arbitrary execution of JavaScript commands through blog content.……

作者：菜鸟教程小白 | 时间：2022-7-7 07:54 | 阅读：88 | 回复：0
CVE漏洞

CVE-2021-40956

LaiKetui v3.5.0 has SQL injection in the background through the menu management function, and sensitive data can be obtained.……

作者：菜鸟教程小白 | 时间：2022-7-7 07:53 | 阅读：84 | 回复：0
CVE漏洞

CVE-2021-40955

SQL injection exists in LaiKetui v3.5.0 the background administrator list.……

作者：菜鸟教程小白 | 时间：2022-7-7 07:53 | 阅读：86 | 回复：0
CVE漏洞

CVE-2021-40954

Laiketui 3.5.0 is affected by an arbitrary file upload vulnerability that can allow an attacker to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-7-7 07:53 | 阅读：94 | 回复：0
CVE漏洞

CVE-2021-29055

Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Firtstname parameter to the Update Account form in student_profile.php.……

作者：菜鸟教程小白 | 时间：2022-7-7 07:53 | 阅读：102 | 回复：0
CVE漏洞

CVE-2021-26638

Improper Authentication vulnerability in SD smarthome(smartcare) application can cause authentication bypass and information exposure. Remote attackers can use this vulerability to take control of the ...……

作者：菜鸟教程小白 | 时间：2022-7-7 07:53 | 阅读：111 | 回复：0
CVE漏洞

CVE-2021-26637

There is no account authentication and permission check logic in the firmware and existing apps of SiHAS's SGW-300, ACM-300, GCM-300, so unauthorized users can remotely control the device.……

作者：菜鸟教程小白 | 时间：2022-7-7 07:53 | 阅读：110 | 回复：0
CVE漏洞

CVE-2021-26636

Stored XSS and SQL injection vulnerability in MaxBoard could lead to occur Remote Code Execution, which could lead to information exposure and privilege escalation.……

作者：菜鸟教程小白 | 时间：2022-7-7 07:52 | 阅读：124 | 回复：0
CVE漏洞

CVE-2022-2175

Buffer Over-read in GitHub repository vim/vim prior to 8.2.……

作者：菜鸟教程小白 | 时间：2022-7-7 07:52 | 阅读：137 | 回复：0
CVE漏洞

CVE-2022-34305

In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data witho ...……

作者：菜鸟教程小白 | 时间：2022-7-7 07:52 | 阅读：309 | 回复：0
CVE漏洞

CVE-2022-31009

wire-ios is an iOS client for the Wire secure messaging application. Invalid accent colors of Wire communication partners may render the iOS Wire Client partially unusable by causing it to crash multi ...……

作者：菜鸟教程小白 | 时间：2022-7-7 07:52 | 阅读：143 | 回复：0
CVE漏洞

CVE-2017-20091

A vulnerability was found in File Manager Plugin 3.0.1. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to ini ...……

作者：菜鸟教程小白 | 时间：2022-7-7 07:52 | 阅读：151 | 回复：0
CVE漏洞

CVE-2017-20090

A vulnerability was found in Global Content Blocks Plugin 2.1.5. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The ...……

作者：菜鸟教程小白 | 时间：2022-7-7 07:52 | 阅读：176 | 回复：0
CVE漏洞

CVE-2017-20089

A vulnerability was found in Gwolle Guestbook Plugin 1.7.4. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to basic cross site scripting. The atta ...……

作者：菜鸟教程小白 | 时间：2022-7-7 07:52 | 阅读：224 | 回复：0
CVE漏洞

CVE-2017-20088

A vulnerability classified as problematic has been found in Atahualpa Theme. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack ...……

作者：菜鸟教程小白 | 时间：2022-7-7 07:51 | 阅读：222 | 回复：0
CVE漏洞

CVE-2017-20087

A vulnerability, which was classified as problematic, has been found in Alpine PhotoTile for Instagram Plugin 1.2.7.7. Affected by this issue is some unknown functionality. The manipulation leads to b ...……

作者：菜鸟教程小白 | 时间：2022-7-7 07:51 | 阅读：237 | 回复：0
CVE漏洞

CVE-2017-20086

A vulnerability, which was classified as critical, was found in VaultPress Plugin 1.8.4. This affects an unknown part. The manipulation leads to code injection. It is possible to initiate the attack r ...……

作者：菜鸟教程小白 | 时间：2022-7-7 07:51 | 阅读：705 | 回复：0
CVE漏洞

CVE-2017-20085

A vulnerability has been found in Atahualpa Theme and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to basic cross site scripting. The a ...……

作者：菜鸟教程小白 | 时间：2022-7-7 07:51 | 阅读：341 | 回复：0
CVE漏洞

CVE-2022-24803

Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an at ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：400 | 回复：0
CVE漏洞

CVE-2022-24802

deepmerge-ts is a typescript library providing functionality to deep merging of javascript objects. deepmerge-ts is vulnerable to Prototype Pollution via file deepmerge.ts, function defaultMergeRecord ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：420 | 回复：0
CVE漏洞

CVE-2022-27966

Xshell v7.0.0099 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：514 | 回复：0
CVE漏洞

CVE-2022-27965

Xlpd v7.0.0094 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：437 | 回复：0
CVE漏洞

CVE-2022-27964

Xmanager v7.0.0096 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：529 | 回复：0
CVE漏洞

CVE-2022-27963

Xftp 7.0.0088p and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：441 | 回复：0
CVE漏洞

CVE-2022-27052

FreeFtpd version 1.0.13 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：454 | 回复：0
CVE漏洞

CVE-2022-27050

BitComet Service for Windows before version 1.8.6 contains an unquoted service path vulnerability which allows attackers to escalate privileges to the system level.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：482 | 回复：0
CVE漏洞

CVE-2022-27049

Raidrive before v2021.12.35 allows attackers to arbitrarily move log files by pre-creating a mountpoint and log files before Raidrive is installed.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：546 | 回复：0
CVE漏洞

CVE-2022-24798

Internet Routing Registry daemon version 4 is an IRR database server, processing IRR objects in the RPSL format. IRRd did not always filter password hashes in query responses relating to `mntner` obje ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：874 | 回复：0
CVE漏洞

CVE-2022-24797

Pomerium is an identity-aware access proxy. In distributed service mode, Pomerium's Authenticate service exposes pprof debug and prometheus metrics handlers to untrusted traffic. This can leak pot ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：563 | 回复：0
CVE漏洞

CVE-2022-24796

RaspberryMatic is a free and open-source operating system for running a cloud-free smart-home using the homematicIP / HomeMatic hardware line of IoT devices. A Remote Code Execution (RCE) vulnerabilit ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：462 | 回复：0
CVE漏洞

CVE-2022-24794

Express OpenID Connect is an Express JS middleware implementing sign on for Express web apps using OpenID Connect. Users of the `requiresAuth` middleware, either directly or through the default `authR ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：490 | 回复：0
CVE漏洞

CVE-2022-24791

Wasmtime is a standalone JIT-style runtime for WebAssembly, using Cranelift. There is a use after free vulnerability in Wasmtime when both running Wasm that uses externrefs and enabling epoch interrup ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：474 | 回复：0
CVE漏洞

CVE-2022-24758

The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：455 | 回复：0
CVE漏洞

CVE-2021-46439

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation show……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：409 | 回复：0
CVE漏洞

CVE-2022-26546

Hospital Management System v1.0 was discovered to lack an authorization component, allowing attackers to access sensitive information and obtain the admin password.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：400 | 回复：0