• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号
登陆 注册
描述文字
OGeek|极客世界-中国程序员成长平台 门户 漏洞

漏洞

RSS

下级分类:

  • CVE-2022-0923
    CVE漏洞
    CVE-2022-0923
    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialog_KID.ashx. This allows an attacker to inject arbitrary SQL queries, ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:196 | 回复:0
  • CVE-2022-0343
    CVE漏洞
    CVE-2022-0343
    A local attacker, as a different local user, may be able to send a HTTP request to 127.0.0.1:10000 after the user (typically a developer) manually invoked the ./tools/run-dev-server script. It is reco ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:81 | 回复:0
  • CVE-2021-44081
    CVE漏洞
    CVE-2021-44081
    A buffer overflow vulnerability exists in the AMF of open5gs 2.1.4. When the length of MSIN in Supi exceeds 24 characters, it leads to AMF denial of service.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:74 | 回复:0
  • CVE-2021-43701
    CVE漏洞
    CVE-2021-43701
    CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnerability in the endpoint /admin/export/getcsv/article_db, via the fieldS and orderby parameters.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:60 | 回复:0
  • CVE-2022-1055
    CVE漏洞
    CVE-2022-1055
    A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:80 | 回复:0
  • CVE-2021-22572
    CVE漏洞
    CVE-2021-22572
    On unix-like systems, the system temporary directory is shared between all users on that system. The root cause is File.createTempFile creates files in the the system temporary directory with world re ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:58 | 回复:0
  • CVE-2022-28160
    CVE漏洞
    CVE-2022-28160
    Jenkins Tests Selector Plugin 1.3.3 and earlier allows users with Item/Configure permission to read arbitrary files on the Jenkins controller.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:58 | 回复:0
  • CVE-2022-28159
    CVE漏洞
    CVE-2022-28159
    Jenkins Tests Selector Plugin 1.3.3 and earlier does not escape the Properties File Path option for Choosing Tests parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitabl ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:59 | 回复:0
  • CVE-2022-28158
    CVE漏洞
    CVE-2022-28158
    A missing permission check in Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:58 | 回复:0
  • CVE-2022-28157
    CVE漏洞
    CVE-2022-28157
    Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller via FTP to an attacker-specified FTP ser ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:57 | 回复:0
  • CVE-2022-28156
    CVE漏洞
    CVE-2022-28156
    Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to copy arbitrary files and directories from the Jenkins controller to the agent workspace.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:48 | 回复:0
  • CVE-2022-28155
    CVE漏洞
    CVE-2022-28155
    Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:47 | 回复:0
  • CVE-2022-28154
    CVE漏洞
    CVE-2022-28154
    Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:51 | 回复:0
  • CVE-2022-28153
    CVE漏洞
    CVE-2022-28153
    Jenkins SiteMonitor Plugin 0.6 and earlier does not escape URLs of sites to monitor in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Confi ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:76 | 回复:0
  • CVE-2022-28152
    CVE漏洞
    CVE-2022-28152
    A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to restore the default ownership of a job.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:67 | 回复:0
  • CVE-2022-28151
    CVE漏洞
    CVE-2022-28151
    A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:85 | 回复:0
  • CVE-2022-28150
    CVE漏洞
    CVE-2022-28150
    A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to change the owners and item-specific permissions of a job.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:71 | 回复:0
  • CVE-2022-28149
    CVE漏洞
    CVE-2022-28149
    Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:80 | 回复:0
  • CVE-2022-28148
    CVE漏洞
    CVE-2022-28148
    The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:87 | 回复:0
  • CVE-2022-28147
    CVE漏洞
    CVE-2022-28147
    A missing permission check in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified fil ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:93 | 回复:0
  • CVE-2022-28146
    CVE漏洞
    CVE-2022-28146
    Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Item/Configure permission to read arbitrary files on the Jenkins controller by specifying an input folder on ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:96 | 回复:0
  • CVE-2022-28145
    CVE漏洞
    CVE-2022-28145
    Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier does not apply Content-Security-Policy headers to report files it serves, resulting in a stored cross-site scripting (XSS) exploita ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:124 | 回复:0
  • CVE-2022-28144
    CVE漏洞
    CVE-2022-28144
    Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using a ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:142 | 回复:0
  • CVE-2022-28143
    CVE漏洞
    CVE-2022-28143
    A cross-site request forgery (CSRF) vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password ( ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:184 | 回复:0
  • CVE-2022-28142
    CVE漏洞
    CVE-2022-28142
    Jenkins Proxmox Plugin 0.6.0 and earlier disables SSL/TLS certificate validation globally for the Jenkins controller JVM when configured to ignore SSL/TLS issues.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:112 | 回复:0
  • CVE-2022-28141
    CVE漏洞
    CVE-2022-28141
    Jenkins Proxmox Plugin 0.5.0 and earlier stores the Proxmox Datacenter password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the J ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:130 | 回复:0
  • CVE-2022-28140
    CVE漏洞
    CVE-2022-28140
    Jenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:98 | 回复:0
  • CVE-2022-28139
    CVE漏洞
    CVE-2022-28139
    A missing permission check in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified crede ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:89 | 回复:0
  • CVE-2022-28138
    CVE漏洞
    CVE-2022-28138
    A cross-site request forgery (CSRF) vulnerability in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credential.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:91 | 回复:0
  • CVE-2022-28137
    CVE漏洞
    CVE-2022-28137
    A missing permission check in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-s ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:81 | 回复:0
  • CVE-2022-28136
    CVE漏洞
    CVE-2022-28136
    A cross-site request forgery (CSRF) vulnerability in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers to connect to an attacker-specified URL using attacker-specifi ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:78 | 回复:0
  • CVE-2022-28135
    CVE漏洞
    CVE-2022-28135
    Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for group chats unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins cont ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:72 | 回复:0
  • CVE-2022-28134
    CVE漏洞
    CVE-2022-28134
    Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:81 | 回复:0
  • CVE-2022-28133
    CVE漏洞
    CVE-2022-28133
    Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not limit URL schemes for callback URLs on OAuth consumers, resulting in a stored cross-site scripting (XSS) vulnerability exploitabl ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:76 | 回复:0
  • CVE-2022-23903
    CVE漏洞
    CVE-2022-23903
    A Cross Site Scripting (XSS) vulnerability exists in pearadmin pear-admin-think =5.0.6, which allows a login account to access arbitrary functions and cause stored XSS through a fake User-Agent.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:85 | 回复:0
  • CVE-2022-23901
    CVE漏洞
    CVE-2022-23901
    A stack overflow re2c 2.2 exists due to infinite recursion issues in src/dfa/dead_rules.cc.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:77 | 回复:0
  • CVE-2022-23059
    CVE漏洞
    CVE-2022-23059
    A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0 via the “Manage Images” tab, which allows an attacker to upload a SVG file containing malicious JavaS ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:83 | 回复:0
  • CVE-2022-1032
    CVE漏洞
    CVE-2022-1032
    Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:75 | 回复:0
  • CVE-2021-46743
    CVE漏洞
    CVE-2021-46743
    In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., RS256 / HS256) exists via the kid (aka Key ID) header, when multiple types of keys are loaded in a key ring. This allows an attack ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:67 | 回复:0
  • CVE-2022-1087
    CVE漏洞
    CVE-2022-1087
    A vulnerability, which was classified as problematic, has been found in htmly 5.3 whis affects the component Edit Profile Module. The manipulation of the field Title with script tags leads to persiste ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:72 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap