• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号
登陆 注册
描述文字
OGeek|极客世界-中国程序员成长平台 门户 漏洞

漏洞

RSS

下级分类:

  • CVE-2021-40904
    CVE漏洞
    CVE-2021-40904
    The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. As a result, remot ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:56 | 阅读:33 | 回复:0
  • CVE-2022-24784
    CVE漏洞
    CVE-2022-24784
    Statamic is a Laravel and Git powered CMS. Before versions 3.2.39 and 3.3.2, it is possible to confirm a single character of a user's password hash using a specially crafted regular expression fil ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:56 | 阅读:45 | 回复:0
  • CVE-2022-24783
    CVE漏洞
    CVE-2022-24783
    Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicious actor controlling the code executed in ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:56 | 阅读:34 | 回复:0
  • CVE-2021-44683
    CVE漏洞
    CVE-2021-44683
    The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due to mishandling of the JavaScript window.open function (used to open a secondary browser window). This could be exploited by trickin ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:56 | 阅读:38 | 回复:0
  • CVE-2022-26659
    CVE漏洞
    CVE-2022-26659
    Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:56 | 阅读:39 | 回复:0
  • CVE-2022-26197
    CVE漏洞
    CVE-2022-26197
    Joget DX 7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Datalist table.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:56 | 阅读:37 | 回复:0
  • CVE-2022-25523
    CVE漏洞
    CVE-2022-25523
    TypesetterCMS v5.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which is exploited via a crafted POST request.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:56 | 阅读:30 | 回复:0
  • CVE-2022-24643
    CVE漏洞
    CVE-2022-24643
    A stored cross-site scripting (XSS) issue was discovered in the OpenEMR Hospital Information Management System version 6.0.0.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:56 | 阅读:33 | 回复:0
  • CVE-2021-44905
    CVE漏洞
    CVE-2021-44905
    Incorrect permissions in the Bluetooth Services in the Fortessa FTBTLD Smart Lock as of 12-13-2022 allows a remote attacker to disable the lock via an unauthenticated edit to the lock name.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:56 | 阅读:39 | 回复:0
  • CVE-2022-27920
    CVE漏洞
    CVE-2022-27920
    libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggestions URL parameter. This is fixed in 10.1.0.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:56 | 阅读:48 | 回复:0
  • CVE-2022-27919
    CVE漏洞
    CVE-2022-27919
    Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administrat ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:56 | 阅读:36 | 回复:0
  • CVE-2022-27906
    CVE漏洞
    CVE-2022-27906
    Mendelson OFTP2 before 1.1 b43 is affected by directory traversal. To access the vulnerable code path, the attacker has to know one of the configured Odette IDs of the OFTP2 server. An attacker can up ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:56 | 阅读:36 | 回复:0
  • CVE-2022-27887
    CVE漏洞
    CVE-2022-27887
    Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/vod/data.html via the repeat parameter.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:56 | 阅读:37 | 回复:0
  • CVE-2022-27886
    CVE漏洞
    CVE-2022-27886
    Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/ulog/index.html via the wd parameter.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:56 | 阅读:36 | 回复:0
  • CVE-2022-27885
    CVE漏洞
    CVE-2022-27885
    Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/website/data.html via the select and input parameters.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:56 | 阅读:54 | 回复:0
  • CVE-2022-27884
    CVE漏洞
    CVE-2022-27884
    Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/plog/index.html via the wd parameter.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:56 | 阅读:48 | 回复:0
  • CVE-2022-26573
    CVE漏洞
    CVE-2022-26573
    Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/art/data.html via the select and input parameters.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:56 | 阅读:48 | 回复:0
  • CVE-2022-25612
    CVE漏洞
    CVE-2022-25612
    Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in Simple Event Planner WordPress plugin = 1.5.4 allows user with author or higher user rights inject the malicious code vi ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:56 | 阅读:66 | 回复:0
  • CVE-2022-25611
    CVE漏洞
    CVE-2022-25611
    Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planner plugin = 1.5.4 allows attackers with contributor or higher user roles to inject the malicious script by using vulnerable paramet ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:56 | 阅读:81 | 回复:0
  • CVE-2022-25610
    CVE漏洞
    CVE-2022-25610
    Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat = 20220115 allows an attacker to store the malicious code. However, the attack requires specific conditions, making it hard to exp ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:56 | 阅读:127 | 回复:0
  • CVE-2022-25606
    CVE漏洞
    CVE-2022-25606
    Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions = 1.68.6). Vulnerable parameters download_path, download_path_url, ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:56 | 阅读:102 | 回复:0
  • CVE-2022-25590
    CVE漏洞
    CVE-2022-25590
    SurveyKing v0.2.0 was discovered to retain users' session cookies after logout, allowing attackers to login to the system and access data using the browser cache when the user exits the applicatio ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:56 | 阅读:74 | 回复:0
  • CVE-2022-1049
    CVE漏洞
    CVE-2022-1049
    A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivi ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:56 | 阅读:69 | 回复:0
  • CVE-2022-0995
    CVE漏洞
    CVE-2022-0995
    An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:56 | 阅读:87 | 回复:0
  • CVE-2022-0988
    CVE漏洞
    CVE-2022-0988
    Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:56 | 阅读:112 | 回复:0
  • CVE-2022-0983
    CVE漏洞
    CVE-2022-0983
    An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:56 | 阅读:211 | 回复:0
  • CVE-2022-0897
    CVE漏洞
    CVE-2022-0897
    A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the `driver-nwfilters` mutex before iterating over virNWFilterObj instances. There was no ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:56 | 阅读:342 | 回复:0
  • CVE-2022-0759
    CVE漏洞
    CVE-2022-0759
    A flaw was found in all versions of kubeclient up to (but not including) v4.9.3, the Ruby client for Kubernetes REST API, in the way it parsed kubeconfig files. When the kubeconfig file does not confi ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:56 | 阅读:157 | 回复:0
  • CVE-2022-0500
    CVE漏洞
    CVE-2022-0500
    A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:56 | 阅读:75 | 回复:0
  • CVE-2022-0494
    CVE漏洞
    CVE-2022-0494
    A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMI ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:56 | 阅读:83 | 回复:0
  • CVE-2022-0435
    CVE漏洞
    CVE-2022-0435
    A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:56 | 阅读:62 | 回复:0
  • CVE-2022-0330
    CVE漏洞
    CVE-2022-0330
    A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the sys ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:56 | 阅读:54 | 回复:0
  • CVE-2022-0322
    CVE漏洞
    CVE-2022-0322
    A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:56 | 阅读:46 | 回复:0
  • CVE-2021-4203
    CVE漏洞
    CVE-2021-4203
    A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:56 | 阅读:36 | 回复:0
  • CVE-2021-4202
    CVE漏洞
    CVE-2021-4202
    A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:56 | 阅读:50 | 回复:0
  • CVE-2021-4157
    CVE漏洞
    CVE-2021-4157
    An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:56 | 阅读:33 | 回复:0
  • CVE-2021-4147
    CVE漏洞
    CVE-2021-4147
    A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:56 | 阅读:40 | 回复:0
  • CVE-2021-44768
    CVE漏洞
    CVE-2021-44768
    Delta Electronics CNCSoft (Version 1.01.30) and prior) is vulnerable to an out-of-bounds read while processing a specific project file, which may allow an attacker to disclose information.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:56 | 阅读:44 | 回复:0
  • CVE-2021-44477
    CVE漏洞
    CVE-2021-44477
    GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity (XXE) vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:56 | 阅读:52 | 回复:0
  • CVE-2021-44462
    CVE漏洞
    CVE-2021-44462
    This vulnerability can be exploited by parsing maliciously crafted project files with Horner Automation Cscape EnvisionRV v4.50.3.1 and prior. The issues result from the lack of proper validation of u ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:56 | 阅读:40 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap