漏洞 - 第99页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-25266

Passwork On-Premise Edition before 4.6.13 allows migration/downloadExportFile Directory Traversal (to read files).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：30 | 回复：0
CVE漏洞

CVE-2022-27254

The remote keyless system on Honda Civic 2018 vehicles sends the same RF signal for each door-open request, which allows for a replay attack, a related issue to CVE-2019-20626.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：52 | 回复：0
CVE漏洞

CVE-2022-27192

The Reporting module in Aseco Lietuva document management system DVS Avilys before 3.5.58 allows unauthorized file download. An unauthenticated attacker can impersonate an administrator by reading adm ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：33 | 回复：0
CVE漏洞

CVE-2022-25041

OpenEMR v6.0.0 was discovered to contain an incorrect access control issue.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：38 | 回复：0
CVE漏洞

CVE-2022-24934

wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEY_CURRENT_USER in the registry.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：34 | 回复：0
CVE漏洞

CVE-2022-24768

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All unpatched versions of Argo CD starting with 1.0.0 are vulnerable to an improper access control bug, allowing a malicious u ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：41 | 回复：0
CVE漏洞

CVE-2022-22819

NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, LPC55S69JBD64, LPC55S69JBD100, and LPC55S69JEV98 microcontrollers (ROM version 1B) have a buffer overflow in parsing SB2 updates before the signature ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：42 | 回复：0
CVE漏洞

CVE-2021-44226

Razer Synapse before 3.7.0228.022817 allows privilege escalation because it relies on %PROGRAMDATA%\Razer\Synapse3\Service\bin even if %PROGRAMDATA%\Razer has been created by any unprivileged user bef ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：38 | 回复：0
CVE漏洞

CVE-2020-20096

Whatsapp iOS 2.19.80 and prior and Android 2.19.222 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：65 | 回复：0
CVE漏洞

CVE-2020-20095

iMessage (Messages app) iOS 12.4 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：52 | 回复：0
CVE漏洞

CVE-2020-20094

Instagram iOS 106.0 and prior and Android 107.0.0.11 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：54 | 回复：0
CVE漏洞

CVE-2020-20093

The Facebook Messenger app for iOS 227.0 and prior and Android 228.1.0.10.116 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：52 | 回复：0
CVE漏洞

CVE-2022-24757

The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications. Prior to version 1.15.4, unauthorized actors can access sensitive information f ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：56 | 回复：0
CVE漏洞

CVE-2022-24731

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.5.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal vulnerabili ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：53 | 回复：0
CVE漏洞

CVE-2022-24730

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.3.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal bug, compou ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：61 | 回复：0
CVE漏洞

CVE-2022-23881

ZZZCMS zzzphp v2.1.0 was discovered to contain a remote command execution (RCE) vulnerability via danger_key() at zzz_template.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：54 | 回复：0
CVE漏洞

CVE-2022-23880

An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：50 | 回复：0
CVE漏洞

CVE-2021-28278

A Heap-based Buffer Overflow vulnerability exists in jhead 3.04 and 3.05 via the RemoveSectionType function in jpgfile.c.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：48 | 回复：0
CVE漏洞

CVE-2021-28277

A Heap-based Buffer Overflow vulnerabilty exists in jhead 3.04 and 3.05 is affected by: Buffer Overflow via the RemoveUnknownSections function in jpgfile.c.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：46 | 回复：0
CVE漏洞

CVE-2021-28276

A Denial of Service vulnerability exists in jhead 3.04 and 3.05 via a wild address read in the ProcessCanonMakerNoteDir function in makernote.c.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：53 | 回复：0
CVE漏洞

CVE-2021-28275

A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to a wild address read in the Get16u function in exif.c in will cause segmentation fault via a crafted_file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：43 | 回复：0
CVE漏洞

CVE-2022-25609

Stored Cross-Site Scripting (XSS) in Yoo Slider – Image Slider Video Slider (WordPress plugin) allows attackers with contributor or higher user role to inject the malicious code.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：40 | 回复：0
CVE漏洞

CVE-2022-25608

Cross-Site Request Forgery (CSRF) in Yoo Slider – Image Slider Video Slider (WordPress plugin) allows attackers to trick authenticated users into unwanted slider duplicate or delete action.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：36 | 回复：0
CVE漏洞

CVE-2022-25223

Money Transfer Management System Version 1.0 allows an authenticated user to inject SQL queries in 'mtms/admin/?page=transaction/view_details' via the 'id' parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：38 | 回复：0
CVE漏洞

CVE-2022-25222

Money Transfer Management System Version 1.0 allows an unauthenticated user to inject SQL queries in 'admin/maintenance/manage_branch.php' and 'admin/maintenance/manage_fee.php' via th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：39 | 回复：0
CVE漏洞

CVE-2022-25221

Money Transfer Management System Version 1.0 allows an attacker to inject JavaScript code in the URL and then trick a user into visit the link in order to execute JavaScript code.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：40 | 回复：0
CVE漏洞

CVE-2022-24293

Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：41 | 回复：0
CVE漏洞

CVE-2022-24292

Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：39 | 回复：0
CVE漏洞

CVE-2022-24291

Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：37 | 回复：0
CVE漏洞

CVE-2022-22952

VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains a file upload vulnerability. A malicious actor with administrative ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：36 | 回复：0
CVE漏洞

CVE-2022-22951

VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains an OS command injection vulnerability. An authenticated, high priv ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：40 | 回复：0
CVE漏洞

CVE-2022-1030

Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be vulnerable to command injection via a specially crafted URL. An attacker, who has knowledge of a valid te ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：45 | 回复：0
CVE漏洞

CVE-2022-0996

A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：57 | 回复：0
CVE漏洞

CVE-2022-0981

A flaw was found in Quarkus. The state and potentially associated permissions can leak from one web request to another in RestEasy Reactive. This flaw allows a low-privileged user to perform operation ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：65 | 回复：0
CVE漏洞

CVE-2022-0889

The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to reflected cross-site scripting due to missing sanitization of the files filename parameter found in the ~/includes/ajax/contr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：76 | 回复：0
CVE漏洞

CVE-2022-0888

The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/includes/ajax/controllers/uploads.php fi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：93 | 回复：0
CVE漏洞

CVE-2022-0854

A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：74 | 回复：0
CVE漏洞

CVE-2022-0834

The Amelia WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the lastName parameter found in the ~/src/Application/Controller/User/Customer/AddCus ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：92 | 回复：0
CVE漏洞

CVE-2022-0750

The Photoswipe Masonry Gallery WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the thumbnail_width, thumbnail_height, max_image_width, and max_i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：54 | 回复：0
CVE漏洞

CVE-2021-4219

A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：58 | 回复：0