请选择 进入手机版 | 继续访问电脑版
  • 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    公众号

漏洞

RSS

下级分类:

  • CVE-2022-38772
    CVE-2022-38772
    Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make dat ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:37 | 阅读:348 | 回复:0
  • CVE-2022-36553
    CVE-2022-36553
    Hytec Inter HWL-2511-SS v1.05 and below was discovered to contain a command injection vulnerability via the component /www/cgi-bin/popen.cgi.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:37 | 阅读:342 | 回复:0
  • CVE-2022-37177
    CVE-2022-37177
    ** DISPUTED ** HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm. NOTE: this is disputed by the vendor for multiple reasons, e.g., it is inconsistent with CVE ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:36 | 阅读:716 | 回复:0
  • CVE-2022-32993
    CVE-2022-32993
    TOTOLINK A7000R V4.1cu.4134 was discovered to contain an access control issue via /cgi-bin/ExportSettings.sh.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:36 | 阅读:309 | 回复:0
  • CVE-2022-21385
    CVE-2022-21385
    A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S: ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:36 | 阅读:297 | 回复:0
  • CVE-2021-38934
    CVE-2021-38934
    IBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:36 | 阅读:282 | 回复:0
  • CVE-2020-26938
    CVE-2020-26938
    In oauth2-server (aka node-oauth2-server) through 3.1.1, the value of the redirect_uri parameter received during the authorization and token request is checked against an incorrect URI pattern (+:) be ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:36 | 阅读:312 | 回复:0
  • CVE-2022-3035
    CVE-2022-3035
    Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:36 | 阅读:300 | 回复:0
  • CVE-2022-36037
    CVE-2022-36037
    kirby is a content management system (CMS) that adapts to many different projects and helps you build your own ideal interface. Cross-site scripting (XSS) is a type of vulnerability that allows execut ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:36 | 阅读:320 | 回复:0
  • CVE-2022-36036
    CVE-2022-36036
    mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with a ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:35 | 阅读:313 | 回复:0
  • CVE-2022-2599
    CVE-2022-2599
    The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.21.83 does not sanitise and escape some parameters before outputting them back in an admin dashboard, leading to Reflected ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:35 | 阅读:835 | 回复:0
  • CVE-2022-2559
    CVE-2022-2559
    The Fluent Support WordPress plugin before 1.5.8 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection vulnerability exp ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:35 | 阅读:313 | 回复:0
  • CVE-2022-2556
    CVE-2022-2556
    The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJAX action that allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN, the body ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:35 | 阅读:340 | 回复:0
  • CVE-2022-2538
    CVE-2022-2538
    The WP Hide Security Enhancer WordPress plugin before 1.8 does not escape a parameter before outputting it back in an attribute of a backend page, leading to a Reflected Cross-Site Scripting……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:35 | 阅读:336 | 回复:0
  • CVE-2022-2537
    CVE-2022-2537
    The WooCommerce PDF Invoices Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflect ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:35 | 阅读:326 | 回复:0
  • CVE-2022-2638
    CVE-2022-2638
    The Export All URLs WordPress plugin before 4.4 does not validate the path of the file to be removed on the system which is supposed to be the CSV file. This could allow high privilege users to delete ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:35 | 阅读:349 | 回复:0
  • CVE-2022-2374
    CVE-2022-2374
    The Simply Schedule Appointments WordPress plugin before 1.5.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Sc ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:34 | 阅读:328 | 回复:0
  • CVE-2022-2373
    CVE-2022-2373
    The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:34 | 阅读:347 | 回复:0
  • CVE-2022-2267
    CVE-2022-2267
    The Mailchimp for WooCommerce WordPress plugin before 2.7.1 has an AJAX action that allows any logged in users (such as subscriber) to perform a POST request on behalf of the server to the internal ne ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:34 | 阅读:508 | 回复:0
  • CVE-2022-2080
    CVE-2022-2080
    The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbi ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:34 | 阅读:420 | 回复:0
  • CVE-2022-1663
    CVE-2022-1663
    The Stop Spam Comments WordPress plugin through 0.2.1.2 does not properly generate the Javascript access token for preventing abuse of comment section, allowing threat authors to easily collect the va ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:34 | 阅读:382 | 回复:0
  • CVE-2022-2261
    CVE-2022-2261
    The WPIDE WordPress plugin before 3.0 does not sanitize and validate the filename parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:34 | 阅读:372 | 回复:0
  • CVE-2022-2034
    CVE-2022-2034
    The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:34 | 阅读:378 | 回复:0
  • CVE-2022-36034
    CVE-2022-36034
    nitrado.js is a type safe wrapper for the Nitrado API. Possible ReDoS with lib input of `{{` and with many repetitions of `{{|`. This issue has been patched in all versions above `0.2.5`. There are cu ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:33 | 阅读:313 | 回复:0
  • CVE-2022-36033
    CVE-2022-36033
    jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety. jsoup may incorrectly sanitize HTML including `javascript:` URL expressions, which could ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:33 | 阅读:551 | 回复:0
  • CVE-2022-27558
    CVE-2022-27558
    HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading t ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:33 | 阅读:342 | 回复:0
  • CVE-2022-27547
    CVE-2022-27547
    HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user into supplying sensitive information such as username, password, cred ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:33 | 阅读:391 | 回复:0
  • CVE-2022-36200
    CVE-2022-36200
    In FiberHome VDSL2 Modem HG150-Ub_V3.0, Credentials of Admin are submitted in URL, which can be logged/sniffed.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:33 | 阅读:331 | 回复:0
  • CVE-2022-1123
    CVE-2022-1123
    The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) WordPress plugin before 3.12.5 does not properly sanitize some parameters before inserting them into SQL queries. As a result, high priv ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:33 | 阅读:362 | 回复:0
  • CVE-2022-27546
    CVE-2022-27546
    HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploi ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:33 | 阅读:390 | 回复:0
  • CVE-2022-35962
    CVE-2022-35962
    Zulip is an open source team chat and Zulip Mobile is an app for iOS and Andriod users. In Zulip Mobile through version 27.189, a crafted link in a message sent by an authenticated user could lead to ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:32 | 阅读:323 | 回复:0
  • CVE-2022-31677
    CVE-2022-31677
    An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use thei ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:32 | 阅读:378 | 回复:0
  • CVE-2022-2961
    CVE-2022-2961
    A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. This ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:32 | 阅读:355 | 回复:0
  • CVE-2022-2953
    CVE-2022-2953
    LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from so ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:32 | 阅读:385 | 回复:0
  • CVE-2022-1204
    CVE-2022-1204
    A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:32 | 阅读:356 | 回复:0
  • CVE-2022-1199
    CVE-2022-1199
    A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-afte ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:32 | 阅读:394 | 回复:0
  • CVE-2022-1198
    CVE-2022-1198
    A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:31 | 阅读:320 | 回复:0
  • CVE-2022-1117
    CVE-2022-1117
    A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc names the runtime linker, a build time regular expression may not correctly detect the runtime linker ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:31 | 阅读:340 | 回复:0
  • CVE-2022-1115
    CVE-2022-1115
    A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:31 | 阅读:308 | 回复:0
  • CVE-2022-1024
    CVE-2022-1024
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:31 | 阅读:523 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
    热门话题
    阅读排行榜

    扫描微信二维码

    查看手机版网站

    随时了解更新最新资讯

    139-2527-9053

    在线客服(服务时间 9:00~18:00)

    在线QQ客服
    地址:深圳市南山区西丽大学城创智工业园
    电邮:jeky_zhao#qq.com
    移动电话:139-2527-9053

    Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap