CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-0957

Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：66 | 回复：0
CVE-2022-24752

SyliusGridBundle is a package of generic data grids for Symfony applications. Prior to versions 1.10.1 and 1.11-rc2, values added at the end of query sorting were passed directly to the database. The ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：58 | 回复：0
CVE-2022-24756

Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director = 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：72 | 回复：0
CVE-2022-0963

Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.12.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：76 | 回复：0
CVE-2022-0964

Stored XSS viva .webmv file upload in GitHub repository star7th/showdoc prior to 2.10.4.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：84 | 回复：0
CVE-2022-0965

Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：102 | 回复：0
CVE-2022-0966

Stored XSS via File Upload in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.4.10.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：196 | 回复：0
CVE-2022-0967

Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：94 | 回复：0
CVE-2022-0968

The microweber application allows large characters to insert in the input field fist last name which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/m ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：74 | 回复：0
CVE-2022-26779

Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：76 | 回复：0
CVE-2020-4989

IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 and IBM Rational Team Concert 6.0.6 and 6.0.0.1 could allow an authenticated user to obtain sensitive information about build definitions. IBM ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：65 | 回复：0
CVE-2022-0778

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：76 | 回复：0
CVE-2022-0970

Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：79 | 回复：0
CVE-2022-22771

The Server component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketpl ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：75 | 回复：0
CVE-2022-27195

Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in thei ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：94 | 回复：0
CVE-2022-27196

Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Co ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：92 | 回复：0
CVE-2022-27197

Jenkins Dashboard View Plugin 2.18 and earlier does not perform URL validation for the Iframe Portlet's Iframe source URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitabl ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：85 | 回复：0
CVE-2022-27198

A cross-site request forgery (CSRF) vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service u ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：99 | 回复：0
CVE-2022-27199

A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specif ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：130 | 回复：0
CVE-2022-27200

Jenkins Folder-based Authorization Strategy Plugin 1.3 and earlier does not escape the names of roles shown on the configuration form, resulting in a stored cross-site scripting (XSS) vulnerability ex ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：219 | 回复：0
CVE-2022-27201

Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：158 | 回复：0
CVE-2022-27202

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the value and description of extended choice parameters of radio buttons or check boxes type, resulting in a sto ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：151 | 回复：0
CVE-2022-27203

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins cont ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：100 | 回复：0
CVE-2022-27204

A cross-site request forgery vulnerability in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers to connect to an attacker-specified URL.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：90 | 回复：0
CVE-2022-27205

A missing permission check in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：78 | 回复：0
CVE-2022-27206

Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：72 | 回复：0
CVE-2022-27207

Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the 'Global Build Stats' page, resulting in a stored cross-site scripting (XSS) ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：67 | 回复：0
CVE-2022-27208

Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：63 | 回复：0
CVE-2022-27209

A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：66 | 回复：0
CVE-2022-27210

A cross-site request forgery (CSRF) vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specif ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：68 | 回复：0
CVE-2022-27211

A missing/An incorrect permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server us ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：64 | 回复：0
CVE-2022-27212

Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier does not escape the name of the 'List Git branches (and more)' parameter, resulting in a stored cross-site scripting (XSS) vulnerab ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：75 | 回复：0
CVE-2022-27213

Jenkins Environment Dashboard Plugin 1.1.10 and earlier does not escape the Environment order and the Component order configuration values in its views, resulting in a stored cross-site scripting (XSS ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：70 | 回复：0
CVE-2022-27214

A cross-site request forgery (CSRF) vulnerability in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：72 | 回复：0
CVE-2022-27215

A missing permission check in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：87 | 回复：0
CVE-2022-27216

Jenkins dbCharts Plugin 0.5.2 and earlier stores JDBC connection passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the J ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：83 | 回复：0
CVE-2022-27217

Jenkins Vmware vRealize CodeStream Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：86 | 回复：0
CVE-2022-27218

Jenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：72 | 回复：0
CVE-2022-25485

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：76 | 回复：0
CVE-2022-25486

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：89 | 回复：0