CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2016-20014

In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：42 | 回复：0
CVE-2022-27237

There is a cross-site scripting (XSS) vulnerability in an NI Web Server component installed with several NI products. Depending on the product(s) in use, remediation guidance includes: install SystemL ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：42 | 回复：0
CVE-2022-29498

Blazer before 2.6.0 allows SQL Injection. In certain circumstances, an attacker could get a user to run a query they would not have normally run.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：38 | 回复：0
CVE-2022-1420

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：37 | 回复：0
CVE-2022-24272

An authenticated user may trigger an invariant assertion during command dispatch due to incorrect validation on the $external database. This may result in mongod denial of service or server crash. Thi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：42 | 回复：0
CVE-2022-1022

Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chatwoot prior to 2.5.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：70 | 回复：0
CVE-2021-41161

Combodo iTop is a web based IT Service Management tool. In versions prior to 3.0.0-beta6 the export CSV page don't properly escape the user supplied parameters, allowing for javascript injection i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：65 | 回复：0
CVE-2021-41162

Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to beta6 the `ajax.render.php?operation=wizard_helper` page did not properly escape the user supplied parameters, a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：60 | 回复：0
CVE-2022-0272

Improper Restriction of XML External Entity Reference in GitHub repository detekt/detekt prior to 1.20.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：75 | 回复：0
CVE-2022-22435

IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pot ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：61 | 回复：0
CVE-2022-22436

IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pot ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：63 | 回复：0
CVE-2022-24867

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. When you pass the config to the javascript, some entries are ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：64 | 回复：0
CVE-2022-24868

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to 10.0.0 one can exploit a lack of saniti ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：49 | 回复：0
CVE-2022-24869

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to 10.0.0 one can use ticket's followu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：34 | 回复：0
CVE-2022-24870

Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to 3.0.0 beta3 a malicious script can be injected in tooltips using iTop customization mechanism. This provides a s ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：30 | 回复：0
CVE-2020-14116

An intent redirection vulnerability in the Mi Browser product. This vulnerability is caused by the Mi Browser does not verify the validity of the incoming data. Attackers can perform sensitive operati ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：30 | 回复：0
CVE-2020-14117

A improper permission configuration vulnerability in Xiaomi Content Center APP. This vulnerability is caused by the lack of correct permission verification in the Xiaomi content center APP, and attack ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：33 | 回复：0
CVE-2020-14118

An intent redirection vulnerability in the Mi App Store product. This vulnerability is caused by the Mi App Store does not verify the validity of the incoming data, can cause the app store to automati ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：33 | 回复：0
CVE-2020-14120

Some Xiaomi models have a vulnerability in a certain application. The vulnerability is caused by the lack of checksum when using a three-party application to pass in parameters, and attackers can indu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：36 | 回复：0
CVE-2020-14121

A business logic vulnerability exists in Mi App Store. The vulnerability is caused by incomplete permission checks of the products being bypassed, and an attacker can exploit the vulnerability to perf ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：29 | 回复：0
CVE-2020-14122

Some Xiaomi phones have information leakage vulnerabilities, and some of them may be able to forge a specific identity due to the lack of parameter verification, resulting in user information leakage.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：29 | 回复：0
CVE-2022-24875

The CVEProject/cve-services is an open source project used to operate the CVE services api. In versions up to and including 1.1.1 the `org.conroller.js` code would erroneously log user secrets. This h ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：26 | 回复：0
CVE-2021-23055

On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects. Note: Software versions which ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：23 | 回复：0
CVE-2021-35229

Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：24 | 回复：0
CVE-2021-43708

The Labeling tool in Titus Classification Suite 18.8.1910.140 allows users to avoid the generation of a classification label by using Excel's safe mode.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：33 | 回复：0
CVE-2022-20732

A vulnerability in the configuration file protections of Cisco Virtualized Infrastructure Manager (VIM) could allow an authenticated, local attacker to access confidential information and elevate priv ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：28 | 回复：0
CVE-2022-20773

A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance (VA) could allow an unauthenticated, remote attacker to impersonate a VA. This vulnerability is due to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：28 | 回复：0
CVE-2022-20778

A vulnerability in the authentication component of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：27 | 回复：0
CVE-2022-20783

A vulnerability in the packet processing functionality of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a d ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：34 | 回复：0
CVE-2022-20786

A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM amp; Presence Service (Unified CM IMamp;P) could allow an authenticated, remote attacker to conduct SQL ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：31 | 回复：0
CVE-2022-20787

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) Software and Cisco Unified CM Session Management Edition (SME) Software could allow an authen ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：34 | 回复：0
CVE-2022-20788

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unity Connection cou ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：35 | 回复：0
CVE-2022-20789

A vulnerability in the software upgrade process of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：36 | 回复：0
CVE-2022-20790

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could al ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：31 | 回复：0
CVE-2022-20795

A vulnerability in the implementation of the Datagram TLS (DTLS) protocol in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthent ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：39 | 回复：0
CVE-2022-20804

A vulnerability in the Cisco Discovery Protocol of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：38 | 回复：0
CVE-2022-20805

A vulnerability in the automatic decryption process in Cisco Umbrella Secure Web Gateway (SWG) could allow an authenticated, adjacent attacker to bypass the SSL decryption and content filtering polici ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：39 | 回复：0
CVE-2022-22969

Issue Description Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：50 | 回复：0
CVE-2022-23711

A vulnerability in Kibana could expose sensitive information related to Elastic Stack monitoring in the Kibana page source. Elastic Stack monitoring features provide a way to keep a pulse on the healt ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：45 | 回复：0
CVE-2022-28743

Time-of-check Time-of-use (TOCTOU) Race Condition vulerability in Foscam R2C IP camera running System FW = 1.13.1.6, and Application FW = 2.91.2.66, allows an authenticated remote attacker with admini ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:16 | 阅读：42 | 回复：0