• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    公众号

CVE漏洞

RSS
  • CVE-2022-34971
    CVE-2022-34971
    An arbitrary file upload vulnerability in the Advertising Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary code via a crafted PHP file.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:19 | 阅读:920 | 回复:0
  • CVE-2022-36879
    CVE-2022-36879
    An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:19 | 阅读:726 | 回复:0
  • CVE-2022-36880
    CVE-2022-36880
    The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:19 | 阅读:861 | 回复:0
  • CVE-2022-27610
    CVE-2022-27610
    Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25423 allows remote authenti ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:19 | 阅读:726 | 回复:0
  • CVE-2022-2310
    CVE-2022-2310
    An authentication bypass vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.12, 9.x prior to 9.2.23, 8.x prior to 8.2.28, and controlled release 11.x prior to 11.2.1 allows a remote atta ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:19 | 阅读:1560 | 回复:0
  • CVE-2022-2313
    CVE-2022-2313
    A DLL hijacking vulnerability in the MA Smart Installer for Windows prior to 5.7.7, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:19 | 阅读:1362 | 回复:0
  • CVE-2022-23099
    CVE-2022-23099
    OX App Suite through 7.10.6 allows XSS by forcing block-wise read.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:19 | 阅读:625 | 回复:0
  • CVE-2022-23100
    CVE-2022-23100
    OX App Suite through 7.10.6 allows OS Command Injection via Documentconverter (e.g., through an email attachment).……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:19 | 阅读:1085 | 回复:0
  • CVE-2022-23101
    CVE-2022-23101
    OX App Suite through 7.10.6 allows XSS via appHandler in a deep link in an e-mail message.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:19 | 阅读:1007 | 回复:0
  • CVE-2022-24405
    CVE-2022-24405
    OX App Suite through 7.10.6 allows OS Command Injection via a serialized Java class to the Documentconverter API.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:19 | 阅读:1454 | 回复:0
  • CVE-2022-24406
    CVE-2022-24406
    OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:19 | 阅读:777 | 回复:0
  • CVE-2022-33970
    CVE-2022-33970
    Authenticated WordPress Options Change vulnerability in Biplob018 Shortcode Addons plugin = 3.1.2 at WordPress.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:19 | 阅读:1505 | 回复:0
  • CVE-2022-34529
    CVE-2022-34529
    WASM3 v0.5.0 was discovered to contain a segmentation fault via the component Compile_Memory_CopyFill.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:19 | 阅读:650 | 回复:0
  • CVE-2022-34549
    CVE-2022-34549
    Sims v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /uploadServlet. This vulnerability allows attackers to escalate privileges and execute arbitrary commands v ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:19 | 阅读:656 | 回复:0
  • CVE-2022-34550
    CVE-2022-34550
    Sims v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /addNotifyServlet. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a c ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:19 | 阅读:727 | 回复:0
  • CVE-2022-34551
    CVE-2022-34551
    Sims v1.0 was discovered to allow path traversal when downloading attachments.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:19 | 阅读:702 | 回复:0
  • CVE-2022-35291
    CVE-2022-35291
    Due to misconfigured application endpoints, SAP SuccessFactors attachment APIs allow attackers with user privileges to perform activities with admin privileges over the network. These APIs were consum ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:19 | 阅读:647 | 回复:0
  • CVE-2022-2549
    CVE-2022-2549
    NULL Pointer Dereference in GitHub repository gpac/gpac prior to v2.1.0-DEV.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:19 | 阅读:747 | 回复:0
  • CVE-2022-2550
    CVE-2022-2550
    OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1.6.5.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:19 | 阅读:675 | 回复:0
  • CVE-2022-36881
    CVE-2022-36881
    Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:19 | 阅读:741 | 回复:0
  • CVE-2022-36882
    CVE-2022-36882
    A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to caus ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:19 | 阅读:693 | 回复:0
  • CVE-2022-36883
    CVE-2022-36883
    A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:19 | 阅读:827 | 回复:0
  • CVE-2022-36884
    CVE-2022-36884
    The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:19 | 阅读:644 | 回复:0
  • CVE-2022-36885
    CVE-2022-36885
    Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistica ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:19 | 阅读:1184 | 回复:0
  • CVE-2022-36886
    CVE-2022-36886
    A cross-site request forgery (CSRF) vulnerability in Jenkins External Monitor Job Type Plugin 191.v363d0d1efdf8 and earlier allows attackers to create runs of an external job.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:19 | 阅读:1535 | 回复:0
  • CVE-2022-36887
    CVE-2022-36887
    A cross-site request forgery (CSRF) vulnerability in Jenkins Job Configuration History Plugin 1155.v28a_46a_cc06a_5 and earlier allows attackers to delete entries from job, agent, and system configura ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:19 | 阅读:719 | 回复:0
  • CVE-2022-36888
    CVE-2022-36888
    A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb_858fd6b_f48 and earlier allows attackers with Overall/Read permission to obtain credentials stored in Vault with attacker-specified ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:19 | 阅读:725 | 回复:0
  • CVE-2022-36889
    CVE-2022-36889
    Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permissi ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:19 | 阅读:643 | 回复:0
  • CVE-2022-36890
    CVE-2022-36890
    Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation, allowing attackers with Item/Read permission to check for th ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:19 | 阅读:900 | 回复:0
  • CVE-2022-36891
    CVE-2022-36891
    A missing permission check in Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier allows attackers with Item/Read permission but without Deploy Now/Deploy permission to read deployment logs ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:19 | 阅读:1609 | 回复:0
  • CVE-2022-36892
    CVE-2022-36892
    Jenkins rhnpush-plugin Plugin 0.5.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:19 | 阅读:676 | 回复:0
  • CVE-2022-36893
    CVE-2022-36893
    Jenkins rpmsign-plugin Plugin 0.5.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:19 | 阅读:676 | 回复:0
  • CVE-2022-36894
    CVE-2022-36894
    An arbitrary file write vulnerability in Jenkins CLIF Performance Testing Plugin 64.vc0d66de1dfb_f and earlier allows attackers with Overall/Read permission to create or replace arbitrary files on the ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:19 | 阅读:979 | 回复:0
  • CVE-2022-36895
    CVE-2022-36895
    A missing permission check in Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and cred ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:19 | 阅读:708 | 回复:0
  • CVE-2022-36896
    CVE-2022-36896
    A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:19 | 阅读:732 | 回复:0
  • CVE-2022-36897
    CVE-2022-36897
    A missing permission check in Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations a ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:19 | 阅读:766 | 回复:0
  • CVE-2022-36898
    CVE-2022-36898
    A missing permission check in Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and cred ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:19 | 阅读:726 | 回复:0
  • CVE-2022-36899
    CVE-2022-36899
    Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java syst ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:19 | 阅读:1049 | 回复:0
  • CVE-2022-36900
    CVE-2022-36900
    Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:19 | 阅读:796 | 回复:0
  • CVE-2022-36901
    CVE-2022-36901
    Jenkins HTTP Request Plugin 1.15 and earlier stores HTTP Request passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the J ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:19 | 阅读:1089 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
专题导读
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap