CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-34971

An arbitrary file upload vulnerability in the Advertising Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary code via a crafted PHP file.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：920 | 回复：0
CVE-2022-36879

An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：726 | 回复：0
CVE-2022-36880

The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：861 | 回复：0
CVE-2022-27610

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25423 allows remote authenti ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：726 | 回复：0
CVE-2022-2310

An authentication bypass vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.12, 9.x prior to 9.2.23, 8.x prior to 8.2.28, and controlled release 11.x prior to 11.2.1 allows a remote atta ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：1560 | 回复：0
CVE-2022-2313

A DLL hijacking vulnerability in the MA Smart Installer for Windows prior to 5.7.7, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：1362 | 回复：0
CVE-2022-23099

OX App Suite through 7.10.6 allows XSS by forcing block-wise read.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：625 | 回复：0
CVE-2022-23100

OX App Suite through 7.10.6 allows OS Command Injection via Documentconverter (e.g., through an email attachment).……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：1085 | 回复：0
CVE-2022-23101

OX App Suite through 7.10.6 allows XSS via appHandler in a deep link in an e-mail message.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：1007 | 回复：0
CVE-2022-24405

OX App Suite through 7.10.6 allows OS Command Injection via a serialized Java class to the Documentconverter API.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：1454 | 回复：0
CVE-2022-24406

OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：777 | 回复：0
CVE-2022-33970

Authenticated WordPress Options Change vulnerability in Biplob018 Shortcode Addons plugin = 3.1.2 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：1505 | 回复：0
CVE-2022-34529

WASM3 v0.5.0 was discovered to contain a segmentation fault via the component Compile_Memory_CopyFill.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：650 | 回复：0
CVE-2022-34549

Sims v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /uploadServlet. This vulnerability allows attackers to escalate privileges and execute arbitrary commands v ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：656 | 回复：0
CVE-2022-34550

Sims v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /addNotifyServlet. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a c ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：727 | 回复：0
CVE-2022-34551

Sims v1.0 was discovered to allow path traversal when downloading attachments.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：702 | 回复：0
CVE-2022-35291

Due to misconfigured application endpoints, SAP SuccessFactors attachment APIs allow attackers with user privileges to perform activities with admin privileges over the network. These APIs were consum ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：647 | 回复：0
CVE-2022-2549

NULL Pointer Dereference in GitHub repository gpac/gpac prior to v2.1.0-DEV.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：747 | 回复：0
CVE-2022-2550

OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1.6.5.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：675 | 回复：0
CVE-2022-36881

Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：741 | 回复：0
CVE-2022-36882

A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to caus ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：693 | 回复：0
CVE-2022-36883

A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：827 | 回复：0
CVE-2022-36884

The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：644 | 回复：0
CVE-2022-36885

Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistica ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：1184 | 回复：0
CVE-2022-36886

A cross-site request forgery (CSRF) vulnerability in Jenkins External Monitor Job Type Plugin 191.v363d0d1efdf8 and earlier allows attackers to create runs of an external job.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：1535 | 回复：0
CVE-2022-36887

A cross-site request forgery (CSRF) vulnerability in Jenkins Job Configuration History Plugin 1155.v28a_46a_cc06a_5 and earlier allows attackers to delete entries from job, agent, and system configura ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：719 | 回复：0
CVE-2022-36888

A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb_858fd6b_f48 and earlier allows attackers with Overall/Read permission to obtain credentials stored in Vault with attacker-specified ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：725 | 回复：0
CVE-2022-36889

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permissi ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：643 | 回复：0
CVE-2022-36890

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation, allowing attackers with Item/Read permission to check for th ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：900 | 回复：0
CVE-2022-36891

A missing permission check in Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier allows attackers with Item/Read permission but without Deploy Now/Deploy permission to read deployment logs ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：1609 | 回复：0
CVE-2022-36892

Jenkins rhnpush-plugin Plugin 0.5.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：676 | 回复：0
CVE-2022-36893

Jenkins rpmsign-plugin Plugin 0.5.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：676 | 回复：0
CVE-2022-36894

An arbitrary file write vulnerability in Jenkins CLIF Performance Testing Plugin 64.vc0d66de1dfb_f and earlier allows attackers with Overall/Read permission to create or replace arbitrary files on the ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：979 | 回复：0
CVE-2022-36895

A missing permission check in Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and cred ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：708 | 回复：0
CVE-2022-36896

A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：732 | 回复：0
CVE-2022-36897

A missing permission check in Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations a ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：766 | 回复：0
CVE-2022-36898

A missing permission check in Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and cred ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：726 | 回复：0
CVE-2022-36899

Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java syst ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：1049 | 回复：0
CVE-2022-36900

Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：796 | 回复：0
CVE-2022-36901

Jenkins HTTP Request Plugin 1.15 and earlier stores HTTP Request passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the J ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：1089 | 回复：0