CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-1611

The Bulk Page Creator WordPress plugin before 1.1.4 does not protect its page creation functionalities with nonce checks, which makes them vulnerable to CSRF.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：252 | 回复：0
CVE-2022-1643

The Birthdays Widget WordPress plugin through 1.7.18 does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attack ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：210 | 回复：0
CVE-2022-1644

The CallBook Mobile Bar WordPress plugin through 1.2.2 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks e ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：262 | 回复：0
CVE-2022-1645

The Amazon Link WordPress plugin through 3.2.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even whe ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：273 | 回复：0
CVE-2022-1646

The Simple Real Estate Pack WordPress plugin through 1.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scriptin ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：320 | 回复：0
CVE-2022-1931

Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：252 | 回复：0
CVE-2022-1934

Use After Free in GitHub repository mruby/mruby prior to 3.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：285 | 回复：0
CVE-2022-1926

Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.3.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：230 | 回复：0
CVE-2021-3555

A Buffer Overflow vulnerability in the RSTP server component of Eufy Indoor 2K Indoor Camera allows a local attacker to achieve remote code execution. This issue affects: Eufy Indoor 2K Indoor Camera ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：314 | 回复：0
CVE-2022-1942

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：235 | 回复：0
CVE-2022-30973

We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler co ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：327 | 回复：0
CVE-2022-23082

In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function isFileOutsideDir fails to sanitize the user input which may lead to path traversal.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：298 | 回复：0
CVE-2022-22361

IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：255 | 回复：0
CVE-2022-29220

github-action-merge-dependabot is an action that automatically approves and merges dependabot pull requests (PRs). Prior to version 3.2.0, github-action-merge-dependabot does not check if a commit cre ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：246 | 回复：0
CVE-2022-29243

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.7 and 23.0.4, missing input-size validation of new session names allows users to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：222 | 回复：0
CVE-2022-29245

SSH.NET is a Secure Shell (SSH) library for .NET. In versions 2020.0.0 and 2020.0.1, during an `X25519` key exchange, the clientâ€™s private key is generated with `System.Random`. `System.Random` i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：303 | 回复：0
CVE-2022-29258

XWiki Platform Filter UI provides a generic user interface to convert from a XWiki Filter input stream to an output stream with settings for each stream. Starting with versions 6.0-milestone-2 and 5.4 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：256 | 回复：0
CVE-2022-31002

Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This typ ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：277 | 回复：0
CVE-2022-31001

Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：238 | 回复：0
CVE-2022-31003

Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, `rest = record + 2` will access the memory behind `\ ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：307 | 回复：0
CVE-2022-31005

Vapor is an HTTP web framework for Swift. Users of Vapor prior to version 4.60.3 with FileMiddleware enabled are vulnerable to an integer overflow vulnerability that can crash the application. Version ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：327 | 回复：0
CVE-2022-31007

eLabFTW is an electronic lab notebook manager for research teams. Prior to version 4.3.0, a vulnerability allows an authenticated user with an administrator role in a team to assign itself system admi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：328 | 回复：0
CVE-2022-31011

TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing (HTAP) workloads. Under certain conditions, an attacker can construct malicious authentication reque ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：381 | 回复：0
CVE-2022-1808

Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：310 | 回复：0
CVE-2022-1893

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository polonel/trudesk prior to 1.2.3.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：288 | 回复：0
CVE-2022-1947

Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：340 | 回复：0
CVE-2022-31013

Chat Server is the chat server for Vartalap, an open-source messaging application. Versions 2.3.2 until 2.6.0 suffer from a bug in validating the access token, resulting in authentication bypass. The ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：340 | 回复：0
CVE-2022-31015

Waitress is a Web Server Gateway Interface server for Python 2 and 3. Waitress versions 2.1.0 and 2.1.1 may terminate early due to a thread closing a socket while the main thread is about to call sele ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：329 | 回复：0
CVE-2021-27778

HCL Traveler is vulnerable to a cross-site scripting (XSS) caused by improper validation of the Name parameter for Approved Applications in the Traveler administration web pages. An attacker could exp ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:39 | 阅读：368 | 回复：0
CVE-2022-1218

The Domain Replace WordPress plugin through 1.3.8 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：25 | 回复：0
CVE-2022-1221

The Gwyn's Imagemap Selector WordPress plugin through 0.3.3 does not sanitise and escape some parameters before outputting them back in attributes, leading to a Reflected Cross-Site Scripting.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：25 | 回复：0
CVE-2022-1268

The Donate Extra WordPress plugin through 2.02 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected cross-Site Scripting……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：23 | 回复：0
CVE-2022-1298

The Tabs WordPress plugin before 2.2.8 does not sanitise and escape Tab descriptions, which could allow high privileged users with a role as low as editor to perform Cross-Site Scripting attacks even ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：24 | 回复：0
CVE-2022-1320

The Sliderby10Web WordPress plugin before 1.2.52 does not properly sanitize and escape some of its settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attac ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：30 | 回复：0
CVE-2022-1547

The Check Log Email WordPress plugin before 1.0.6 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：26 | 回复：0
CVE-2022-1558

The Curtain WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：26 | 回复：0
CVE-2021-42585

A heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：29 | 回复：0
CVE-2021-42586

A heap buffer overflow was discovered in copy_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：33 | 回复：0
CVE-2022-1825

Cross-site Scripting (XSS) - Reflected in GitHub repository collectiveaccess/providence prior to 1.8.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：38 | 回复：0
CVE-2022-28874

Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer overflo ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：28 | 回复：0