CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-30963

Jenkins JDK Parameter Plugin 1.0 and earlier does not escape the name and description of JDK parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability e ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：16 | 回复：0
CVE-2022-30964

Jenkins Multiselect parameter Plugin 1.3 and earlier does not escape the name and description of Multiselect parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：16 | 回复：0
CVE-2022-30965

Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name and description of Promotion Level parameters on views displaying parameters, resulting in a stored cross-site scriptin ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：16 | 回复：0
CVE-2022-30966

Jenkins Random String Parameter Plugin 1.0 and earlier does not escape the name and description of Random String parameters on views displaying parameters, resulting in a stored cross-site scripting ( ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：16 | 回复：0
CVE-2022-30967

Jenkins Selection tasks Plugin 1.0 and earlier does not escape the name and description of Script Selection task variable parameters on views displaying parameters, resulting in a stored cross-site sc ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：14 | 回复：0
CVE-2022-30968

Jenkins vboxwrapper Plugin 1.3 and earlier does not escape the name and description of VBox node parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerabili ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：15 | 回复：0
CVE-2022-30969

A cross-site request forgery (CSRF) vulnerability in Jenkins Autocomplete Parameter Plugin 1.1 and earlier allows attackers to execute arbitrary code without sandbox protection if the victim is an adm ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：14 | 回复：0
CVE-2022-30970

Jenkins Autocomplete Parameter Plugin 1.1 and earlier references Dropdown Autocomplete parameter and Auto Complete String parameter names in an unsafe manner from Javascript embedded in view definitio ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：15 | 回复：0
CVE-2022-30971

Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：15 | 回复：0
CVE-2022-30972

A cross-site request forgery (CSRF) vulnerability in Jenkins Storable Configs Plugin 1.0 and earlier allows attackers to have Jenkins parse a local XML file (e.g., archived artifacts) that uses extern ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：14 | 回复：0
CVE-2020-4957

IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information in URL parameters that could aid in future attacks against the system. IBM X-Force ID: 192208.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：12 | 回复：0
CVE-2022-22484

IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain sensitive information, caused by plain text user account passwords potentially being stored in the brows ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：21 | 回复：0
CVE-2022-24108

The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remote attacker to inject a serialized PHP object via the setting parameter, potentially resulting in the ability to write to files on ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：34 | 回复：0
CVE-2022-24856

FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery (SSRF) when FlyteConsole is open to the general interne ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：20 | 回复：0
CVE-2022-30007

GXCMS V1.5 has a file upload vulnerability in the background. The vulnerability is the template management page. You can edit any template content and then rename to PHP suffix file, after calling PHP ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：17 | 回复：0
CVE-2022-30073

WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via /admin/users/save.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：16 | 回复：0
CVE-2020-4994

IBM DataPower Gateway 10.0.1.0 through 10.0.1.4 and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a temporary denial of service by sending invalid HTTP requests. IBM X-Force ID: 19 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：15 | 回复：0
CVE-2021-29726

IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure that a certificate is actually associated with the host due to improper validation of certi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：21 | 回复：0
CVE-2021-38872

IBM DataPower Gateway 10.0.2.0, 10.0.3.0, 10.0.1.0 through 10.0.1.4, and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a denial of service by consuming resources with multiple requ ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：18 | 回复：0
CVE-2022-1116

Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions pri ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：27 | 回复：0
CVE-2022-1733

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：29 | 回复：0
CVE-2022-1769

Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：30 | 回复：0
CVE-2022-22475

IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated user. IBM X-Force ID: 225603.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：29 | 回复：0
CVE-2022-22482

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could allow an authenticated user to upload files that could fill up the filesystem and cause a denial ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：30 | 回复：0
CVE-2022-29581

Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; vers ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：40 | 回复：0
CVE-2022-30067

GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a crafted XCF file, the program will allocate for a huge amount of memory, resulting in insufficient memory or program crash.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：39 | 回复：0
CVE-2022-30072

WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via \admin\pages\sections_save.php namesection2 parameters.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：57 | 回复：0
CVE-2022-1706

A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the I ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：60 | 回复：0
CVE-2022-22773

The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Serv ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：256 | 回复：0
CVE-2022-22775

The Workspace client component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains difficult to exploit Reflected Cross Site Script ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：66 | 回复：0
CVE-2022-23669

A remote authorization bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released upd ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：44 | 回复：0
CVE-2022-23671

A remote authenticated information disclosure vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：43 | 回复：0
CVE-2022-23672

A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has r ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：34 | 回复：0
CVE-2022-23673

A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has r ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：28 | 回复：0
CVE-2022-23675

A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and be ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：27 | 回复：0
CVE-2022-24611

Denial of Service (DoS) in the Z-Wave S0 NonceGet protocol specification in Silicon Labs Z-Wave 500 series allows local attackers to block S0/S2 protected Z-Wave network via crafted S0 NonceGet Z-Wave ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：23 | 回复：0
CVE-2022-30689

HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：18 | 回复：0
CVE-2022-1735

Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：19 | 回复：0
CVE-2022-23674

A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and be ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：18 | 回复：0
CVE-2022-24890

Nextcloud Talk is a video and audio conferencing app for Nextcloud. In versions prior to 13.0.5 and 14.0.0, a call moderator can indirectly enable user webcams by granting permissions, if they were en ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：18 | 回复：0