CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-26325

Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.2……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：79 | 回复：0
CVE-2022-26326

Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：156 | 回复：0
CVE-2022-28613

A vulnerability in the HCI Modbus TCP COMPONENT of Hitachi Energy RTU500 series CMU Firmware that is caused by the validation error in the length information carried in MBAP header allows an ATTACKER ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：103 | 回复：0
CVE-2021-36844

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MyThemeShop WP Subscribe plugin = 1.2.12 on WordPress.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：60 | 回复：0
CVE-2021-41810

Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely exploitable……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：61 | 回复：0
CVE-2022-29444

Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability in Cloudways Breeze plugin = 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wp_a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：64 | 回复：0
CVE-2022-23722

When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another exi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：53 | 回复：0
CVE-2022-23723

An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：76 | 回复：0
CVE-2022-24897

APIs to evaluate content with Velocity is a package for APIs to evaluate content with Velocity. Starting with version 2.3 and prior to 12.6.7, 12.10.3, and 13.0, the velocity scripts are not properly ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：53 | 回复：0
CVE-2020-23617

A cross site scripting (XSS) vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows attackers to execute arbitrary web scripts or HTML via SCRIPT element.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：62 | 回复：0
CVE-2020-23618

A reflected cross site scripting (XSS) vulnerability in Xtend Voice Logger 1.0 allows attackers to execute arbitrary web scripts or HTML, via the path of the error page.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：41 | 回复：0
CVE-2020-23620

The Java Remote Management Interface of all versions of Orlansoft ERP was discovered to contain a vulnerability due to insecure deserialization of user-supplied content, which can allow attackers to e ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：53 | 回复：0
CVE-2020-23621

The Java Remote Management Interface of all versions of SVI MS Management System was discovered to contain a vulnerability due to insecure deserialization of user-supplied content, which can allow att ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：39 | 回复：0
CVE-2021-42528

XMP Toolkit 2021.07 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achiev ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：46 | 回复：0
CVE-2021-42529

XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitat ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：60 | 回复：0
CVE-2021-42530

XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitat ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：67 | 回复：0
CVE-2021-42531

XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitat ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：118 | 回复：0
CVE-2021-42532

XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitat ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：135 | 回复：0
CVE-2021-4138

Improved Host header checks to reject requests not sent to a well-known local hostname or IP, or the server-specified hostname.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：171 | 回复：0
CVE-2022-24974

Links may not be rewritten according to policy in some specially formatted emails.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：133 | 回复：0
CVE-2022-28118

SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：85 | 回复：0
CVE-2022-29824

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitati ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：71 | 回复：0
CVE-2022-20627

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：62 | 回复：0
CVE-2022-20628

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：63 | 回复：0
CVE-2022-20629

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：57 | 回复：0
CVE-2022-20715

A vulnerability in the remote access SSL VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attac ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：58 | 回复：0
CVE-2022-20729

A vulnerability in CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to inject XML into the command parser. This vulnerability is due to insufficient in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：60 | 回复：0
CVE-2022-20730

A vulnerability in the Security Intelligence feed feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the Security Intelligence DNS feed. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：49 | 回复：0
CVE-2022-20737

A vulnerability in the handler for HTTP authentication for resources accessed through the Clientless SSL VPN portal of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, re ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：59 | 回复：0
CVE-2022-20740

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack. This ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：75 | 回复：0
CVE-2022-20742

A vulnerability in an IPsec VPN library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to read or ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：60 | 回复：0
CVE-2022-20743

A vulnerability in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to bypass security protections and upload malicious fi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：63 | 回复：0
CVE-2022-20744

A vulnerability in the input protection mechanisms of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view data without proper authorization. This vul ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：72 | 回复：0
CVE-2022-20745

A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauth ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：64 | 回复：0
CVE-2022-20746

A vulnerability in the TCP proxy functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vul ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：58 | 回复：0
CVE-2022-20748

A vulnerability in the local malware analysis process of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：40 | 回复：0
CVE-2022-20751

A vulnerability in the Snort detection engine integration for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause unlimited memory consumption, which ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：47 | 回复：0
CVE-2022-20757

A vulnerability in the connection handling function in Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：59 | 回复：0
CVE-2022-20759

A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authen ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：72 | 回复：0
CVE-2022-20760

A vulnerability in the DNS inspection handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：81 | 回复：0