CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-31038

Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 `DisplayName` does not filter characters input from users, which leads to an XSS vulnerability when directly display ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：10 | 回复：0
CVE-2022-31813

Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authe ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：13 | 回复：0
CVE-2022-24876

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Kanban is a GLPI view to display Projects, Tickets, Changes ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：14 | 回复：0
CVE-2022-29224

Envoy is a cloud-native high-performance proxy. Versions of envoy prior to 1.22.1 are subject to a segmentation fault in the GrpcHealthCheckerImpl. Envoy can perform various types of upstream health c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：12 | 回复：0
CVE-2022-30898

A Cross-site request forgery (CSRF) vulnerability in Cscms music portal system v4.2 allows remote attackers to change the administrator's username and password.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：12 | 回复：0
CVE-2022-29225

Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 secompressors accumulate decompressed data into an intermediate buffer before overwriting the body in the decode/encodeBody. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：12 | 回复：0
CVE-2022-29226

Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter implementation does not include a mechanism for validating access tokens, so by design when the HMAC signed ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：15 | 回复：0
CVE-2022-29227

Envoy is a cloud-native high-performance edge/middle/service proxy. In versions prior to 1.22.1 if Envoy attempts to send an internal redirect of an HTTP request consisting of more than HTTP headers, ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：11 | 回复：0
CVE-2022-29228

Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter would try to invoke the remaining filters in the chain after emitting a local response, which triggers an A ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：16 | 回复：0
CVE-2022-29250

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to version 10.0.1 it is possible to add ex ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：20 | 回复：0
CVE-2022-31033

The Mechanize library is used for automating interaction with websites. Mechanize automatically stores and sends cookies, follows redirects, and can follow links and submit forms. In versions prior to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：24 | 回复：0
CVE-2022-31051

semantic-release is an open source npm package for automated version management and package publishing. In affected versions secrets that would normally be masked by semantic-release can be accidental ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：31 | 回复：0
CVE-2022-21499

KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：33 | 回复：0
CVE-2022-30702

Trend Micro Security 2022 and 2021 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure vulnerability that could allow an attacker to disclose sensitive information on an affected ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：40 | 回复：0
CVE-2022-30703

Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an exposed dangerous method vulnerability that could allow an attacker to obtain access to leaked kernel addresses and disclose sensitive ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：79 | 回复：0
CVE-2022-31045

Istio is an open platform to connect, manage, and secure microservices. In affected versions ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：98 | 回复：0
CVE-2017-20018

A vulnerability was found in XAMPP 7.1.1-0-VC14. It has been classified as problematic. Affected is an unknown function of the component Installer. The manipulation leads to privilege escalation. It i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：186 | 回复：0
CVE-2017-20019

A vulnerability classified as problematic was found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this vulnerability is an unknown functionality of the component Config Handler. The manipulation ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：91 | 回复：0
CVE-2017-20020

A vulnerability, which was classified as problematic, has been found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this issue is some unknown functionality. The manipulation leads to cross site r ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：60 | 回复：0
CVE-2017-20021

A vulnerability, which was classified as critical, was found in Solare Solar-Log 2.8.4-56/3.5.2-85. This affects an unknown part of the component File Upload. The manipulation leads to privilege escal ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：36 | 回复：0
CVE-2017-20022

A vulnerability has been found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to information disclosure. The attac ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：39 | 回复：0
CVE-2017-20023

A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as critical. This issue affects some unknown processing of the component Network Config. The manipulation leads to privil ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：26 | 回复：0
CVE-2017-20024

A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. It is possible to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：26 | 回复：0
CVE-2017-20025

A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Flash Memory. The manipul ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：28 | 回复：0
CVE-2017-20026

A vulnerability has been found in HumHub up to 1.0.1 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting (Reflecte ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：29 | 回复：0
CVE-2017-20027

A vulnerability was found in HumHub up to 1.0.1 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting (DOM). The attack ma ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：21 | 回复：0
CVE-2017-20028

A vulnerability was found in HumHub 0.20.1/1.0.0-beta.3. It has been classified as critical. This affects an unknown part. The manipulation leads to privilege escalation. It is possible to initiate th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：24 | 回复：0
CVE-2022-31042

Guzzle is an open source PHP HTTP client. In affected versions the `Cookie` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：18 | 回复：0
CVE-2022-31043

Guzzle is an open source PHP HTTP client. In affected versions `Authorization` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds wi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：20 | 回复：0
CVE-2017-20029

A vulnerability was found in PHPList 3.2.6 and classified as critical. This issue affects some unknown processing of the file /lists/index.php of the component Edit Subscription. The manipulation lead ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：20 | 回复：0
CVE-2017-20030

A vulnerability was found in PHPList 3.2.6. It has been classified as critical. Affected is an unknown function of the file /lists/admin/ of the component Sending Campain. The manipulation leads to sq ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：18 | 回复：0
CVE-2017-20031

A vulnerability was found in PHPList 3.2.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument sortby with the input pass ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：19 | 回复：0
CVE-2017-20032

A vulnerability was found in PHPList 3.2.6. It has been rated as critical. Affected by this issue is some unknown functionality of the component Subscription. The manipulation leads to sql injection. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：17 | 回复：0
CVE-2017-20033

A vulnerability classified as problematic has been found in PHPList 3.2.6. This affects an unknown part of the file /lists/admin/. The manipulation of the argument page with the input send\'\;scri ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：11 | 回复：0
CVE-2017-20034

A vulnerability classified as problematic was found in PHPList 3.2.6. This vulnerability affects unknown code of the file /lists/admin/ of the component List Name. The manipulation leads to cross site ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：14 | 回复：0
CVE-2017-20035

A vulnerability, which was classified as problematic, has been found in PHPList 3.2.6. This issue affects some unknown processing of the file /lists/admin/ of the component Subscribe. The manipulation ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：18 | 回复：0
CVE-2017-20036

A vulnerability, which was classified as problematic, was found in PHPList 3.2.6. Affected is an unknown function of the file /lists/admin/ of the component Bounce Rule. The manipulation leads to cros ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：18 | 回复：0
CVE-2021-42811

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SafeNet KeySecure allows an authenticated user to read arbitrary files from the underlying syste ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：20 | 回复：0
CVE-2022-32563

An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sy ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：31 | 回复：0
CVE-2021-44117

A Cross Site Request Forgery (CSRF) vulnerability exists in TheDayLightStudio Fuel CMS 1.5.0 via a POST call to /fuel/sitevariables/delete/4.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：16 | 回复：0