CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-25060

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:32 | 阅读：21 | 回复：0
CVE-2022-25061

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:32 | 阅读：20 | 回复：0
CVE-2022-25062

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer overflow via the function dm_checkString. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted H ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:32 | 阅读：23 | 回复：0
CVE-2022-25064

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:32 | 阅读：21 | 回复：0
CVE-2022-25259

JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:32 | 阅读：20 | 回复：0
CVE-2022-25260

JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF).……

作者：菜鸟教程小白 | 时间：2022-6-23 08:32 | 阅读：19 | 回复：0
CVE-2022-25261

JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:32 | 阅读：21 | 回复：0
CVE-2022-25262

In JetBrains Hub before 2022.1.14434, SAML request takeover was possible.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:32 | 阅读：20 | 回复：0
CVE-2022-25263

JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:32 | 阅读：22 | 回复：0
CVE-2022-25264

In JetBrains TeamCity before 2021.2.3, environment variables of the password type could be logged in some cases.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:32 | 阅读：20 | 回复：0
CVE-2022-24710

Weblate is a copyleft software web-based continuous localization system. Versions prior to 4.11 do not properly neutralize user input used in user name and language fields. Due to this improper neutra ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:32 | 阅读：16 | 回复：0
CVE-2022-21706

Zulip is an open-source team collaboration tool with topic-based threading. Zulip Server version 2.0.0 and above are vulnerable to insufficient access control with multi-use invitations. A Zulip Serve ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:32 | 阅读：15 | 回复：0
CVE-2022-25094

Home Owners Collection Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the parameter cover in SystemSettings.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:32 | 阅读：15 | 回复：0
CVE-2022-25095

Home Owners Collection Management System v1.0 allows unauthenticated attackers to compromise user accounts via a crafted POST request.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:32 | 阅读：15 | 回复：0
CVE-2022-25096

Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /members/view_member.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:32 | 阅读：15 | 回复：0
CVE-2021-46702

Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the onio ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:32 | 阅读：13 | 回复：0
CVE-2020-36516

An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:32 | 阅读：12 | 回复：0
CVE-2022-23308

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:32 | 阅读：12 | 回复：0
CVE-2022-24986

KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. Thus, someone watching it be created the first time could potentially intercept ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:32 | 阅读：12 | 回复：0
CVE-2022-25359

On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, unauthenticated remote attackers can overwrite, delete, or create files.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:32 | 阅读：12 | 回复：0
CVE-2022-0762

Business Logic Errors in GitHub repository microweber/microweber prior to 1.3.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:32 | 阅读：12 | 回复：0
CVE-2022-0763

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:32 | 阅读：10 | 回复：0
CVE-2022-0723

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.11.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:32 | 阅读：12 | 回复：0
CVE-2022-0764

Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:32 | 阅读：12 | 回复：0
CVE-2020-27958

The Job Composer app in Ohio Supercomputer Center Open OnDemand before 1.7.19 and 1.8.x before 1.8.18 allows remote authenticated users to provide crafted input in a job template.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:32 | 阅读：10 | 回复：0
CVE-2022-26146

Tricentis qTest before 10.4 allows stored XSS by an authenticated attacker.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:32 | 阅读：11 | 回复：0
CVE-2022-26149

MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an ad ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:32 | 阅读：11 | 回复：0
CVE-2022-22908

SangforCSClient.exe in Sangfor VDI Client 5.4.2.1006 allows attackers, when they are able to read process memory, to discover the contents of the Username and Password fields.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:32 | 阅读：11 | 回复：0
CVE-2021-3967

Improper Access Control in GitHub repository zulip/zulip prior to 4.10.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:32 | 阅读：11 | 回复：0
CVE-2021-21708

In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:32 | 阅读：13 | 回复：0
CVE-2022-0772

Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.2.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:32 | 阅读：18 | 回复：0
CVE-2021-43945

Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:32 | 阅读：17 | 回复：0
CVE-2022-26159

The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/domain/en.xml (and similar pathnames ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:32 | 阅读：18 | 回复：0
CVE-2020-36510

The 15Zine WordPress theme before 3.3.0 does not sanitise and escape the cbi parameter before outputing it back in the response via the cb_s_a AJAX action, leading to a Reflected Cross-Site Scripting……

作者：菜鸟教程小白 | 时间：2022-6-23 08:32 | 阅读：26 | 回复：0
CVE-2021-24688

The Orange Form WordPress plugin through 1.0.1 does not have any authorisation and CSRF checks in all of its AJAX calls, for example the or_delete_filed one which is available to both unauthenticated ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:32 | 阅读：28 | 回复：0
CVE-2021-24689

The Contact Forms - Drag Drop Contact Form Builder WordPress plugin through 1.0.5 allows high privilege users to download arbitrary files from the web server via a path traversal attack……

作者：菜鸟教程小白 | 时间：2022-6-23 08:32 | 阅读：28 | 回复：0
CVE-2021-24704

In the Orange Form WordPress plugin through 1.0, the process_bulk_action() function in admin/orange-form-email.php performs an unprepared SQL query with an unsanitized parameter ($id). Only admin can ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:32 | 阅读：29 | 回复：0
CVE-2021-24730

The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and authorisation checks in the lswss_save_attachment_data AJAX action, allowing any authenticated users, such as S ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:32 | 阅读：30 | 回复：0
CVE-2021-24803

The Core Tweaks WP Setup WordPress plugin through 4.1 allows to bulk-set many settings in WordPress, including the admin email, as well as creating a new admin account. There is no CSRF protection in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:32 | 阅读：32 | 回复：0
CVE-2021-24820

The Cost Calculator WordPress plugin through 1.6 allows authenticated users (Contributor+ in versions 1.5, and Admin+ in versions = 1.6) to perform path traversal and local PHP file inclusion on Wind ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:32 | 阅读：37 | 回复：0