CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2016-1239

duck before 0.10 did not properly handle loading of untrusted code from the current directory.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：13 | 回复：0
CVE-2022-0690

Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：16 | 回复：0
CVE-2021-46700

In libsixel 1.8.6, sixel_encoder_output_without_macro (called from sixel_encoder_encode_frame in encoder.c) has a double free.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：15 | 回复：0
CVE-2022-0685

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：17 | 回复：0
CVE-2021-45007

** DISPUTED ** Plesk 18.0.37 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows an attacker to insert data on the user and admin panel. NOTE: the vendor states that this is o ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：14 | 回复：0
CVE-2022-0686

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：10 | 回复：0
CVE-2022-0688

Business Logic Errors in Packagist microweber/microweber prior to 1.2.11.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：12 | 回复：0
CVE-2021-45081

An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：17 | 回复：0
CVE-2021-45083

An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privile ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：10 | 回复：0
CVE-2022-22126

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Web Page” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openm ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：12 | 回复：0
CVE-2022-23053

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Condition Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: na ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：11 | 回复：0
CVE-2022-23054

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Summary Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：11 | 回复：0
CVE-2022-23848

In Alluxio before 2.7.3, the logserver does not validate the input stream. NOTE: this is not the same as the CVE-2021-44228 Log4j vulnerability.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：10 | 回复：0
CVE-2022-25372

Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：11 | 回复：0
CVE-2022-25375

An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：10 | 回复：0
CVE-2021-46701

PreMiD 2.2.0 allows unintended access via the websocket transport. An attacker can receive events from a socket and emit events to a socket, potentially interfering with a victim's now playing sta ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：11 | 回复：0
CVE-2022-25297

This affects the package drogonframework/drogon before 1.7.5. The unsafe handling of file names during upload using HttpFile::save() method may enable attackers to write files to arbitrary locations o ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：11 | 回复：0
CVE-2022-0691

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：10 | 回复：0
CVE-2021-24867

Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are af ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：10 | 回复：0
CVE-2021-24921

The Advanced Database Cleaner WordPress plugin before 3.0.4 does not sanitise and escape $_GET keys and values before outputting them back in attributes, leading to Reflected Cross-Site Scripting issu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：9 | 回复：0
CVE-2021-25055

The FeedWordPress plugin before 2022.0123 is affected by a Reflected Cross-Site Scripting (XSS) within the visibility parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：10 | 回复：0
CVE-2021-25057

The Translation Exchange WordPress plugin through 1.0.14 was vulnerable to Authenticated Stored Cross-Site Scripting (XSS) within the Project Key text field found in the plugin's settings.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：10 | 回复：0
CVE-2021-25058

The Buffer Button WordPress plugin through 1.0 was vulnerable to Authenticated Stored Cross Site Scripting (XSS) within the Twitter username to mention text field.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：10 | 回复：0
CVE-2021-25060

The Five Star Business Profile and Schema WordPress plugin before 2.1.7 does not have any authorisation and CSRF in its bpfwp_welcome_add_contact_page and bpfwp_welcome_set_contact_information AJAX ac ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：9 | 回复：0
CVE-2021-25069

The Download Manager WordPress plugin before 3.2.34 does not sanitise and escape the package_ids parameter before using it in a SQL statement, leading to a SQL injection, which can also be exploited t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：9 | 回复：0
CVE-2021-25075

The Duplicate Page or Post WordPress plugin before 1.5.1 does not have any authorisation and has a flawed CSRF check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing any authe ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：9 | 回复：0
CVE-2021-25082

The Popup Builder WordPress plugin before 4.0.7 does not validate and sanitise the sgpb_type parameter before using it in a require statement, leading to a Local File Inclusion issue. Furthermore, sin ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：9 | 回复：0
CVE-2021-25099

The GiveWP WordPress plugin before 2.17.3 does not sanitise and escape the form_id parameter before outputting it back in the response of an unauthenticated request via the give_checkout_login AJAX ac ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：9 | 回复：0
CVE-2021-25100

The GiveWP WordPress plugin before 2.17.3 does not escape the s parameter before outputting it back in an attribute in the Donation Forms dashboard, leading to a Reflected Cross-Site Scripting……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：9 | 回复：0
CVE-2021-25101

The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.94 does not sanitise and escape the POST data before outputting it back in attributes of an admin page, leading to a Ref ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：9 | 回复：0
CVE-2021-4208

The ExportFeed WordPress plugin through 2.0.1.0 does not sanitise and escape the product_id POST parameter before using it in a SQL statement, leading to a SQL injection vulnerability exploitable by h ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：9 | 回复：0
CVE-2022-0134

The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF atta ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：9 | 回复：0
CVE-2022-0164

The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have authorisation and CSRF checks in its coming_soon_send_mail AJAX action, allowing any authenticated users, with a role a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：9 | 回复：0
CVE-2022-0186

The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.5.3 does not sanitise and escape the Description field when editing a gallery, allowing users with a role as low as contributor to pe ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：8 | 回复：0
CVE-2022-0199

The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have CSRF check in its coming_soon_send_mail AJAX action, allowing attackers to make logged in admin to send arbitrary email ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：8 | 回复：0
CVE-2022-0211

The Shield Security WordPress plugin before 13.0.6 does not sanitise and escape admin notes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_htm ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：7 | 回复：0
CVE-2022-0228

The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby and order parameters before using them in a SQL statement in the admin dashboard, which could allow hi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：6 | 回复：0
CVE-2022-0234

The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and escape the woocs_in_order_currency parameter of the woocs_get_products_price_html AJAX action (available to both unauthenticated and aut ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：6 | 回复：0
CVE-2022-0252

The GiveWP WordPress plugin before 2.17.3 does not escape the json parameter before outputting it back in an attribute in the Import admin dashboard, leading to a Reflected Cross-Site Scripting……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：7 | 回复：0
CVE-2022-0255

The Database Backup for WordPress plugin before 2.5.1 does not properly sanitise and escape the fragment parameter before using it in a SQL statement in the admin dashboard, leading to a SQL injection ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：10 | 回复：0