CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-0523

Expired Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：80 | 回复：0
CVE-2022-21703

Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by m ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：120 | 回复：0
CVE-2022-21713

Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：216 | 回复：0
CVE-2022-0524

Business Logic Errors in GitHub repository publify/publify prior to 9.2.7.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：107 | 回复：0
CVE-2022-23626

m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions `imagecreatefrom*` and `image*` have not been checked properly. Although PHP issued warnings and the upload func ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：100 | 回复：0
CVE-2021-45329

Cross Site Scripting (XSS) vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：83 | 回复：0
CVE-2021-45919

Studio 42 elFinder through 2.1.31 allows XSS via an SVG document.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：67 | 回复：0
CVE-2022-23627

ArchiSteamFarm (ASF) is a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. Due to a bug in ASF code, introduced in version V5.2.2.2, the program didn&#3 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：65 | 回复：0
CVE-2022-24676

update_code in Admin.php in HYBBS2 through 2.3.2 allows arbitrary file upload via a crafted ZIP archive.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：94 | 回复：0
CVE-2022-24677

Admin.php in HYBBS2 through 2.3.2 allows remote code execution because it writes plugin-related configuration information to conf.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：74 | 回复：0
CVE-2022-0525

Out-of-bounds Read in Homebrew mruby prior to 3.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：77 | 回复：0
CVE-2022-24682

An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：167 | 回复：0
CVE-2022-0526

Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chatwoot prior to 2.2.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：83 | 回复：0
CVE-2022-0527

Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chatwoot prior to 2.2.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：86 | 回复：0
CVE-2022-24694

In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not owning the folders. (Only folder names are affected. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：76 | 回复：0
CVE-2021-37852

ESET products for Windows allows untrusted process to impersonate the client of a pipe, which can be leveraged by attacker to escalate privileges in the context of NT AUTHORITY\SYSTEM.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：59 | 回复：0
CVE-2022-0536

Exposure of Sensitive Information to an Unauthorized Actor in NPM follow-redirects prior to 1.14.8.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：65 | 回复：0
CVE-2021-25939

In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a Foxx service from a publicly available URL. This feature does not enforce proper filtering of requests per ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：60 | 回复：0
CVE-2021-40837

A vulnerability affecting F-Secure antivirus engine before Capricorn update 2022-02-01_01 was discovered whereby decompression of ACE file causes the scanner service to stop. The vulnerability can be ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：56 | 回复：0
CVE-2022-23378

A Cross-Site Scripting (XSS) vulnerability exists within the 3.2.2 version of TastyIgniter. The items%5B0%5D%5Bpath%5D parameter of a request made to /admin/allergens/edit/1 is vulnerable.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：85 | 回复：0
CVE-2021-46354

Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter Addr in cmd site. The ability to send requests to oth ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：83 | 回复：0
CVE-2021-46360

Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrary code via uploading a PHP shell through /adminzone/index.php?page=admin-command ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：87 | 回复：0
CVE-2022-0538

Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained re ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：118 | 回复：0
CVE-2022-0539

Cross-site Scripting (XSS) - Stored in Packagist ptrofimov/beanstalk_console prior to 1.7.14.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：119 | 回复：0
CVE-2021-3813

Improper Privilege Management in GitHub repository chatwoot/chatwoot prior to v2.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：187 | 回复：0
CVE-2021-20002

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：116 | 回复：0
CVE-2021-20003

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：115 | 回复：0
CVE-2021-20004

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：113 | 回复：0
CVE-2021-20005

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：107 | 回复：0
CVE-2021-20006

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：76 | 回复：0
CVE-2021-20007

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：73 | 回复：0
CVE-2021-20008

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：61 | 回复：0
CVE-2021-20009

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：65 | 回复：0
CVE-2021-20010

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：74 | 回复：0
CVE-2021-20011

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：53 | 回复：0
CVE-2021-20012

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：41 | 回复：0
CVE-2021-20013

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：63 | 回复：0
CVE-2021-20014

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：55 | 回复：0
CVE-2021-20015

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：56 | 回复：0
CVE-2021-37185

A vulnerability has been identified in SIMATIC Drive Controller family (All versions V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 C ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：50 | 回复：0