CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-22932

Apache Karaf obr:* commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected folder. The risk is low as obr:* commands are not very used and the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：60 | 回复：0
CVE-2021-44118

SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. The vulnerability allows an authenticated attacker to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：63 | 回复：0
CVE-2021-44120

SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable fields. An editor is able to modify his personal in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：52 | 回复：0
CVE-2021-44122

SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public/aiguiller.php, ecrire/public/balises.php, ecrire/balise/formulaire_.php. To exploit the vulnerability, a vi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：32 | 回复：0
CVE-2021-44123

SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability, an attacker must craft a malicious picture with a double extension, upload it and then click on it to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：29 | 回复：0
CVE-2022-0359

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：33 | 回复：0
CVE-2022-0203

Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：17 | 回复：0
CVE-2022-0361

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：19 | 回复：0
CVE-2022-0362

SQL Injection in Packagist showdoc/showdoc prior to 2.10.3.……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：19 | 回复：0
CVE-2021-22570

Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting erro ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：16 | 回复：0
CVE-2021-22600

A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：17 | 回复：0
CVE-2021-45975

In ListCheck.exe in Acer Care Center 4.x before 4.00.3038, a vulnerability in the loading mechanism of Windows DLLs could allow a local attacker to perform a DLL hijacking attack. This vulnerability i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：14 | 回复：0
CVE-2021-43334

BuddyBoss Platform through 1.8.0 allows XSS via the Group Name or Group Description field.……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：14 | 回复：0
CVE-2021-44692

BuddyBoss Platform through 1.8.0 allows remote attackers to obtain the email address of each user. When creating a new user, it generates a Unique ID for their profile. This UID is their private email ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：16 | 回复：0
CVE-2021-46117

jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.page.PageNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：14 | 回复：0
CVE-2022-0378

Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：16 | 回复：0
CVE-2022-0379

Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：15 | 回复：0
CVE-2022-22851

A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital's Patient Records Management System 1.0 via the specialization parameter in doctors.php……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：14 | 回复：0
CVE-2021-46115

jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile. The admin panel provides a function through which attackers can upload templates and inject some malicious c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：13 | 回复：0
CVE-2021-46116

jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController#doInstall. The admin panel provides a function through which attackers can install templates and inject ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：14 | 回复：0
CVE-2021-46118

jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.article.kit.ArticleNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templa ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：13 | 回复：0
CVE-2021-46383

https://gitee.com/mingSoft/MCMS MCMS =5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.web.DictAction#list. The att ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：14 | 回复：0
CVE-2021-46386

https://gitee.com/mingSoft/MCMS MCMS =5.2.5 is affected by: File Upload. The impact is: execute arbitrary code (remote). The component is: net.mingsoft.basic.action.web.FileAction#upload. The attack v ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：14 | 回复：0
CVE-2021-29838

IBM Security Guardium Insights 3.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit thi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：13 | 回复：0
CVE-2021-29845

IBM Security Guardium Insights 3.0 could allow an authenticated user to perform unauthorized actions due to improper input validation. IBM X-Force ID: 205255.……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：13 | 回复：0
CVE-2021-29846

IBM Security Guardium Insights 3.0 could allow an authenticated user to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 205256.……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：13 | 回复：0
CVE-2021-46561

controller/org.controller/org.controller.js in the CVE Services API 1.1.1 before 5c50baf3bda28133a3bc90b854765a64fb538304 allows an organizational administrator to transfer a user account to an arbitr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：13 | 回复：0
CVE-2022-0368

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：13 | 回复：0
CVE-2021-46114

jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：15 | 回复：0
CVE-2021-46385

https://gitee.com/mingSoft/MCMS MCMS =5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.FormDataAction#queryData. Th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：14 | 回复：0
CVE-2022-22850

A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital's Patient Records Management System 1.0 via the description parameter in room_types.……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：11 | 回复：0
CVE-2022-23990

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：19 | 回复：0
CVE-2022-23993

/usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $_REQUEST in a PHP echo call, causing XSS.……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：25 | 回复：0
CVE-2022-21686

PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy la ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：39 | 回复：0
CVE-2022-22852

A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital's Patient Records Management System 1.0 via the description parameter in room_list.……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：34 | 回复：0
CVE-2021-32840

SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry `../evil.txt` may be extracted in the parent directory of `destFolder`. This leads to arbitrary ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：37 | 回复：0
CVE-2021-32842

SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.0.0 and prior to version 1.3.3, a check was added if the destination file is under a destination directory. However, ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：31 | 回复：0
CVE-2022-23967

In TightVNC 1.3.10, there is an integer signedness error and resultant heap-based buffer overflow in InitialiseRFBConnection in rfbproto.c (for the vncviewer component). There is no check on the size ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：26 | 回复：0
CVE-2021-32841

SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.3.0 and prior to version 1.3.3, a check was added if the destination file is under destination directory. However, it ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：53 | 回复：0
CVE-2021-32849

Gerapy is a distributed crawler management framework. Prior to version 0.9.9, an authenticated user could execute arbitrary commands. This issue is fixed in version 0.9.9. There are no known workaroun ...……

作者：菜鸟教程小白 | 时间：2022-6-23 07:51 | 阅读：41 | 回复：0