• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    公众号

CVE漏洞

RSS
  • CVE-2022-2406
    CVE-2022-2406
    The legacy Slack import feature in Mattermost version 6.7.0 and earlier fails to properly limit the sizes of imported files, which allows an authenticated attacker to crash the server by importing lar ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:607 | 回复:0
  • CVE-2022-2408
    CVE-2022-2408
    The Guest account feature in Mattermost version 6.7.0 and earlier fails to properly restrict the permissions, which allows a guest user to fetch a list of all public channels in the team, in spite of ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:682 | 回复:0
  • CVE-2022-31142
    CVE-2022-31142
    @fastify/bearer-auth is a Fastify plugin to require bearer Authorization headers. @fastify/bearer-auth prior to versions 7.0.2 and 8.0.1 does not securely use crypto.timingSafeEqual. A malicious attac ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:814 | 回复:0
  • CVE-2021-26382
    CVE-2021-26382
    An attacker with root account privileges can load any legitimately signed firmware image into the Audio Co-Processor (ACP,) irrespective of the respective signing key being declared as usable for auth ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:866 | 回复:0
  • CVE-2021-26384
    CVE-2021-26384
    A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:637 | 回复:0
  • CVE-2021-4135
    CVE-2021-4135
    A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being cal ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:1162 | 回复:0
  • CVE-2022-23825
    CVE-2022-23825
    Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:872 | 回复:0
  • CVE-2022-31147
    CVE-2022-31147
    The jQuery Validation Plugin (jquery-validation) provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service (ReDoS) whe ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:684 | 回复:0
  • CVE-2022-31156
    CVE-2022-31156
    Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies either through their checksum or cryptograph ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:1129 | 回复:0
  • CVE-2022-32297
    CVE-2022-32297
    Piwigo v12.2.0 was discovered to contain SQL injection vulnerability via the Search function.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:1022 | 回复:0
  • CVE-2022-32298
    CVE-2022-32298
    Toybox v0.8.7 was discovered to contain a NULL pointer dereference via the component httpd.c. This vulnerability can lead to a Denial of Service (DoS) via unspecified vectors.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:686 | 回复:0
  • CVE-2022-32317
    CVE-2022-32317
    The MPlayer Project v1.5 was discovered to contain a heap use-after-free resulting in a double free in the preinit function at libvo/vo_v4l2.c. This vulnerability can lead to a Denial of Service (DoS) ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:606 | 回复:0
  • CVE-2022-32318
    CVE-2022-32318
    Fast Food Ordering System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via the component /ffos/classes/Master.php?f=save_category.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:589 | 回复:0
  • CVE-2022-32323
    CVE-2022-32323
    AutoTrace v0.40.0 was discovered to contain a heap overflow via the ReadImage function at input-bmp.c:660.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:792 | 回复:0
  • CVE-2022-32389
    CVE-2022-32389
    Isode SWIFT v4.0.2 was discovered to contain hard-coded credentials in the Registry Editor. This allows attackers to access sensitive information such as user credentials and certificates.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:1511 | 回复:0
  • CVE-2022-32406
    CVE-2022-32406
    GtkRadiant v1.6.6 was discovered to contain a buffer overflow via the component q3map2. This vulnerability can cause a Denial of Service (DoS) via a crafted MAP file.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:694 | 回复:0
  • CVE-2022-32409
    CVE-2022-32409
    A local file inclusion (LFI) vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP reque ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:1050 | 回复:0
  • CVE-2022-32415
    CVE-2022-32415
    Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/?p=products/view_productid=.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:680 | 回复:0
  • CVE-2022-32416
    CVE-2022-32416
    Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_product.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:616 | 回复:0
  • CVE-2022-32417
    CVE-2022-32417
    PbootCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the function parserIfLabel at function.php.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:1242 | 回复:0
  • CVE-2022-32425
    CVE-2022-32425
    The login function of Mealie v1.0.0beta-2 allows attackers to enumerate existing usernames by timing the server's response time.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:791 | 回复:0
  • CVE-2022-34092
    CVE-2022-34092
    Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via svg2img.php.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:755 | 回复:0
  • CVE-2022-34093
    CVE-2022-34093
    Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via access_token.php.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:1102 | 回复:0
  • CVE-2022-34094
    CVE-2022-34094
    Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via request_token.php.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:666 | 回复:0
  • CVE-2022-2418
    CVE-2022-2418
    A vulnerability was found in URVE Web Manager. It has been classified as critical. This affects an unknown part of the file kreator.html5/img_upload.php. The manipulation leads to unrestricted upload. ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:1526 | 回复:0
  • CVE-2022-2419
    CVE-2022-2419
    A vulnerability was found in URVE Web Manager. It has been declared as critical. This vulnerability affects unknown code of the file _internal/collector/upload.php. The manipulation leads to unrestric ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:577 | 回复:0
  • CVE-2022-2420
    CVE-2022-2420
    A vulnerability was found in URVE Web Manager. It has been rated as critical. This issue affects some unknown processing of the file _internal/uploader.php. The manipulation leads to unrestricted uplo ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:506 | 回复:0
  • CVE-2022-1881
    CVE-2022-1881
    In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:1388 | 回复:0
  • CVE-2022-29890
    CVE-2022-29890
    In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:1222 | 回复:0
  • CVE-2020-35261
    CVE-2020-35261
    Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Restaurant Name field to /dashboard/profile.php.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:617 | 回复:0
  • CVE-2020-36550
    CVE-2020-36550
    Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Table Name field to /dashboard/table-list.php.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:632 | 回复:0
  • CVE-2020-36551
    CVE-2020-36551
    Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Item Name field to /dashboard/menu-list.php.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:634 | 回复:0
  • CVE-2020-36552
    CVE-2020-36552
    Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Made field to /dashboard/menu-list.php.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:560 | 回复:0
  • CVE-2020-36553
    CVE-2020-36553
    Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Area(food_type) field to /dashboard/menu-list.php.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:1041 | 回复:0
  • CVE-2021-36461
    CVE-2021-36461
    An Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that allows attackers to getshell via the Settings Upload Picture section by uploading pictures with malicious code, user.ini.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:1453 | 回复:0
  • CVE-2022-30242
    CVE-2022-30242
    Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated configuration changes from remote users. This enables configuration data to be stored on the controller and then ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:646 | 回复:0
  • CVE-2022-30243
    CVE-2022-30243
    Honeywell Alerton Visual Logic through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be stored on the controller and then run without verification. A use ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:1210 | 回复:0
  • CVE-2022-30244
    CVE-2022-30244
    Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be store on the controller and then run without verif ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:1142 | 回复:0
  • CVE-2022-30245
    CVE-2022-30245
    Honeywell Alerton Compass Software 1.6.5 allows unauthenticated configuration changes from remote users. This enables configuration data to be stored on the controller and then implemented. A user wit ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:1013 | 回复:0
  • CVE-2022-31097
    CVE-2022-31097
    Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:563 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
专题导读
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap