• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    公众号

CVE漏洞

RSS
  • CVE-2022-31157
    CVE-2022-31157
    LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the function used to generate random nonces was not sufficiently cryptographicall ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:577 | 回复:0
  • CVE-2022-31158
    CVE-2022-31158
    LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the Nonce Claim Value was not being validated against the nonce value sent in the ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:603 | 回复:0
  • CVE-2022-31159
    CVE-2022-31159
    The AWS SDK for Java enables Java developers to work with Amazon Web Services. A partial-path traversal issue exists within the `downloadDirectory` method in the AWS S3 TransferManager component of th ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:1477 | 回复:0
  • CVE-2021-34986
    CVE-2021-34986
    This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.5.0 (49183). An attacker must first obtain the ability to execute low-privileged code ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:1140 | 回复:0
  • CVE-2021-34987
    CVE-2021-34987
    This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.5.1 (49187). An attacker must first obtain the ability to execute high-privileged cod ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:880 | 回复:0
  • CVE-2022-25858
    CVE-2022-25858
    The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:1243 | 回复:0
  • CVE-2022-25869
    CVE-2022-25869
    All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of textarea elements.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:798 | 回复:0
  • CVE-2022-25891
    CVE-2022-25891
    The package github.com/containrrr/shoutrrr/pkg/util before 0.6.0 are vulnerable to Denial of Service (DoS) via the util.PartitionMessage function. Exploiting this vulnerability is possible by sending ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:821 | 回复:0
  • CVE-2022-30634
    CVE-2022-30634
    Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 32 - 1 bytes.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:514 | 回复:0
  • CVE-2022-31161
    CVE-2022-31161
    Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocess_execute function without processing t ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:524 | 回复:0
  • CVE-2022-32434
    CVE-2022-32434
    EIPStackGroup OpENer v2.3.0 was discovered to contain a stack overflow via /bin/posix/src/ports/POSIX/OpENer+0x56073d.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:624 | 回复:0
  • CVE-2022-35900
    CVE-2022-35900
    An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open a JP2 file conta ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:551 | 回复:0
  • CVE-2022-2363
    CVE-2022-2363
    A vulnerability, which was classified as problematic, has been found in SourceCodester Simple Parking Management System 1.0. Affected by this issue is some unknown functionality of the file /ci_spms/a ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:14 | 阅读:620 | 回复:0
  • CVE-2022-2364
    CVE-2022-2364
    A vulnerability, which was classified as problematic, was found in SourceCodester Simple Parking Management System 1.0. This affects an unknown part of the file /ci_spms/admin/category. The manipulati ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:14 | 阅读:564 | 回复:0
  • CVE-2020-4157
    CVE-2020-4157
    IBM QRadar Network Security 5.4.0 and 5.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to extern ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:14 | 阅读:581 | 回复:0
  • CVE-2020-4159
    CVE-2020-4159
    IBM QRadar Network Security 5.4.0 and 5.5.0 discloses sensitive information to unauthorized users which could be used to mount further attacks against the system. IBM X-Force ID: 174339.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:14 | 阅读:552 | 回复:0
  • CVE-2021-39041
    CVE-2021-39041
    IBM QRadar SIEM 7.3, 7.4, and 7.5 may be vulnerable to partial denial of service attack, resulting in some protocols not listening to specified ports. IBM X-Force ID: 214028.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:14 | 阅读:611 | 回复:0
  • CVE-2022-25875
    CVE-2022-25875
    The package svelte before 3.49.0 are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization and to improper escape of attributes when using objects during SSR (Server-Side Renderi ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:14 | 阅读:587 | 回复:0
  • CVE-2022-29900
    CVE-2022-29900
    AMD microprocessor families 15h to 18h are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:14 | 阅读:536 | 回复:0
  • CVE-2022-29901
    CVE-2022-29901
    Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:14 | 阅读:641 | 回复:0
  • CVE-2022-2385
    CVE-2022-2385
    A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:14 | 阅读:533 | 回复:0
  • CVE-2022-24800
    CVE-2022-24800
    October/System is the system module for October CMS, a self-hosted CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.476, 1.1.12, and 2.2.15, when the developer allows the user to ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:14 | 阅读:1085 | 回复:0
  • CVE-2011-4916
    CVE-2011-4916
    Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty*.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:14 | 阅读:1093 | 回复:0
  • CVE-2022-1025
    CVE-2022-1025
    All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:14 | 阅读:790 | 回复:0
  • CVE-2022-1737
    CVE-2022-1737
    Pyramid Solutions' affected products, the Developer and DLL kits for EtherNet/IP Adapter and EtherNet/IP Scanner, are vulnerable to an out-of-bounds write, which may allow an unauthorized attacker ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:14 | 阅读:755 | 回复:0
  • CVE-2022-22997
    CVE-2022-22997
    Addressed a remote code execution vulnerability by resolving a command injection vulnerability and closing an AWS S3 bucket that potentially allowed an attacker to execute unsigned code on My Cloud Ho ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:14 | 阅读:1051 | 回复:0
  • CVE-2022-22998
    CVE-2022-22998
    Implemented protections on AWS credentials that were not properly protected.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:14 | 阅读:686 | 回复:0
  • CVE-2022-28771
    CVE-2022-28771
    Due to missing authentication check, SAP Business one License service API - version 10.0 allows an unauthenticated attacker to send malicious http requests over the network. On successful exploitation ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:14 | 阅读:691 | 回复:0
  • CVE-2022-29187
    CVE-2022-29187
    Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsus ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:14 | 阅读:639 | 回复:0
  • CVE-2022-29619
    CVE-2022-29619
    Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.x - versions 420,430 allows user Administrator to view, edit or modify rights of objects it doesn't own and which woul ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:14 | 阅读:981 | 回复:0
  • CVE-2022-2211
    CVE-2022-2211
    A vulnerability was found in libguestfs. This issue occurs while calculating the greatest possible number of matching keys in the get_keys() function. This flaw leads to a denial of service, either by ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:14 | 阅读:633 | 回复:0
  • CVE-2022-31012
    CVE-2022-31012
    Git for Windows is a fork of Git that contains Windows-specific patches. This vulnerability in versions prior to 2.37.1 lets Git for Windows' installer execute a binary into `C:\mingw64\bin\git.ex ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:14 | 阅读:655 | 回复:0
  • CVE-2022-31134
    CVE-2022-31134
    Zulip is an open-source team collaboration tool. Zulip Server versions 2.1.0 above have a user interface tool, accessible only to server owners and server administrators, which provides a way to downl ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:14 | 阅读:645 | 回复:0
  • CVE-2022-31591
    CVE-2022-31591
    SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a search path that contains an unquoted element. A local attacker can gain elevated privileges by inserting an executable file in the ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:14 | 阅读:624 | 回复:0
  • CVE-2022-31592
    CVE-2022-31592
    The application SAP Enterprise Extension Defense Forces Public Security - versions 605, 606, 616,617,618, 802, 803, 804, 805, 806, does not perform necessary authorization checks for an authenticated ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:14 | 阅读:618 | 回复:0
  • CVE-2022-31593
    CVE-2022-31593
    SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the application. An attacker could thereby control the behavior of the application ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:14 | 阅读:639 | 回复:0
  • CVE-2022-31597
    CVE-2022-31597
    Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:14 | 阅读:646 | 回复:0
  • CVE-2022-31598
    CVE-2022-31598
    Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed operation. On successful exploitation, an at ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:14 | 阅读:582 | 回复:0
  • CVE-2022-31654
    CVE-2022-31654
    VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:14 | 阅读:615 | 回复:0
  • CVE-2022-31655
    CVE-2022-31655
    VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:14 | 阅读:721 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
专题导读
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap