CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-31588

The zippies/testplatform repository through 2016-07-19 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:12 | 阅读：787 | 回复：0
CVE-2022-35414

softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:12 | 阅读：730 | 回复：0
CVE-2022-32294

Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the zmprove ca command). It is visible in cleartext on port UDP 514 (aka the syslog port).……

作者：菜鸟教程小白 | 时间：2022-7-29 17:12 | 阅读：1260 | 回复：0
CVE-2022-35416

H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang cookie XSS.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:12 | 阅读：648 | 回复：0
CVE-2022-2368

Business Logic Errors in GitHub repository microweber/microweber prior to 1.2.20.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:12 | 阅读：530 | 回复：0
CVE-2022-29926

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation in Cybozu, Inc. showed that it was not a vulnerability. Notes: h ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:12 | 阅读：449 | 回复：0
CVE-2022-1794

The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:12 | 阅读：776 | 回复：0
CVE-2022-2302

Multiple Lenze products of the cabinet series skip the password verification upon second login. After a user has been logged on to the device once, a remote attacker can get full access without knowle ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:12 | 阅读：807 | 回复：0
CVE-2022-30791

In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:12 | 阅读：697 | 回复：0
CVE-2022-30792

In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are no ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:12 | 阅读：737 | 回复：0
CVE-2022-1057

The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:12 | 阅读：1307 | 回复：0
CVE-2022-1220

The FoxyShop WordPress plugin before 4.8.2 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting……

作者：菜鸟教程小白 | 时间：2022-7-29 17:12 | 阅读：1174 | 回复：0
CVE-2022-1474

The WP Event Manager WordPress plugin before 3.1.28 does not sanitise and escape its search before outputting it back in an attribute on the event dashboard, leading to a Reflected Cross-Site Scriptin ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:12 | 阅读：888 | 回复：0
CVE-2022-1546

The WooCommerce - Product Importer WordPress plugin through 1.5.2 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting……

作者：菜鸟教程小白 | 时间：2022-7-29 17:12 | 阅读：699 | 回复：0
CVE-2022-1576

The WP Maintenance Mode Coming Soon WordPress plugin before 2.4.5 is lacking CSRF when emptying the subscribed users list, which could allow attackers to make a logged in admin perform such action vi ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:12 | 阅读：751 | 回复：0
CVE-2022-1599

The Admin Management Xtended WordPress plugin before 2.4.5 does not have CSRF checks in some of its AJAX actions, allowing attackers to make a logged users with the right capabilities to call them. Th ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:12 | 阅读：611 | 回复：0
CVE-2022-1626

The Sharebar WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and also l ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:12 | 阅读：688 | 回复：0
CVE-2022-1732

The Rename wp-login.php WordPress plugin through 2.6.0 does not have CSRF check in place when updating the secret login URL, which could allow attackers to make a logged in admin change them via a CSR ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:12 | 阅读：582 | 回复：0
CVE-2022-1757

The Pagebar WordPress plugin through 2.65 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:12 | 阅读：947 | 回复：0
CVE-2022-1894

The Popup Builder WordPress plugin before 4.1.11 does not escape and sanitize some settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltred_ht ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:12 | 阅读：585 | 回复：0
CVE-2022-1910

The Shortcodes and extra features for Phlox WordPress plugin before 2.9.8 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected Cross-Site Scriptin ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:12 | 阅读：732 | 回复：0
CVE-2022-1937

The Awin Data Feed WordPress plugin through 1.6 does not sanitise and escape a parameter before outputting it back via an AJAX action (available to both unauthenticated and authenticated users), leadi ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:12 | 阅读：881 | 回复：0
CVE-2022-1938

The Awin Data Feed WordPress plugin through 1.6 does not sanitise and escape a header when processing request to generate analytics data, allowing unauthenticated users to perform Stored Cross-Site Sc ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:12 | 阅读：948 | 回复：0
CVE-2022-1951

The core plugin for kitestudio WordPress plugin before 2.3.1 does not sanitise and escape some parameters before outputting them back in a response of an AJAX action, available to both unauthenticated ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:12 | 阅读：676 | 回复：0
CVE-2022-1952

The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:12 | 阅读：609 | 回复：0
CVE-2022-1956

The Shortcut Macros WordPress plugin through 1.3 does not have authorisation and CSRF checks in place when updating its settings, which could allow any authenticated users, such as subscriber, to upda ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:12 | 阅读：635 | 回复：0
CVE-2022-1957

The Comment License WordPress plugin before 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack……

作者：菜鸟教程小白 | 时间：2022-7-29 17:12 | 阅读：547 | 回复：0
CVE-2022-2050

The WP-Paginate WordPress plugin before 2.1.9 does not escape one of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when unfiltered_html is disallo ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:12 | 阅读：517 | 回复：0
CVE-2022-2089

The Bold Page Builder WordPress plugin before 4.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:12 | 阅读：679 | 回复：0
CVE-2022-2091

The Cache Images WordPress plugin before 3.2.1 does not implement nonce checks, which could allow attackers to make any logged user upload images via a CSRF attack.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:12 | 阅读：734 | 回复：0
CVE-2022-2092

The WooCommerce PDF Invoices Packing Slips WordPress plugin before 2.16.0 doesn't escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scriptin ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:12 | 阅读：683 | 回复：0
CVE-2022-2093

The WP Duplicate Page WordPress plugin before 1.3 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even w ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:12 | 阅读：906 | 回复：0
CVE-2022-2123

The WP Opt-in WordPress plugin through 1.4.1 is vulnerable to CSRF which allows changed plugin settings and can be used for sending spam emails.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:12 | 阅读：1671 | 回复：0
CVE-2022-31138

mailcow is a mailserver suite. Prior to mailcow-dockerized version 2022-06a, an extended privilege vulnerability can be exploited by manipulating the custom parameters regexmess, skipmess, regexflag, ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:12 | 阅读：567 | 回复：0
CVE-2020-4138

IBM SiteProtector Appliance 3.1.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174049.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:12 | 阅读：611 | 回复：0
CVE-2020-4150

IBM SiteProtector Appliance 3.1.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external compone ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:12 | 阅读：769 | 回复：0
CVE-2022-31139

UnsafeAccessor (UA) is a bridge to access jdk.internal.misc.Unsafe sun.misc.Unsafe. Normally, if UA is loaded as a named module, the internal data of UA is protected by JVM and others can only access ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:12 | 阅读：661 | 回复：0
CVE-2020-29505

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Key Management Error Vulnerability.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:12 | 阅读：1217 | 回复：0
CVE-2020-29506

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:12 | 阅读：1061 | 回复：0
CVE-2020-29507

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite, versions before 4.4, contain an Improper Input Validation Vulnerability.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:12 | 阅读：645 | 回复：0