CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-2281

An information disclosure vulnerability in GitLab EE affecting all versions from 12.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows disclosure of release titles if group mil ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：830 | 回复：0
CVE-2022-1963

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. Git ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：867 | 回复：0
CVE-2022-1981

An issue has been discovered in GitLab EE affecting all versions starting from 12.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. In GitLab, if a group enables the setting to restr ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：603 | 回复：0
CVE-2022-1999

An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the REST API an unprivil ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：510 | 回复：0
CVE-2022-2228

Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker with the appropriate access tokens to obtain CI v ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：502 | 回复：0
CVE-2022-2229

An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an unprotec ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：789 | 回复：0
CVE-2022-2270

An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab wa ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：668 | 回复：0
CVE-2022-31113

Canarytokens is an open source tool which helps track activity and actions on your network. A Cross-Site Scripting vulnerability was identified in the history page of triggered Canarytokens. This perm ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：594 | 回复：0
CVE-2021-37524

Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web script or HTML via an unsanitized path parameter in resources/login.php.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：994 | 回复：0
CVE-2022-0167

An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：944 | 回复：0
CVE-2022-1954

A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to make a Git ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：554 | 回复：0
CVE-2022-22366

IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 22106.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：552 | 回复：0
CVE-2022-22367

IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. IBM X-Force ID: 221008.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：805 | 回复：0
CVE-2022-22373

An improper validation vulnerability in IBM InfoSphere Information Server 11.7 Pack for SAP Apps and BW Packs may lead to creation of directories and files on the server file system that may contain n ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：999 | 回复：0
CVE-2022-31604

NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI implementation module, where The CA credentials are transported via pickle and no safe deserialization. The deserialization of Unt ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：1019 | 回复：0
CVE-2022-31605

NVFLARE, versions prior to 2.1.2, contains a vulnerability in its utils module, where YAML files are loaded via yaml.load() instead of yaml.safe_load(). The deserialization of Untrusted Data, may allo ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：679 | 回复：0
CVE-2022-32030

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetQosBand.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：751 | 回复：0
CVE-2022-32031

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function fromSetRouteStatic.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：519 | 回复：0
CVE-2022-32032

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the deviceList parameter in the function formAddMacfilterRule.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：539 | 回复：0
CVE-2022-32033

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the function formSetVirtualSer.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：594 | 回复：0
CVE-2022-32034

Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the items parameter in the function formdelMasteraclist.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：727 | 回复：0
CVE-2022-2264

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：283 | 回复：0
CVE-2022-33099

An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：295 | 回复：0
CVE-2022-33103

Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir().……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：284 | 回复：0
CVE-2022-2282

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent acciden ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：268 | 回复：0
CVE-2014-3648

The simplepush server iterates through the application installations and pushes a notification to the server provided by deviceToken. But this is user controlled. If a bogus applications is registered ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：248 | 回复：0
CVE-2014-3650

Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content. A remote attacker could use these flaws to compromise the application with sp ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：230 | 回复：0
CVE-2022-2253

A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 may send OS commands to execute on the host server.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：232 | 回复：0
CVE-2022-1983

Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allowed an attacker already in possession of a valid Deploy Key ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：207 | 回复：0
CVE-2022-2185

A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where it was possible for an unauthorised user ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：218 | 回复：0
CVE-2022-2227

Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer of a project with a ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：225 | 回复：0
CVE-2022-2230

A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an at ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：235 | 回复：0
CVE-2022-2235

Insufficient sanitization in GitLab EE's external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to perform cros ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：226 | 回复：0
CVE-2022-2243

An access control vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows authenticated users to enumerate issues in non ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：220 | 回复：0
CVE-2022-2244

An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows project memebers with reporter role to ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：203 | 回复：0
CVE-2022-2250

An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary l ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：197 | 回复：0
CVE-2022-2254

A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 can store a script that could impact other logged in users.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：177 | 回复：0
CVE-2022-2281

An information disclosure vulnerability in GitLab EE affecting all versions from 12.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows disclosure of release titles if group mil ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：170 | 回复：0
CVE-2022-1963

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. Git ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：168 | 回复：0
CVE-2022-1981

An issue has been discovered in GitLab EE affecting all versions starting from 12.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. In GitLab, if a group enables the setting to restr ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：162 | 回复：0