CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-1885

The Cimy Header Image Rotator WordPress plugin through 6.1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:32 | 阅读：38 | 回复：0
CVE-2022-1903

The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover (even the administrator) due to missing nonce and authorization checks in an AJAX action available to unauthenticated users ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:32 | 阅读：46 | 回复：0
CVE-2022-1904

The Pricing Tables WordPress Plugin WordPress plugin before 3.2.1 does not sanitise and escape parameter before outputting it back in a page available to any user (both authenticated and unauthenticat ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:32 | 阅读：43 | 回复：0
CVE-2022-1573

The HTML2WP WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them……

作者：菜鸟教程小白 | 时间：2022-7-7 08:31 | 阅读：42 | 回复：0
CVE-2022-1574

The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks when importing files, and does not validate them, as a result, unauthenticated attackers can upload arbitrary fil ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:31 | 阅读：41 | 回复：0
CVE-2022-1593

The Site Offline or Coming Soon WordPress plugin through 1.6.6 does not have CSRF check in place when updating its settings, and it also lacking sanitisation as well as escaping in some of them. As a ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:31 | 阅读：45 | 回复：0
CVE-2022-1625

The New User Approve WordPress plugin before 2.4 does not have CSRF check in place when updating its settings and adding invitation codes, which could allow attackers to add invitation codes (for bypa ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:31 | 阅读：41 | 回复：0
CVE-2022-1627

The My Private Site WordPress plugin before 3.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack……

作者：菜鸟教程小白 | 时间：2022-7-7 08:31 | 阅读：40 | 回复：0
CVE-2022-1653

The Social Share Buttons by Supsystic WordPress plugin before 2.2.4 does not perform CSRF checks in it's ajax endpoints and admin pages, allowing an attacker to trick any logged in user to manipul ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:31 | 阅读：48 | 回复：0
CVE-2022-1776

The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin before 2.1.8 does not sanitize and escape some campaign parameters, which could allow users with a role as low as contributo ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:31 | 阅读：42 | 回复：0
CVE-2022-1842

The OpenBook Book Data WordPress plugin through 3.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:31 | 阅读：46 | 回复：0
CVE-2022-1029

The Limit Login Attempts WordPress plugin before 4.0.72 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code l ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:30 | 阅读：45 | 回复：0
CVE-2022-1095

The Mihdan: No External Links WordPress plugin through 4.8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Script ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:30 | 阅读：50 | 回复：0
CVE-2022-1113

The Flower Delivery by Florist One WordPress plugin through 3.5.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:30 | 阅读：45 | 回复：0
CVE-2022-1321

The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious J ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:30 | 阅读：41 | 回复：0
CVE-2022-1326

The Form - Contact Form WordPress plugin through 1.2.0 does not sanitize and escape Custom text fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks ev ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:30 | 阅读：48 | 回复：0
CVE-2022-1327

The Image Gallery - Grid Gallery WordPress plugin through 1.1.1 does not sanitize and escape some of its Image fields, which could allow high-privileged users such as admin to perform Cross-Site Scrip ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:30 | 阅读：45 | 回复：0
CVE-2022-1470

The Ultimate WooCommerce CSV Importer WordPress plugin through 2.0 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting……

作者：菜鸟教程小白 | 时间：2022-7-7 08:30 | 阅读：43 | 回复：0
CVE-2022-1572

The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks in an AJAX action, available to any authenticated users such as subscriber, which could allow them to delete arbi ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:30 | 阅读：52 | 回复：0
CVE-2022-2212

A vulnerability was found in SourceCodester Library Management System 1.0. It has been classified as critical. Affected is an unknown function of the component /card/index.php. The manipulation of the ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:29 | 阅读：44 | 回复：0
CVE-2022-2213

A vulnerability was found in SourceCodester Library Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/edit_admin ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:29 | 阅读：55 | 回复：0
CVE-2022-2214

A vulnerability was found in SourceCodester Library Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /librarian/bookdetails.php. T ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:29 | 阅读：50 | 回复：0
CVE-2022-0444

The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin before 4.3.6 does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:29 | 阅读：48 | 回复：0
CVE-2022-0875

The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin cha ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:29 | 阅读：42 | 回复：0
CVE-2022-1010

The Login using WordPress Users ( WP as SAML IDP ) WordPress plugin before 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Sto ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:29 | 阅读：52 | 回复：0
CVE-2022-1028

The WordPress Security Firewall, Malware Scanner, Secure Login and Backup plugin before 4.2.1 does not sanitise and escape some of its settings, leading to malicious users with administrator privilege ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:29 | 阅读：45 | 回复：0
CVE-2020-27509

Persistent XSS in Galaxkey Secure Mail Client in Galaxkey up to 5.6.11.5 allows an attacker to perform an account takeover by intercepting the HTTP Post request when sending an email and injecting a s ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:28 | 阅读：61 | 回复：0
CVE-2022-34494

rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:28 | 阅读：54 | 回复：0
CVE-2022-34495

rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:28 | 阅读：48 | 回复：0
CVE-2022-2206

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:28 | 阅读：50 | 回复：0
CVE-2022-30932

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:28 | 阅读：46 | 回复：0
CVE-2022-33146

Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:28 | 阅读：47 | 回复：0
CVE-2022-33202

Authentication bypass vulnerability in the setup screen of L2Blocker(on-premise) Ver4.8.5 and earlier and L2Blocker(Cloud) Ver4.8.5 and earlier allows an adjacent attacker to perform an unauthorized l ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:28 | 阅读：53 | 回复：0
CVE-2020-9754

NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:28 | 阅读：46 | 回复：0
CVE-2019-25071

A vulnerability was found in Apple iPhone up to 12.4.1. It has been declared as critical. Affected by this vulnerability is Siri. Playing an audio or video file might be able to initiate Siri on the s ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:27 | 阅读：59 | 回复：0
CVE-2022-24893

ESP-IDF is the official development framework for Espressif SoCs. In Espressif’s Bluetooth Mesh SDK (`ESP-BLE-MESH`), a memory corruption vulnerability can be triggered during provisioning, because t ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:27 | 阅读：65 | 回复：0
CVE-2022-29168

Wire is a secure messaging application. Wire is vulnerable to arbitrary HTML and Javascript execution via insufficient escaping when rendering `@mentions` in the wire-webapp. If a user receives and vi ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:27 | 阅读：58 | 回复：0
CVE-2022-31016

Argo CD is a declarative continuous deployment for Kubernetes. Argo CD versions v0.7.0 and later are vulnerable to an uncontrolled memory consumption bug, allowing an authorized malicious user to cras ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:27 | 阅读：62 | 回复：0
CVE-2022-31017

Zulip is an open-source team collaboration tool. Versions 2.1.0 through and including 5.2 are vulnerable to a logic error. A stream configured as private with protected history, where new subscribers ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:27 | 阅读：49 | 回复：0
CVE-2022-29931

Raytion 7.2.0 allows reflected Cross-site Scripting (XSS).……

作者：菜鸟教程小白 | 时间：2022-7-7 08:27 | 阅读：58 | 回复：0