漏洞 - 第36页-OStack程序员社区-中国程序员成长平台

OStack程序员社区-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-2418

A vulnerability was found in URVE Web Manager. It has been classified as critical. This affects an unknown part of the file kreator.html5/img_upload.php. The manipulation leads to unrestricted upload. ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：1528 | 回复：0
CVE漏洞

CVE-2022-34094

Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via request_token.php.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：667 | 回复：0
CVE漏洞

CVE-2022-34093

Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via access_token.php.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：1103 | 回复：0
CVE漏洞

CVE-2022-34092

Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via svg2img.php.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：756 | 回复：0
CVE漏洞

CVE-2022-32425

The login function of Mealie v1.0.0beta-2 allows attackers to enumerate existing usernames by timing the server's response time.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：793 | 回复：0
CVE漏洞

CVE-2022-32417

PbootCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the function parserIfLabel at function.php.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：1243 | 回复：0
CVE漏洞

CVE-2022-32416

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_product.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：617 | 回复：0
CVE漏洞

CVE-2022-32415

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/?p=products/view_productid=.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：681 | 回复：0
CVE漏洞

CVE-2022-32409

A local file inclusion (LFI) vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP reque ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：1052 | 回复：0
CVE漏洞

CVE-2022-32406

GtkRadiant v1.6.6 was discovered to contain a buffer overflow via the component q3map2. This vulnerability can cause a Denial of Service (DoS) via a crafted MAP file.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：695 | 回复：0
CVE漏洞

CVE-2022-32389

Isode SWIFT v4.0.2 was discovered to contain hard-coded credentials in the Registry Editor. This allows attackers to access sensitive information such as user credentials and certificates.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：1512 | 回复：0
CVE漏洞

CVE-2022-32323

AutoTrace v0.40.0 was discovered to contain a heap overflow via the ReadImage function at input-bmp.c:660.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：793 | 回复：0
CVE漏洞

CVE-2022-32318

Fast Food Ordering System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via the component /ffos/classes/Master.php?f=save_category.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：589 | 回复：0
CVE漏洞

CVE-2022-32317

The MPlayer Project v1.5 was discovered to contain a heap use-after-free resulting in a double free in the preinit function at libvo/vo_v4l2.c. This vulnerability can lead to a Denial of Service (DoS) ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：607 | 回复：0
CVE漏洞

CVE-2022-32298

Toybox v0.8.7 was discovered to contain a NULL pointer dereference via the component httpd.c. This vulnerability can lead to a Denial of Service (DoS) via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：687 | 回复：0
CVE漏洞

CVE-2022-32297

Piwigo v12.2.0 was discovered to contain SQL injection vulnerability via the Search function.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：1023 | 回复：0
CVE漏洞

CVE-2022-31156

Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies either through their checksum or cryptograph ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：1129 | 回复：0
CVE漏洞

CVE-2022-31147

The jQuery Validation Plugin (jquery-validation) provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service (ReDoS) whe ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：685 | 回复：0
CVE漏洞

CVE-2022-23825

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：873 | 回复：0
CVE漏洞

CVE-2021-4135

A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being cal ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：1163 | 回复：0
CVE漏洞

CVE-2021-26384

A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：638 | 回复：0
CVE漏洞

CVE-2021-26382

An attacker with root account privileges can load any legitimately signed firmware image into the Audio Co-Processor (ACP,) irrespective of the respective signing key being declared as usable for auth ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：867 | 回复：0
CVE漏洞

CVE-2022-31142

@fastify/bearer-auth is a Fastify plugin to require bearer Authorization headers. @fastify/bearer-auth prior to versions 7.0.2 and 8.0.1 does not securely use crypto.timingSafeEqual. A malicious attac ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：815 | 回复：0
CVE漏洞

CVE-2022-2408

The Guest account feature in Mattermost version 6.7.0 and earlier fails to properly restrict the permissions, which allows a guest user to fetch a list of all public channels in the team, in spite of ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：683 | 回复：0
CVE漏洞

CVE-2022-2406

The legacy Slack import feature in Mattermost version 6.7.0 and earlier fails to properly limit the sizes of imported files, which allows an authenticated attacker to crash the server by importing lar ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：608 | 回复：0
CVE漏洞

CVE-2022-2401

Unrestricted information disclosure of all users in Mattermost version 6.7.0 and earlier allows team members to access some sensitive information by directly accessing the APIs.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：630 | 回复：0
CVE漏洞

CVE-2022-22460

IBM Security Verify Identity Manager 10.0 contains sensitive information in the source code repository that could be used in further attacks against the system. IBM X-Force ID: 225013.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：1905 | 回复：0
CVE漏洞

CVE-2022-22453

IBM Security Verify Identity Manager 10.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 224919.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：669 | 回复：0
CVE漏洞

CVE-2022-22452

IBM Security Verify Identity Manager 10.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 224918.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：628 | 回复：0
CVE漏洞

CVE-2022-22450

IBM Security Verify Identity Manager 10.0 could allow a privileged user to upload a malicious file by bypassing extension security in an HTTP request. IBM X-Force ID: 224916.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：1278 | 回复：0
CVE漏洞

CVE-2022-35283

IBM Security Verify Information Queue 10.0.2 could allow an authenticated user to cause a denial of service with a specially crafted HTTP request.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：616 | 回复：0
CVE漏洞

CVE-2022-22477

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended function ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：645 | 回复：0
CVE漏洞

CVE-2022-22473

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console data. This information could ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：617 | 回复：0
CVE漏洞

CVE-2021-39028

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：981 | 回复：0
CVE漏洞

CVE-2021-39019

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose highly sensitive information through an HTTP GET request to an authenticated user. IBM X-Force ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：614 | 回复：0
CVE漏洞

CVE-2021-39018

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the syst ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：796 | 回复：0
CVE漏洞

CVE-2021-39017

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 2 ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：600 | 回复：0
CVE漏洞

CVE-2021-39016

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the so ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：584 | 回复：0
CVE漏洞

CVE-2021-39015

IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus a ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：971 | 回复：0
CVE漏洞

CVE-2021-45492

In Sage 300 ERP (formerly accpac) through 6.8.x, the installer configures the C:\Sage\Sage300\Runtime directory to be the first entry in the system-wide PATH environment variable. However, this direct ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：611 | 回复：0