CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-2470

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.21.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：330 | 回复：0
CVE-2022-34037

An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service (DoS) via a crafted URI.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：316 | 回复：0
CVE-2022-34500

The bin-collect package in PyPI before v0.1 included a code execution backdoor inserted by a third party.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：389 | 回复：0
CVE-2022-34501

The bin-collection package in PyPI before v0.1 included a code execution backdoor inserted by a third party.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：344 | 回复：0
CVE-2022-34502

Radare2 v5.7.0 was discovered to contain a heap buffer overflow via the function consume_encoded_name_new at format/wasm/wasm.c. This vulnerability allows attackers to cause a Denial of Service (DoS) ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：673 | 回复：0
CVE-2022-34503

QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：470 | 回复：0
CVE-2022-34509

The wikifaces package in PyPI v1.0 included a code execution backdoor inserted by a third party.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：475 | 回复：0
CVE-2022-34520

Radare2 v5.7.2 was discovered to contain a NULL pointer dereference via the function r_bin_file_xtr_load_buffer at bin/bfile.c. This vulnerability allows attackers to cause a Denial of Service (DOS) v ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：475 | 回复：0
CVE-2022-34981

The PyCrowdTangle package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：557 | 回复：0
CVE-2022-34982

The eziod package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：473 | 回复：0
CVE-2022-34983

The scu-captcha package in PyPI v0.0.1 to v0.0.4 included a code execution backdoor inserted by a third party.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：383 | 回复：0
CVE-2020-14114

information leakage vulnerability exists in the Xiaomi SmartHome APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensiti ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：384 | 回复：0
CVE-2020-14126

Information leakage vulnerability exists in the Mi Sound APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive infor ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：347 | 回复：0
CVE-2022-28878

A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed APK file it is possible that can crash the scanning engine.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：1467 | 回复：0
CVE-2022-28879

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aepack.dll component can crash the scanning engine.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：1464 | 回复：0
CVE-2022-2510

Cross-site Scripting (XSS) vulnerability in Extension:ExtendedSearch of Hallo Welt! GmbH BlueSpice allows attacker to inject arbitrary HTML (XSS) on page Special:SearchCenter, using the search term in ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：380 | 回复：0
CVE-2022-2511

Cross-site Scripting (XSS) vulnerability in the commonuserinterface component of BlueSpice allows an attacker to inject arbitrary HTML into a page using the title parameter of the call URL.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：382 | 回复：0
CVE-2017-20139

A vulnerability was found in Itech Movie Portal Script 7.36. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /show_news.php. The manipulation o ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：398 | 回复：0
CVE-2017-20140

A vulnerability was found in Itech Movie Portal Script 7.36. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /movie.php. The manipulation of the argu ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：412 | 回复：0
CVE-2017-20141

A vulnerability classified as critical has been found in Itech Movie Portal Script 7.36. This affects an unknown part of the file /movie.php. The manipulation of the argument f leads to sql injection ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：642 | 回复：0
CVE-2017-20142

A vulnerability classified as critical was found in Itech Movie Portal Script 7.36. This vulnerability affects unknown code of the file /artist-display.php. The manipulation of the argument act leads ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：534 | 回复：0
CVE-2017-20143

A vulnerability, which was classified as critical, has been found in Itech Movie Portal Script 7.36. This issue affects some unknown processing of the file /film-rating.php. The manipulation of the ar ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：589 | 回复：0
CVE-2022-0978

Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：971 | 回复：0
CVE-2022-0979

Use after free in Safe Browsing in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corr ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：346 | 回复：0
CVE-2022-0980

Use after free in New Tab Page in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific user ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：371 | 回复：0
CVE-2022-27235

Multiple Broken Access Control vulnerabilities in Social Share Buttons by Supsystic plugin = 2.2.3 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：458 | 回复：0
CVE-2022-29495

Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin = 4.1.11 at WordPress allows an attacker to update plugin settings.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：901 | 回复：0
CVE-2022-30998

Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in WooPlugins.co's Homepage Product Organizer for WooCommerce plugin = 1.1 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：580 | 回复：0
CVE-2022-33191

Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Chinmoy Paul's Testimonials plugin = 3.0.1 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：447 | 回复：0
CVE-2022-33901

Unauthenticated Arbitrary File Read vulnerability in MultiSafepay plugin for WooCommerce plugin = 4.13.1 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：472 | 回复：0
CVE-2022-33960

Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in Social Share Buttons by Supsystic plugin = 2.2.3 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：560 | 回复：0
CVE-2022-34650

Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in wpWax Team plugin = 1.2.6 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：380 | 回复：0
CVE-2022-34839

Authentication Bypass vulnerability in CodexShaper's WP OAuth2 Server plugin = 1.0.1 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：491 | 回复：0
CVE-2022-34853

Multiple Authenticated (contributor or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in wpWax Team plugin = 1.2.6 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：516 | 回复：0
CVE-2022-25759

The package convert-svg-core before 0.6.2 are vulnerable to Remote Code Injection via sending an SVG file containing the payload.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：583 | 回复：0
CVE-2022-36408

PrestaShop 1.6.0.10 through 1.7.x before 1.7.8.7 allows remote attackers to execute arbitrary code, aka a previously unknown vulnerability chain related to SQL injection and MySQL Smarty cache storage ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：627 | 回复：0
CVE-2022-34112

An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：433 | 回复：0
CVE-2022-34113

An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：457 | 回复：0
CVE-2022-34114

Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：807 | 回复：0
CVE-2022-34115

Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：720 | 回复：0