Nessus 的 CGI abuses 系列

ID名稱嚴重性
159923GitLab 0.8.0 < 14.4.1 權限提升
medium
159922GitLab 13.7.0 < 14.2.6 / 13.8.0 < 14.3.4 / 13.9.0 < 14.4.1 資訊洩漏
medium
159921GitLab 11.1.0 < 14.2.6/11.2.0 < 14.3.4/11.3.0 < 14.4.1 核准繞過
medium
159920GitLab 12.10.0 < 14.2.6/13.0.0 < 14.3.4/13.1.0 < 14.4.1 不當存取控制
medium
159919Oracle Primavera Unifier (2022 年 4 月 CPU)
critical
159917Oracle MySQL Enterprise Monitor (Apr 2022 CPU)
critical
159893Trend Micro Apex Central Management Web 主控台偵測
info
159830GitLab 14.7.x < 14.7.7/14.8.x < 14.8.5/14.9.x < 14.8.2 預設密碼
critical
159829GitLab 8.3.x < 14.7.7/14.8.x < 14.8.5/14.9.x < 14.8.2 XSS
medium
159828GitLab 10.x < 14.7.7 / 14.8.x < 14.8.5 / 14.9.x < 14.8.2 DoS
medium
159827GitLab 10.7.x < 14.7.7/14.8.x < 14.8.5/14.9.x < 14.8.2 不當存取控制
medium
159826GitLab 11.5.x < 14.7.7/14.8.x < 14.8.5/14.9.x < 14.8.2 不當授權
medium
159825GitLab 7.8.x < 14.7.7/14.8.x < 14.8.5/14.9.x < 14.8.2 不當授權
medium
159824GitLab 12.1.x < 14.7.7/14.8.x < 14.8.5/14.9.x < 14.8.2 SSRF
medium
159823GitLab 14.4.x < 14.7.7/14.8.x < 14.8.5/14.9.x < 14.8.2 XSS
medium
159822GitLab 13.1.x < 14.7.7 / 14.8.x < 14.8.5 / 14.9.x < 14.8.2 DoS
medium
159821GitLab 13.7.x < 14.7.7 / 14.8.x < 14.8.5 / 14.9.x < 14.8.2 DoS
high
159820GitLab 12.2.x < 14.7.7 / 14.8.x < 14.8.5 / 14.9.x < 14.8.2 資訊洩漏
medium
159819GitLab 13.11.x < 14.7.7/14.8.x < 14.8.5/14.9.x < 14.8.2 不當存取控制
medium
159818GitLab < 14.7.7/14.8.x < 14.8.5/14.9.x < 14.9.2 多個弱點
medium
159708ManageEngine ADSelfService Plus < Build 6121 XSS
medium
159643Dell EMC iDRAC8 < 2.83.83.83 (DSA-2022-069)
high
159572ManageEngine Access Manager Plus 驗證繞過弱點 (CVE-2021-44676)
critical
159570WordPress Plugin 'Social Warfare' < 3.5.3 XSS
medium
159548VMware Workspace One Access / VMware Identity Manager 多個弱點 (VMSA-2022-0011)
critical
159542Spring Framework Spring4Shell (CVE-2022-22965)
critical
159522Sitecore XP 7.5 <= 7.5.2 / 8.0 <= 8.0.7 / 8.1 <= 8.1.3 / 8.2 <= 8.2.7 RCE
critical
159487SonicWall Secure Mobile Access (SMA) SQLi (SNWLID-2021-0017)
critical
159486SonicWall Secure Remote Access (SRA) SQLi (SNWLID-2021-0017)
critical
159377Jenkins 外掛程式 多個漏洞 (2022 年 3 月 29 日)
high
159375Spring Cloud 函式 SPEL 運算式插入弱點 (直接檢查)
critical
159348Joomla 2.5.x < 3.10.7/4.0.x < 4.1.1 多個弱點 (5857-joomla-4-1-1-and-3-10-7-release)
critical
159323Apache Shiro 預設加密金鑰 (CVE-2016-4437)
high
159270SonicWall NSv 新一代虛擬防火牆 SSL VPN
info
159203ManageEngine Desktop Central < 10.1.2137.9 驗證繞過 (未經認證的檢查)
critical
159145Drupal 9.2.x < 9.2.16 / 9.3.x < 9.3.9 Drupal 弱點 (SA-CORE-2022-006)
high
159092Atlassian Jira < 8.13.18 / 8.14.x < 8.20.6 / 8.21.0 XSRF (JRASERVER-73138)
medium
159009WordPress 5.9 < 5.9.2 / 5.8 < 5.8.4 / 5.7 < 5.7.6 / 5.6 < 5.6.8 / 5.5 < 5.5.9 / 5.4 < 5.4.10 / 5.3 < 5.3.12 / 5.2 < 5.2.15 / 5.1 < 5.1.13 / 5.0 < 5.0.16 / 4.9 < 4.9.20 / 4.8 < 4.8.19 / 4.7 < 4.7.23 / 4.6 < 4.6.23 / 4.5 < 4.5.26 / 4.4 < 4.4.27 / 4.3 < 4.3.28 / 4.2 < 4.2.32 / 4.1 < 4.1.35 / 4.0 < 4.0.35 / 3.9 < 3.9.36 / 3.8 < 3.8.38 / 3.7 < 3.7.38
high
159004SolarWinds Orion Platform 2020.2.0 < 2020.2.4
critical
158982Drupal 9.2.x < 9.2.15 / 9.3.x < 9.3.8 多個弱點 (drupal-2022-03-16)
medium
158977Jenkins 外掛程式 多個漏洞 (2022 年 3 月 15 日)
high
158891GitLab 8.15.x < 14.6.5 / 14.7.x < 14.7.4 / 14.8.x < 14.8.2 DoS
medium
158890GitLab 14.6.x < 14.6.5 / 14.7.x < 14.7.4 / 14.8.x < 14.8.2 資訊洩漏
high
158889GitLab < 14.3.6 / 14.4.x < 14.4.4 / 14.5.x < 14.5.2 無效授權
medium
158888GitLab 13.x < 14.6.5 / 14.7.4 / 14.8.2 資訊洩漏
medium
158690Jenkins Enterprise and Operations Center 2.277.x < 2.277.43.0.7 / 2.303.x < 2.303.30.0.6 / 2.319.3.4 多個弱點 (CloudBees 安全公告 2022-02-15)
high
158687Fortinet FortiWeb < 6.3.16 / 6.4.x < 6.4.2 堆積型緩衝區溢位 (FG-IR-21-160)
high
158672Jenkins Enterprise and Operations Center 2.277.x < 2.277.43.0.6 / 2.303.x < 2.303.30.0.5 / 2.319.3.3 多個 DoS 弱點 (CloudBees 安全公告 2022-02-09)
high
158560GitLab 12.10.x < 14.6.5 / 14.7.x < 14.7.4 / 14.8.x < 14.8.2 多個弱點
critical
158452Zabbix 5.4.x < 5.4.9 多個弱點
critical