CVE漏洞-OStack程序员社区-中国程序员成长平台

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

CVE漏洞

RSS

CVE-2020-36276

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-9-23 21:05 | 阅读：11555 | 回复：0
CVE-2022-36675

Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/manage_schedule.php.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:58 | 阅读：3288 | 回复：0
CVE-2022-36671

Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:58 | 阅读：3886 | 回复：0
CVE-2022-36672

Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config file. This vulnerability allows attackers to create a custom user session.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:58 | 阅读：3124 | 回复：0
CVE-2022-36674

Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/view_schedule.php.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:58 | 阅读：3117 | 回复：0
CVE-2022-36676

Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /categories/view_category.php.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:58 | 阅读：3693 | 回复：0
CVE-2022-36051

ZITADEL combines the ease of Auth0 and the versatility of Keycloak.**Actions**, introduced in ZITADEL **1.42.0** on the API and **1.56.0** for Console, is a feature, where users with role.`ORG_OWNER` ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:57 | 阅读：2969 | 回复：0
CVE-2022-37125

D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/NTPSyncWithHost.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:57 | 阅读：3730 | 回复：0
CVE-2022-36619

In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without authentication via /goform/setMAC.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:57 | 阅读：3090 | 回复：0
CVE-2022-37123

D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/form2userconfig.cgi.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:57 | 阅读：3920 | 回复：0
CVE-2022-37129

D-Link DIR-816 A2_v1.10CNB04.img is vulnerable to Command Injection via /goform/SystemCommand. After the user passes in the command parameter, it will be spliced into byte_4836B0 by snprintf, and fina ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:57 | 阅读：3768 | 回复：0
CVE-2022-37130

In D-Link DIR-816 A2_v1.10CNB04.img a command injection vulnerability occurs in /goform/Diagnosis, after the condition is met, setnum will be spliced into v10 by snprintf, and the system will be execu ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:57 | 阅读：3665 | 回复：0
CVE-2022-36130

HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated with the correct scopes, allowing potential privilege escalation for authorized u ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:57 | 阅读：3361 | 回复：0
CVE-2022-36449

An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of b ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:57 | 阅读：3314 | 回复：0
CVE-2022-2895

Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. These controls may allow two stack-based buffer overflow instances while processing a specific project file.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:56 | 阅读：2904 | 回复：0
CVE-2022-2894

Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. The controls may allow seven untrusted pointer deference instances while processing a specific project file.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:56 | 阅读：3729 | 回复：0
CVE-2022-2896

Measuresoft ScadaPro Server (All Versions) allows use after free while processing a specific project file.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:56 | 阅读：3110 | 回复：0
CVE-2022-2897

Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow privilege escalation..……

作者：菜鸟教程小白 | 时间：2022-9-18 10:56 | 阅读：3510 | 回复：0
CVE-2022-2898

Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow a denial-of-service condition.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:56 | 阅读：2983 | 回复：0
CVE-2022-36201

Doctor’s Appointment System v1.0 is vulnerable to Blind SQLi via settings.php.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:56 | 阅读：2994 | 回复：0
CVE-2022-36202

Doctor's Appointment System1.0 is vulnerable to Incorrect Access Control via edoc/patient/settings.php. The settings.php is affected by Broken Access Control (IDOR) via id= parameter.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:56 | 阅读：4578 | 回复：0
CVE-2022-36203

Doctor's Appointment System 1.0 is vulnerable to Cross Site Scripting (XSS) via the admin panel. In addition, it leads to takeover the administrator account by stealing the cookie via XSS.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:56 | 阅读：3748 | 回复：0
CVE-2022-36620

D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via /goform/addRouting.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:56 | 阅读：3689 | 回复：0
CVE-2022-36568

Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the list parameter at /goform/setPptpUserList.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:55 | 阅读：2266 | 回复：0
CVE-2022-36569

Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:55 | 阅读：4132 | 回复：0
CVE-2022-36570

Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the time parameter at /goform/SetLEDCfg.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:55 | 阅读：2933 | 回复：0
CVE-2022-36571

Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the mask parameter at /goform/WanParameterSetting.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:55 | 阅读：3549 | 回复：0
CVE-2022-36580

An arbitrary file upload vulnerability in the component /admin/products/controller.php?action=add of Online Ordering System v2.3.2 allows attackers to execute arbitrary code via a crafted PHP file.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:55 | 阅读：3073 | 回复：0
CVE-2022-36581

Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via the user_email parameter at /admin/login.php.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:55 | 阅读：3082 | 回复：0
CVE-2022-36582

An arbitrary file upload vulnerability in the component /php_action/createProduct.php of Garage Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:55 | 阅读：3177 | 回复：0
CVE-2022-2892

Measuresoft ScadaPro Server (Versions prior to 6.8.0.1) uses an unmaintained ActiveX control, which may allow an out-of-bounds write condition while processing a specific project file.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:55 | 阅读：4148 | 回复：0
CVE-2022-36046

Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v1 ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:54 | 阅读：1674 | 回复：0
CVE-2022-37128

In D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized without authentication via /goform/wizard_end.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:54 | 阅读：1782 | 回复：0
CVE-2022-31233

Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and acc ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:54 | 阅读：2006 | 回复：0
CVE-2022-36048

Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. When displaying messages with embedded remote images, Zulip normally loads the image preview vi ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:54 | 阅读：2250 | 回复：0
CVE-2022-1841

In subsys/net/ip/tcp.c , function tcp_flags , when the incoming parameter flags is ECN or CWR , the buf will out-of-bounds write a byte zero.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:54 | 阅读：1911 | 回复：0
CVE-2022-34373

Dell Command | Integration Suite for System Center, versions prior to 6.2.0, contains arbitrary file write vulnerability. A locally authenticated malicious user could potentially exploit this vulnerab ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:54 | 阅读：2142 | 回复：0
CVE-2022-34383

Dell Edge Gateway 5200 (EGW) versions before 1.03.10 contain an operating system command injection vulnerability. A local malicious user may potentially exploit this vulnerability by using an SMI to b ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:54 | 阅读：2059 | 回复：0
CVE-2022-37184

The application manage_website.php on Garage Management System 1.0 is vulnerable to Shell File Upload. The already authenticated malicious user, can upload a dangerous RCE or LCE exploit file.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:53 | 阅读：1651 | 回复：0
CVE-2022-37122

Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input pa ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:53 | 阅读：2421 | 回复：0