CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2020-15591

fexsrv in F*EX (aka Frams' Fast File EXchange) before fex-20160919_2 allows eval injection (for unauthenticated remote code execution).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：32 | 回复：0
CVE-2021-44906

Minimist =1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：26 | 回复：0
CVE-2022-26526

Anaconda Anaconda3 (Anaconda Distribution) through 2021.11.0.0 and Miniconda3 through 4.11.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH e ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：27 | 回复：0
CVE-2022-24759

`@chainsafe/libp2p-noise` contains TypeScript implementation of noise protocol, an encryption protocol used in libp2p. `@chainsafe/libp2p-noise` before 4.1.2 and 5.0.3 does not correctly validate sign ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：29 | 回复：0
CVE-2022-25364

In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the buil ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：26 | 回复：0
CVE-2022-26503

Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arbitrary code with local system privileges.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：33 | 回复：0
CVE-2022-25949

The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Version 2010.06.23.247 fails to properly handle crafted inputs, leading to stack-based buffer overflow.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：31 | 回复：0
CVE-2022-25969

The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：28 | 回复：0
CVE-2022-26081

The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：26 | 回复：0
CVE-2022-26511

WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when opening .pps files('current directory type' DLL loading).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：24 | 回复：0
CVE-2021-44907

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：29 | 回复：0
CVE-2021-45040

The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows remote attackers to upload executable files via the uploads route.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：25 | 回复：0
CVE-2021-46107

Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF) which allows an attacker to read any documents via the download features.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：30 | 回复：0
CVE-2022-21822

NVIDIA FLARE contains a vulnerability in the admin interface, where an un-authorized attacker can cause Allocation of Resources Without Limits or Throttling, which may lead to cause system unavailable ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：25 | 回复：0
CVE-2022-24770

`gradio` is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, `gradio` suffers from Improper Neutralization of Formula Elements in a CSV Fil ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：34 | 回复：0
CVE-2022-26500

Improper limitation of path names in Veeam Backup Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execut ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：31 | 回复：0
CVE-2022-26501

Veeam Backup Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：38 | 回复：0
CVE-2022-26504

Improper authentication in Veeam Backup Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via V ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：46 | 回复：0
CVE-2021-43961

Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：60 | 回复：0
CVE-2021-44087

A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows an unauthenticated remote attacker to upload a maliciously crafted PHP via photo up ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：55 | 回复：0
CVE-2021-44088

An SQL Injection vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows a remote attacker to bypass authentication via unsanitized login parameters.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：60 | 回复：0
CVE-2022-24302

In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：45 | 回复：0
CVE-2022-0237

Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：44 | 回复：0
CVE-2022-0757

Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow a logged-in, authenticat ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：48 | 回复：0
CVE-2022-0758

Rapid7 Nexpose versions 6.6.129 and earlier suffer from a reflected cross site scripting vulnerability, within the shared scan configuration component of the tool. With this vulnerability an attacker ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：48 | 回复：0
CVE-2021-45966

An issue was discovered in Pascom Cloud Phone System before 7.20.x. In the management REST API, /services/apply in exd.pl allows remote attackers to execute arbitrary code via shell metacharacters.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：42 | 回复：0
CVE-2021-45967

An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：42 | 回复：0
CVE-2021-45968

An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x (and in other products). An endpoint in the backend Tomc ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：44 | 回复：0
CVE-2022-27240

scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：35 | 回复：0
CVE-2021-45868

In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：40 | 回复：0
CVE-2022-26965

In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：42 | 回复：0
CVE-2022-27191

The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：30 | 回复：0
CVE-2021-22571

A local attacker could read files from some other users' SA360 reports stored in the /tmp folder during staging process before the files are loaded in BigQuery. We recommend upgrading to version 1 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：40 | 回复：0
CVE-2021-45834

An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically processed within the product's environment or l ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：41 | 回复：0
CVE-2021-45835

The Online Admission System 1.0 allows an unauthenticated attacker to upload or transfer files of dangerous types to the application through documents.php, which may be used to execute malicious code ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：37 | 回复：0
CVE-2022-24655

A stack overflow vulnerability exists in the upnpd service in Netgear EX6100v1 201.0.2.28, CAX80 2.1.2.6, and DC112A 1.0.0.62, which may lead to the execution of arbitrary code without authentication.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：52 | 回复：0
CVE-2022-0742

Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. We recommend upgrading past commit ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：46 | 回复：0
CVE-2022-24595

Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, and 11.0.5 is affected by Incorrect Access Control in usr/bin/afb-daemon. To exploit the vulnerability, an attacker should send ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：44 | 回复：0
CVE-2022-24771

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code is lenient in checking the di ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：44 | 回复：0
CVE-2022-24772

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not check for tailing ga ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：40 | 回复：0