CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-24773

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not properly check `Dige ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：46 | 回复：0
CVE-2021-29899

IBM Engineering Requirements Quality Assistant prior to 3.1.3 could allow an authenticated user to cause a denial of service. IBM X-Force ID: 207413.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：52 | 回复：0
CVE-2021-39046

IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Business Process Manager 8.5 and 8.6 stores user credentials in plain clear text which can be read by a lprivileged user. IBM X-Forc ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：50 | 回复：0
CVE-2022-24637

Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：98 | 回复：0
CVE-2020-15388

A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary conten ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：51 | 回复：0
CVE-2020-16232

In Yokogawa WideField3 R1.01 - R4.03, a buffer overflow could be caused when a user loads a maliciously crafted project file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：41 | 回复：0
CVE-2020-25176

Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：34 | 回复：0
CVE-2020-25178

ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：32 | 回复：0
CVE-2020-25180

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：27 | 回复：0
CVE-2020-25182

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to ex ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：24 | 回复：0
CVE-2020-25184

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a file that is in the same directory as the executable file. ISaGRAF Runtime reads the file and saves the d ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：32 | 回复：0
CVE-2020-25193

By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypt ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：28 | 回复：0
CVE-2020-25197

A code injection vulnerability exists in one of the webpages in GE Reason RT430, RT431 RT434 GNSS clocks in firmware versions prior to version 08A06 that could allow an authenticated remote attacker ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：33 | 回复：0
CVE-2021-23150

Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in AMP for WP – Accelerated Mobile Pages WordPress plugin (versions = 1.0.77.31).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：29 | 回复：0
CVE-2021-23209

Multiple Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) vulnerabilities discovered in AMP for WP – Accelerated Mobile Pages WordPress plugin (versions = 1.0.77.32).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：20 | 回复：0
CVE-2021-27789

The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose sensitive information to the program's standard output device. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：32 | 回复：0
CVE-2021-30771

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, iOS 14.6 and iPadOS 14.6, watchOS 7.5, tvOS 14.6. Processing a maliciously crafted font ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：30 | 回复：0
CVE-2021-44760

Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WP-DownloadManager WordPress plugin (versions = 1.68.6).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：28 | 回复：0
CVE-2021-4031

Syltek application before its 10.22.00 version, does not correctly check that a product ID has a valid payment associated to it. This could allow an attacker to forge a request and bypass the payment ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：27 | 回复：0
CVE-2022-0547

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an exter ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：31 | 回复：0
CVE-2022-1002

Mattermost 6.3.0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users, which allows registered users with special permissions to invite guest users to in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：35 | 回复：0
CVE-2022-1003

One of the API in Mattermost version 6.3.0 and earlier fails to properly protect the permissions, which allows the system administrators to combine the two distinct privileges/capabilities in a way th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：31 | 回复：0
CVE-2022-1011

A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, r ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：35 | 回复：0
CVE-2022-22578

A logic issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, macOS Monterey 12.2. A malicious application may be able to gain root pri ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：33 | 回复：0
CVE-2022-22579

An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：31 | 回复：0
CVE-2022-22583

A permissions issue was addressed with improved validation. This issue is fixed in Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access re ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：26 | 回复：0
CVE-2022-22584

A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, macOS Monterey 12.2. Processing a maliciously crafted file ma ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：41 | 回复：0
CVE-2022-22585

An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, macOS ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：31 | 回复：0
CVE-2022-22586

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileg ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：24 | 回复：0
CVE-2022-22587

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3, macOS Monterey 12.2. A malicious application may be able ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：22 | 回复：0
CVE-2022-22588

A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 15.2.1 and iPadOS 15.2.1. Processing a maliciously crafted HomeKit accessory name may cause a denia ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：27 | 回复：0
CVE-2022-22589

A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：33 | 回复：0
CVE-2022-22590

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：51 | 回复：0
CVE-2022-22591

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：64 | 回复：0
CVE-2022-22592

A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted we ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：44 | 回复：0
CVE-2022-22593

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, ma ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：36 | 回复：0
CVE-2022-22594

A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A websi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：35 | 回复：0
CVE-2022-22596

A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privile ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：25 | 回复：0
CVE-2022-22597

A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：23 | 回复：0
CVE-2022-22598

An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 15.4 and iPadOS 15.4. An app may be able to learn information about the current camera view be ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：25 | 回复：0