CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-22685

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology WebDAV Server before 2.4.0-0062 allows remote authenticated users t ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1315 | 回复：0
CVE-2022-27612

Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Audio Station before 6.5.4-3367 allows remote attackers to execute arbitrary c ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1033 | 回复：0
CVE-2022-27613

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in webapi component in Synology CardDAV Server before 6.0.10-0153 allows remote authenticated ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1262 | 回复：0
CVE-2022-27614

Exposure of sensitive information to an unauthorized actor vulnerability in web server in Synology Media Server before 1.8.1-2876 allows remote attackers to obtain sensitive information via unspecifie ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1442 | 回复：0
CVE-2022-27611

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Audio Station before 6.5.4-3367 allows remote authenticated users t ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1916 | 回复：0
CVE-2022-36364

Apache Calcite Avatica JDBC driver creates HTTP client instances based on class names provided via `httpclient_impl` connection property; however, the driver does not verify if the class implements th ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1179 | 回复：0
CVE-2022-37009

In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Vagrant executable was possible……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1152 | 回复：0
CVE-2022-37010

In JetBrains IntelliJ IDEA before 2022.2 email address validation in the Git User Name Is Not Defined dialog was missed……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：989 | 回复：0
CVE-2022-27509

Unauthenticated redirection to a malicious website……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：994 | 回复：0
CVE-2016-2138

In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in xss_clean() in class/KippoInput.class.php.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1241 | 回复：0
CVE-2016-2139

In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in $file_link in class/KippoInput.class.php.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1257 | 回复：0
CVE-2021-22640

An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1214 | 回复：0
CVE-2021-22642

An attacker could use specially crafted invalid Modbus frames to crash the Ovarro TBox system.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1207 | 回复：0
CVE-2021-22644

Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1073 | 回复：0
CVE-2021-22646

The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1089 | 回复：0
CVE-2021-22648

Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete the configuration file.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1031 | 回复：0
CVE-2021-22650

An attacker may use TWinSoft and a malicious source project file (TPG) to extract files on machine executing Ovarro TWinSoft, which could lead to code execution.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1076 | 回复：0
CVE-2022-1805

When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM (Man in ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1073 | 回复：0
CVE-2022-1948

An issue has been discovered in GitLab affecting all versions starting from 15.0 before 15.0.1. Missing validation of input used in quick actions allowed an attacker to exploit XSS by injecting HTML i ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1121 | 回复：0
CVE-2022-2553

The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1031 | 回复：0
CVE-2022-35882

Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in GS Plugins GS Testimonial Slider plugin = 1.9.1 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1116 | 回复：0
CVE-2022-30313

Honeywell Experion PKS Safety Manager through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0051, there is a Honeywell Experion PKS Safety Manager multiple prop ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1244 | 回复：0
CVE-2022-30314

Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded Credentials. According to FSCT-2022-0052, there is a Honeywell Experion PKS Safety Manager hardcoded credentials issue. The affected componen ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1253 | 回复：0
CVE-2022-30315

Honeywell Experion PKS Safety Manager (SM and FSC) through 2022-05-06 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0053, there is a Honeywell Experion PKS Safety Manager ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1069 | 回复：0
CVE-2022-30316

Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0054, there is a Honeywell Experion PKS Safety Manager unauthenticated firmware up ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1141 | 回复：0
CVE-2022-30319

Saia Burgess Controls (SBC) PCD through 2022-05-06 allows Authentication bypass. According to FSCT-2022-0062, there is a Saia Burgess Controls (SBC) PCD S-Bus authentication bypass issue. The affected ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1020 | 回复：0
CVE-2022-30320

Saia Burgess Controls (SBC) PCD through 2022-05-06 uses a Broken or Risky Cryptographic Algorithm. According to FSCT-2022-0063, there is a Saia Burgess Controls (SBC) PCD S-Bus weak credential hashing ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1396 | 回复：0
CVE-2016-0786

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1285 | 回复：0
CVE-2016-0796

WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files is prone to multiple vulnerabilities, including open proxy and security bypass vulnerabilities because it fails to properly ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1827 | 回复：0
CVE-2016-2101

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1422 | 回复：0
CVE-2016-2122

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1237 | 回复：0
CVE-2016-3692

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1226 | 回复：0
CVE-2016-3700

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：929 | 回复：0
CVE-2016-3701

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：971 | 回复：0
CVE-2016-3709

Possible cross-site scripting vulnerability in libxml after commit 960f0e2.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1171 | 回复：0
CVE-2016-3730

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1319 | 回复：0
CVE-2016-4426

In zulip before 1.3.12, bot API keys were accessible to other users in the same realm.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1125 | 回复：0
CVE-2016-4427

In zulip before 1.3.12, deactivated users could access messages if SSO was enabled.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1120 | 回复：0
CVE-2016-4452

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1156 | 回复：0
CVE-2016-4458

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1399 | 回复：0