CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-24919

An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. The payload can be executed only with a known CSRF token value of the vic ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：37 | 回复：0
CVE-2022-24734

MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：34 | 回复：0
CVE-2022-24741

Nextcloud server is an open source, self hosted cloud style services platform. In affected versions an attacker can cause a denial of service by uploading specially crafted files which will cause the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：31 | 回复：0
CVE-2021-22783

A CWE-200: Information Exposure vulnerability exists which could allow a session hijack when the door panel is communicating with the door. Affected Product: Ritto Wiser Door (All versions)……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：33 | 回复：0
CVE-2022-24322

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineerin ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：31 | 回复：0
CVE-2022-24323

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：34 | 回复：0
CVE-2022-24744

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions user sessions are not logged out if the password is reset via password r ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：33 | 回复：0
CVE-2022-24745

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared between customers when HTTP cache is enabled. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：34 | 回复：0
CVE-2022-24746

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions it is possible to inject code via the voucher code form. This issue has ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：33 | 回复：0
CVE-2022-24747

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Affected versions of shopware do no properly set sensitive HTTP headers to be non-cacheable. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：30 | 回复：0
CVE-2022-24748

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In versions prior to 6.4.8.2 it is possible to modify customers and to create orders without ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：32 | 回复：0
CVE-2022-24753

Stripe CLI is a command-line tool for the Stripe eCommerce platform. A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. T ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：35 | 回复：0
CVE-2022-0890

NULL Pointer Dereference in GitHub repository mruby/mruby prior to 3.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：44 | 回复：0
CVE-2021-38296

Apache Spark supports end-to-end encryption of RPC connections via spark.authenticate and spark.network.crypto.enabled. In versions 3.1.2 and earlier, it uses a bespoke mutual authentication protocol ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：206 | 回复：0
CVE-2022-0895

Static Code Injection in GitHub repository microweber/microweber prior to 1.3.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：54 | 回复：0
CVE-2022-0905

Improper Authorization in GitHub repository go-gitea/gitea prior to 1.16.4.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：54 | 回复：0
CVE-2022-0906

Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1.12.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：58 | 回复：0
CVE-2020-14111

A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：85 | 回复：0
CVE-2020-14112

Information Leak Vulnerability exists in the Xiaomi Router AX6000. The vulnerability is caused by incorrect routing configuration. Attackers can exploit this vulnerability to download part of the file ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：128 | 回复：0
CVE-2020-14115

A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：192 | 回复：0
CVE-2020-36123

saitoha libsixel v1.8.6 was discovered to contain a double free via the component sixel_chunk_destroy at /root/libsixel/src/chunk.c.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：110 | 回复：0
CVE-2020-36517

An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS re ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：97 | 回复：0
CVE-2021-20269

A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The h ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：137 | 回复：0
CVE-2021-28488

Ericsson Network Manager (ENM) before 21.2 has incorrect access-control behavior (that only affects the level of access available to persons who were already granted a highly privileged role). Users i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：69 | 回复：0
CVE-2021-32005

Cross-site Scripting (XSS) vulnerability in log view of Secomea SiteManager allows a logged in user to store javascript for later execution. This issue affects: Secomea SiteManager Version 9.6.6214210 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：47 | 回复：0
CVE-2021-32006

This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Permission Issues vulnerability in LinkManager web portal of Secomea GateManager allows logged in LinkManager user ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：51 | 回复：0
CVE-2021-32025

An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safet ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：51 | 回复：0
CVE-2021-32434

abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculate_beam at draw.c.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：63 | 回复：0
CVE-2021-32435

Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：45 | 回复：0
CVE-2021-32436

An out-of-bounds read in the function write_title() in subs.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：59 | 回复：0
CVE-2021-32501

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：39 | 回复：0
CVE-2021-32502

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：37 | 回复：0
CVE-2021-32505

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：55 | 回复：0
CVE-2021-33293

Panorama Tools libpano13 v2.9.20 was discovered to contain an out-of-bounds read in the function panoParserFindOLine() in parser.c.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：41 | 回复：0
CVE-2021-33851

A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the Custom l ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：41 | 回复：0
CVE-2021-33852

A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the Duplicat ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：42 | 回复：0
CVE-2021-34122

The function bitstr_tell at bitstr.c in ffjpeg commit 4ab404e has a NULL pointer dereference.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：41 | 回复：0
CVE-2021-34338

Ming 0.4.8 has an out-of-bounds buffer overwrite issue in the function getName() in decompiler.c file that causes a direct segmentation fault and leads to denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：47 | 回复：0
CVE-2021-34339

Ming 0.4.8 has an out-of-bounds buffer access issue in the function getString() in decompiler.c file that causes a direct segmentation fault and leads to denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：61 | 回复：0
CVE-2021-34340

Ming 0.4.8 has an out-of-bounds buffer access issue in the function decompileINCR_DECR() in decompiler.c file that causes a direct segmentation fault and leads to denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:50 | 阅读：72 | 回复：0