CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-27340

MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/saveOrUpdateRole.do. This vulnerability allows attackers to escalate privileges and modify data.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：16 | 回复：0
CVE-2022-27341

JFinalCMS v2.0 was discovered to contain a SQL injection vulnerability via the Article Management function.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：15 | 回复：0
CVE-2022-27342

Link-Admin v0.0.1 was discovered to contain a SQL injection vulnerability via DictRest.ResponseResult().……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：14 | 回复：0
CVE-2021-3721

A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.20.10282 that could allow an attacker with local access to trigger a blue screen error.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：13 | 回复：0
CVE-2021-3722

A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow configuration files to be written to non-standard locations during installation.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：14 | 回复：0
CVE-2021-3849

An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthentic ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：14 | 回复：0
CVE-2021-3897

An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware during an that could allow an ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：17 | 回复：0
CVE-2021-3898

Versions of Motorola Ready For and Motorola Device Help Android applications prior to 2021-04-08 do not properly verify the server certificate which could lead to the communication channel being acces ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：16 | 回复：0
CVE-2021-3970

A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute ar ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：17 | 回复：0
CVE-2021-3971

A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with ele ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：19 | 回复：0
CVE-2021-3972

A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices' BIOS that was mistakenly not deactivated may allow an attacker with elevated privi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：20 | 回复：0
CVE-2021-4210

A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privilege ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：23 | 回复：0
CVE-2021-4211

A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevat ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：17 | 回复：0
CVE-2021-4212

A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arb ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：21 | 回复：0
CVE-2022-0192

A DLL search path vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow privilege escalation.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：20 | 回复：0
CVE-2022-0354

A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：20 | 回复：0
CVE-2022-0636

A denial of service vulnerability was reported in Lenovo Thin Installer prior to version 1.3.0039 that could trigger a system crash.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：22 | 回复：0
CVE-2022-1107

During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：18 | 回复：0
CVE-2022-1108

A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated pri ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：19 | 回复：0
CVE-2022-1427

Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby/mruby prior to 3.2. # Impact: Possible arbitrary code execution if being exploited.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：28 | 回复：0
CVE-2022-1444

heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.7.0. This vulnerability is capable of inducing denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：22 | 回复：0
CVE-2022-1445

Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：22 | 回复：0
CVE-2022-1451

Out-of-bounds Read in r_bin_java_constant_value_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：24 | 回复：0
CVE-2022-1452

Out-of-bounds Read in r_bin_java_bootstrap_methods_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. T ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：37 | 回复：0
CVE-2022-29077

A heap-based buffer overflow exists in rippled before 1.8.5. The vulnerability allows attackers to cause a crash or execute commands remotely on a rippled node, which may lead to XRPL mainnet DoS or c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：36 | 回复：0
CVE-2022-29546

HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction (PI) data leads to heap memory consumption. T ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：44 | 回复：0
CVE-2019-25059

Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：53 | 回复：0
CVE-2022-29603

A SQL Injection vulnerability exists in UniverSIS UniverSIS-API through 1.2.1 via the $select parameter to multiple API endpoints. A remote authenticated attacker could send crafted SQL statements to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：77 | 回复：0
CVE-2021-40680

There is a Directory Traversal vulnerability in Artica Proxy (4.30.000000 SP206 through SP255, and VMware appliance 4.30.000000 through SP273) via the filename parameter to /cgi-bin/main.cgi.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：48 | 回复：0
CVE-2021-36628

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-40680. Reason: This candidate is a reservation duplicate of CVE-2021-40680. Notes: All CVE users should reference CVE-2021-40680 ins ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：58 | 回复：0
CVE-2022-29264

An issue was discovered in coreboot 4.13 through 4.16. On APs, arbitrary code execution in SMM may occur.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：27 | 回复：0
CVE-2022-1457

Store XSS in title parameter executing at EditUser Page EditProducto page in GitHub repository neorazorx/facturascripts prior to 2022.04. Cross-site scripting attacks can have devastating consequence ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：29 | 回复：0
CVE-2022-1458

Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr prior to 6.1.0.1.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：23 | 回复：0
CVE-2022-1459

Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：23 | 回复：0
CVE-2021-45836

An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by injecting a maliciously crafted input in the request through /tos/index. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：20 | 回复：0
CVE-2021-45837

It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending a specifically crafted input to /tos/index.php?app/del.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：19 | 回复：0
CVE-2021-45839

It is possible to obtain the first administrator's hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) as well as other information such as MAC address, internal ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：19 | 回复：0
CVE-2021-45840

It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending specifically crafted input to /tos/index.php?app/app_start_stop.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：20 | 回复：0
CVE-2021-45841

In Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517), an attacker can self-sign session cookies by knowing the target's MAC address and the user's password hash. Guest users (disabled b ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：20 | 回复：0
CVE-2021-45842

It is possible to obtain the first administrator's hash set up in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) on the system as well as other information such as MAC address, internal ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：20 | 回复：0