CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-27952

An arbitrary file upload vulnerability in the file upload module of PayloadCMS v0.15.0 allows attackers to execute arbitrary code via a crafted SVG file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：42 | 回复：0
CVE-2022-28213

When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, whi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：32 | 回复：0
CVE-2022-28215

SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：39 | 回复：0
CVE-2022-28216

SAP BusinessObjects Business Intelligence Platform (BI Workspace) - version 420, is susceptible to a Cross-Site Scripting attack by an unauthenticated attacker due to improper sanitization of the user ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：30 | 回复：0
CVE-2022-28396

Apostrophe v3.16.1 was discovered to contain a remote code execution (RCE) vulnerability via the component uploadfs.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：33 | 回复：0
CVE-2022-28397

** DISPUTED ** An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. NOTE: Vendor states as detailed in G ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：28 | 回复：0
CVE-2022-28770

Due to insufficient input validation, SAPUI5 library(vbm) - versions 750, 753, 754, 755, 75, allows an unauthenticated attacker to inject a script into the URL and execute code. On successful exploita ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：23 | 回复：0
CVE-2022-28772

By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL6 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：26 | 回复：0
CVE-2022-28773

Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：47 | 回复：0
CVE-2022-28795

A vulnerability within the Avira Password Manager Browser Extensions provided a potential loophole where, if a user visited a page crafted by an attacker, the discovered vulnerability could trigger th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：67 | 回复：0
CVE-2021-28544

Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：76 | 回复：0
CVE-2022-22549

Dell PowerScale OneFS, 8.2.x-9.3.x, contains a Improper Certificate Validation. A unauthenticated remote attacker could potentially exploit this vulnerability, leading to a man-in-the-middle capture o ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：71 | 回复：0
CVE-2022-22550

Dell PowerScale OneFS, versions 8.2.2 and above, contain a password disclosure vulnerability. An unprivileged local attacker could potentially exploit this vulnerability, leading to account take over.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：55 | 回复：0
CVE-2022-22559

Dell PowerScale OneFS, version 9.3.0, contains a use of a broken or risky cryptographic algorithm. An unprivileged network attacker could exploit this vulnerability, leading to the potential for infor ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：43 | 回复：0
CVE-2022-22560

Dell EMC PowerScale OneFS 8.1.x - 9.1.x contain hard coded credentials. This allows a local user with knowledge of the credentials to login as the admin user to the backend ethernet switch of a PowerS ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：43 | 回复：0
CVE-2022-22561

Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contain an improper restriction of excessive authentication attempts. An unauthenticated remote attacker could potentially exploit this vulnerability, le ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：42 | 回复：0
CVE-2022-22562

Dell PowerScale OneFS, versions 8.2.0-9.3.0, contain a improper handling of missing values exploit. An unauthenticated network attacker could potentially exploit this denial-of-service vulnerability.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：32 | 回复：0
CVE-2022-22565

Dell PowerScale OneFS, versions 9.0.0-9.3.0, contain an improper authorization of index containing sensitive information. An authenticated and privileged user could potentially exploit this vulnerabil ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：40 | 回复：0
CVE-2022-23159

Dell PowerScale OneFS, 8.2.2 - 9.3.0.x, contain a missing release of memory after effective lifetime vulnerability. An authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE and ISI_ ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：49 | 回复：0
CVE-2022-23160

Dell PowerScale OneFS, versions 8.2.0-9.3.0, contains an Improper Handling of Insufficient Permissions vulnerability. An remote malicious user could potentially exploit this vulnerability, leading to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：69 | 回复：0
CVE-2022-23161

Dell PowerScale OneFS versions 8.2.x - 9.3.0.x contain a denial-of-service vulnerability in SmartConnect. An unprivileged network attacker may potentially exploit this vulnerability, leading to denial ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：49 | 回复：0
CVE-2022-23163

Dell PowerScale OneFS, 8.2,x, 9.1.0.x, 9.2.1.x, and 9.3.0.x contain a denial of service vulnerability. A local malicious user could potentially exploit this vulnerability, leading to denial of service ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：42 | 回复：0
CVE-2022-24070

Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected S ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：30 | 回复：0
CVE-2022-24411

Dell PowerScale OneFS 8.2.2 and above contain an elevation of privilege vulnerability. A local attacker with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE could potentially exploit this vulnerabili ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：29 | 回复：0
CVE-2022-24412

Dell EMC PowerScale OneFS 8.2.x - 9.3.0.x contain an improper handling of value vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to denial-of-servi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：32 | 回复：0
CVE-2022-24413

Dell PowerScale OneFS, versions 8.2.2-9.3.x, contain a time-of-check-to-time-of-use vulnerability. A local user with access to the filesystem could potentially exploit this vulnerability, leading to d ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：27 | 回复：0
CVE-2022-24767

GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：25 | 回复：0
CVE-2022-24842

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. A security issue was found where an non-admin user is able to create service accounts for root or othe ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：24 | 回复：0
CVE-2022-26894

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-202 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：69 | 回复：0
CVE-2022-26900

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26908, CVE-2022-26909, CVE-202 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：67 | 回复：0
CVE-2022-26908

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26909, CVE-202 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：81 | 回复：0
CVE-2022-26909

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-202 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：101 | 回复：0
CVE-2022-26912

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-202 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：90 | 回复：0
CVE-2022-27123

Employee Performance Evaluation v1.0 was discovered to contain a SQL injection vulnerability via the email parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：91 | 回复：0
CVE-2022-27124

Insurance Management System 1.0 was discovered to contain a SQL injection vulnerability via the username parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：155 | 回复：0
CVE-2022-27304

Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via the user parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：81 | 回复：0
CVE-2022-28115

Online Sports Complex Booking v1.0 was discovered to contain a SQL injection vulnerability via the id parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：73 | 回复：0
CVE-2022-28116

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：113 | 回复：0
CVE-2022-28467

Online Student Admission v1.0 was discovered to contain a SQL injection vulnerability via the txtapplicationID parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：101 | 回复：0
CVE-2022-28468

Payroll Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：51 | 回复：0