CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-45103

An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker can access files stored in S3 cloud storage that a user has asked HTCondor to transfer.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：72 | 回复：0
CVE-2022-26250

Synaman v5.1 and below was discovered to contain weak file permissions which allows authenticated attackers to escalate privileges.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：54 | 回复：0
CVE-2022-26251

The HTTP interface of Synaman v5.1 and below was discovered to allow authenticated attackers to execute arbitrary code and escalate privileges.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：42 | 回复：0
CVE-2022-26952

Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow in the function for building the Location header string when an unauthenticated user is redirected to the authentication page.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：44 | 回复：0
CVE-2022-26953

Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow. An attacker can supply a string in the page parameter for reboot.asp endpoint, allowing him to force an overflow when the strin ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：36 | 回复：0
CVE-2021-30497

Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is n ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：40 | 回复：0
CVE-2021-40374

A stored cross-site scripting (XSS) vulnerability was identified in Apperta Foundation OpenEyes 3.5.1. Updating a patient's details allows remote attackers to inject arbitrary web script or HTML v ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：33 | 回复：0
CVE-2021-40375

Apperta Foundation OpenEyes 3.5.1 allows remote attackers to view the sensitive information of patients without having the intended level of privilege. Despite OpenEyes returning a Forbidden error mes ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：38 | 回复：0
CVE-2021-45104

An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker who can capture HTCondor network data can interfere with users' jobs and data.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：42 | 回复：0
CVE-2022-26110

An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before 9.0.10, and 9.1.x before 9.6.0. When a user authenticates to an HTCondor daemon via the CLAIMTOBE method, the user can then impers ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：46 | 回复：0
CVE-2022-1248

A vulnerability was found in SAP Information System 1.0 which has been rated as critical. Affected by this issue is the file /SAP_Information_System/controllers/add_admin.php. An unauthenticated attac ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：50 | 回复：0
CVE-2022-1234

XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malici ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：74 | 回复：0
CVE-2020-29013

An improper input validation vulnerability in the sniffer interface of FortiSandbox before 3.2.2 may allow an authenticated attacker to silently halt the sniffer via specifically crafted requests.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：56 | 回复：0
CVE-2022-23441

A use of hard-coded cryptographic key vulnerability in FortiEDR versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow an unauthenticated attacker on the network to disguise as and forge messages from other c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：60 | 回复：0
CVE-2022-23446

A improper control of a resource through its lifetime in Fortinet FortiEDR version 5.0.3 and earlier allows attacker to make the whole application unresponsive via changing its root directory access p ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：59 | 回复：0
CVE-2021-24009

Multiple improper neutralization of special elements used in an OS command vulnerabilities (CWE-78) in the Web GUI of FortiWAN before 4.5.9 may allow an authenticated attacker to execute arbitrary com ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：62 | 回复：0
CVE-2021-26112

Multiple stack-based buffer overflow vulnerabilities both in network daemons and in the command line interpreter of FortiWAN before 4.5.9 may allow an unauthenticated attacker to potentially corrupt ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：62 | 回复：0
CVE-2021-26114

Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiWAN before 4.5.9 may allow an unauthenticated attacker to execute unauthorized code or commands via ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：44 | 回复：0
CVE-2021-32593

A use of a broken or risky cryptographic algorithm vulnerability in the Dynamic Tunnel Protocol of FortiWAN before 4.5.9 may allow an unauthenticated remote attacker to decrypt and forge protocol com ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：48 | 回复：0
CVE-2021-43205

An exposure of sensitive information to an unauthorized actor vulnerability in FortiClient for Linux version 7.0.2 and below, 6.4.7 and below and 6.2.9 and below may allow an unauthenticated attacker ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：41 | 回复：0
CVE-2021-44169

A improper initialization in Fortinet FortiClient (Windows) version 6.0.10 and below, version 6.2.9 and below, version 6.4.7 and below, version 7.0.3 and below allows attacker to gain administrative p ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：41 | 回复：0
CVE-2022-1237

Improper Validation of Array Index in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overfl ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：35 | 回复：0
CVE-2022-1238

Heap-based Buffer Overflow in libr/bin/format/ne/ne.c in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：32 | 回复：0
CVE-2022-23440

A use of hard-coded cryptographic key vulnerability in the registration mechanism of FortiEDR collectors versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow a local attacker to disable and uninstall the co ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：29 | 回复：0
CVE-2022-1240

Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub repository radareorg/radare2 prior to 5.8.6. If address sanitizer is disabled during the compiling, the program should executes into the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：30 | 回复：0
CVE-2022-1253

Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：28 | 回复：0
CVE-2022-24786

PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI (Reference Picture Selection Indication) packet, b ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：27 | 回复：0
CVE-2022-24793

PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.12 and prior affects applications that uses PJSIP DNS resolution. It doesn ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：32 | 回复：0
CVE-2022-27107

OrangeHRM 4.10 is vulnerable to Stored XSS in the Share Video section under OrangeBuzz via the GET/POST createVideo parameter……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：32 | 回复：0
CVE-2022-27108

OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference (IDOR) via the end point symfony/web/index.php/time/createTimesheet`. Any user can create a timesheet in another user's account. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：36 | 回复：0
CVE-2022-27109

OrangeHRM 4.10 suffers from a Referer header injection redirect vulnerability.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：39 | 回复：0
CVE-2022-27110

OrangeHRM 4.10 is vulnerable to a Host header injection redirect via viewPersonalDetails endpoint.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：40 | 回复：0
CVE-2021-22127

An improper input validation vulnerability in FortiClient for Linux 6.4.x before 6.4.3, FortiClient for Linux 6.2.x before 6.2.9 may allow an unauthenticated attacker to execute arbitrary code on the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：31 | 回复：0
CVE-2021-26104

Multiple OS command injection (CWE-78) vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, FortiAnalyzer 6.2.7 an ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：34 | 回复：0
CVE-2021-26113

A use of a one-way hash with a predictable salt vulnerability in FortiWAN before 4.5.9 may allow an attacker who has previously come in possession of the password file to potentially guess passwords ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：36 | 回复：0
CVE-2021-26116

An improper neutralization of special elements used in an OS command vulnerability in the command line interpreter of FortiAuthenticator before 6.3.1 may allow an authenticated attacker to execute una ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：34 | 回复：0
CVE-2021-32585

An improper neutralization of input during web page generation vulnerability in FortiWAN before 4.5.9 may allow an attacker to perform a stored cross-site scripting attack via specifically crafted HT ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：34 | 回复：0
CVE-2021-41026

A relative path traversal in FortiWeb versions 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially craft ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：29 | 回复：0
CVE-2022-22410

IBM Watson Query with Cloud Pak for Data as a Service could allow an authenticated user to obtain sensitive information that would allow them to examine or alter system configurations or data sources ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：33 | 回复：0
CVE-2021-43138

In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：31 | 回复：0