CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-26854

Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system acces ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：57 | 回复：0
CVE-2022-26855

Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability, leading to a denial of serv ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：36 | 回复：0
CVE-2021-43149

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：48 | 回复：0
CVE-2022-26180

qdPM 9.2 allows Cross-Site Request Forgery (CSRF) via the index.php/myAccount/update URI.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：46 | 回复：0
CVE-2022-26588

A Cross-Site Request Forgery (CSRF) in IceHrm 31.0.0.OS allows attackers to delete arbitrary users or achieve account takeover via the app/service.php URI.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：44 | 回复：0
CVE-2022-27883

A link following vulnerability in Trend Micro Antivirus for Mac 11.5 could allow an attacker to create a specially-crafted file as a symlink that can lead to privilege escalation. Please note that an ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：44 | 回复：0
CVE-2022-26877

Asana Desktop before 1.6.0 allows remote attackers to exfiltrate local files if they can trick the Asana desktop app into loading a malicious web page.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：43 | 回复：0
CVE-2022-27149

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：43 | 回复：0
CVE-2022-28363

Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/login_process username parameter via GET. No authentication is required.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：42 | 回复：0
CVE-2022-28364

Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/rlmswitchr_process file parameter via GET. Authentication is required.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：46 | 回复：0
CVE-2022-28365

Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with s ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：42 | 回复：0
CVE-2022-1287

A vulnerability classified as critical was found in School Club Application System 1.0. This vulnerability affects a request to the file /scas/classes/Users.php?f=save_user. The manipulation with a PO ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：39 | 回复：0
CVE-2022-1288

A vulnerability, which was classified as problematic, has been found in School Club Application System 1.0. This issue affects access to /scas/admin/. The manipulation of the parameter page with the i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：44 | 回复：0
CVE-2022-1276

Out-of-bounds Read in mrb_get_args in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：44 | 回复：0
CVE-2022-1286

heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：45 | 回复：0
CVE-2022-1289

A denial of service vulnerability was found in tildearrow Furnace. It has been classified as problematic. This is due to an incomplete fix of CVE-2022-1211. It is possible to initiate the attack remot ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：42 | 回复：0
CVE-2022-1290

Stored XSS in Name, Group Name Title in GitHub repository polonel/trudesk prior to v1.2.0. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hija ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：43 | 回复：0
CVE-2022-1291

XSS vulnerability with default `onCellHtmlData` function in GitHub repository hhurz/tableexport.jquery.plugin prior to 1.25.0. Transmitting cookies to third-party servers. Sending data from secure ses ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：43 | 回复：0
CVE-2022-27125

zbzcms v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the neirong parameter at /php/ajax.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：46 | 回复：0
CVE-2022-27126

zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the art parameter at /include/make.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：50 | 回复：0
CVE-2022-27127

zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php/ajax.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：52 | 回复：0
CVE-2022-27128

An incorrect access control issue at /admin/run_ajax.php in zbzcms v1.0 allows attackers to arbitrarily add administrator accounts.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：61 | 回复：0
CVE-2022-27129

An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：57 | 回复：0
CVE-2022-27131

An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：59 | 回复：0
CVE-2022-27133

zbzcms v1.0 was discovered to contain an arbitrary file deletion vulnerability via /include/up.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：54 | 回复：0
CVE-2022-27268

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component get_cgi_from_memory. This vulnerability i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：97 | 回复：0
CVE-2022-27269

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component config_ovpn. This vulnerability is trigge ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：65 | 回复：0
CVE-2022-27270

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component ipsec_secrets. This vulnerability is trig ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：90 | 回复：0
CVE-2022-27271

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component python-lib. This vulnerability is trigger ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：123 | 回复：0
CVE-2022-27272

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_1791C. This vulnerability is triggered ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：115 | 回复：0
CVE-2022-27273

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_12168. This vulnerability is triggered ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：160 | 回复：0
CVE-2022-27274

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_12028. This vulnerability is triggered ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：316 | 回复：0
CVE-2022-27275

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_122D0. This vulnerability is triggered ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：178 | 回复：0
CVE-2022-27276

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_10F2C. This vulnerability is triggered ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：114 | 回复：0
CVE-2022-27277

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain an arbitrary file deletion vulnerability via the function sub_17C08.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：93 | 回复：0
CVE-2022-27279

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain an arbitrary file read via the function sub_177E0.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：97 | 回复：0
CVE-2022-27280

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the web_exec parameter at /apply.cgi.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：177 | 回复：0
CVE-2022-27286

D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanNonLogin. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：112 | 回复：0
CVE-2022-27287

D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanPPPoE. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：86 | 回复：0
CVE-2022-27288

D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanPPTP. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：72 | 回复：0