CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-30321

HashiCorp go-getter through 2.0.2 does not safely perform downloads (issue 1 of 3).……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：20 | 回复：0
CVE-2022-30322

HashiCorp go-getter through 2.0.2 does not safely perform downloads (issue 2 of 3).……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：18 | 回复：0
CVE-2022-30323

HashiCorp go-getter through 2.0.2 does not safely perform downloads (issue 3 of 3).……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：17 | 回复：0
CVE-2022-30595

libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：15 | 回复：0
CVE-2022-1851

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：10 | 回复：0
CVE-2022-29379

** DISPUTED ** Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c. NOTE: multiple third parties dispute this report, e.g ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：8 | 回复：0
CVE-2022-29650

Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the Search parameter at /online-food-order/food-search.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：8 | 回复：0
CVE-2022-29651

An arbitrary file upload vulnerability in the Select Image function of Online Food Ordering System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：8 | 回复：0
CVE-2021-32966

Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and whe ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：8 | 回复：0
CVE-2021-32989

When a non-existent resource is requested, the LCDS LAquis SCADA application (version 4.3.1.1011 and prior) returns error messages which may allow reflected cross-site scripting.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：8 | 回复：0
CVE-2021-32997

The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. 3060/00 versions 6.98 and prior, 3500 System 1, Part No. 3071/xx 3072/xx versions 21.1 HF1 and prior, 3500 Rack Configur ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：8 | 回复：0
CVE-2021-35487

Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates (for the Manage Alerts page) ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：8 | 回复：0
CVE-2022-22127

Tableau is aware of a broken access control vulnerability present in Tableau Server affecting Tableau Server customers using Local Identity Store for managing users. The vulnerability allows a malicio ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：8 | 回复：0
CVE-2022-29380

Academy-LMS v4.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the SEO panel.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：8 | 回复：0
CVE-2022-1678

An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：8 | 回复：0
CVE-2021-44719

Docker Desktop 4.3.0 has Incorrect Access Control.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：8 | 回复：0
CVE-2022-1348

A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：7 | 回复：0
CVE-2022-23775

TrueStack Direct Connect 1.4.7 has Incorrect Access Control.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：7 | 回复：0
CVE-2022-27305

Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixation.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：8 | 回复：0
CVE-2022-28875

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aemobile component can crash the scanning engine. The exploit can ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：6 | 回复：0
CVE-2022-29408

Persistent Cross-Site Scripting (XSS) vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin = 1.8.7 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：6 | 回复：0
CVE-2022-30427

In ginadmin through 05-10-2022 the incoming path value is not filtered, resulting in directory traversal.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：6 | 回复：0
CVE-2022-30428

In ginadmin through 05-10-2022, the incoming path value is not filtered, resulting in arbitrary file reading.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：6 | 回复：0
CVE-2021-27779

VersionVault Express exposes sensitive information that an attacker can use to impersonate the server or eavesdrop on communications with the server.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：6 | 回复：0
CVE-2021-27783

User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：6 | 回复：0
CVE-2022-29248

Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the d ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：6 | 回复：0
CVE-2022-29402

TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. This vulnerability allows attackers to connect to the UART port via a serial connection and execute comm ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：6 | 回复：0
CVE-2022-26026

A denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to loss o ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：6 | 回复：0
CVE-2022-26043

An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：6 | 回复：0
CVE-2022-26067

An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：6 | 回复：0
CVE-2022-26077

A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted net ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：6 | 回复：0
CVE-2022-26082

A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to r ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：6 | 回复：0
CVE-2022-26303

An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can l ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：6 | 回复：0
CVE-2022-26833

An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthentica ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：6 | 回复：0
CVE-2022-27169

An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：6 | 回复：0
CVE-2022-29251

XWiki Platform Flamingo Theme UI is a tool that allows customization and preview of any Flamingo-based skin. Starting with versions 6.2.4 and 6.3-rc-1, a possible cross-site scripting vector is presen ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：6 | 回复：0
CVE-2022-29252

XWiki Platform Wiki UI Main Wiki is a package for managing subwikis. Starting with version 5.3-milestone-2, XWiki Platform Wiki UI Main Wiki contains a possible cross-site scripting vector in the `Wik ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：6 | 回复：0
CVE-2022-29253

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with version 8.3-rc-1 and prior to versions 12.10.3 and 14.0, one can ask for any file ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：6 | 回复：0
CVE-2022-31620

In libjpeg before 1.64, BitStreamfalse::Get in bitstream.hpp has an assertion failure that may cause denial of service. This is related to out-of-bounds array access during arithmetically coded lossle ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：6 | 回复：0
CVE-2022-31621

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt-dest_file == NULL) while executing the method xbstream_open, the h ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：6 | 回复：0