CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-30597

A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-30598

A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-30599

A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-30600

A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2021-38944

IBM DataPower Gateway 10.0.2.0 through 1.0.3.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-1771

Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-30033

Tenda TX9 Pro V22.03.02.10 is vulnerable to Buffer Overflow via the functtion setIPv6Status() in httpd module.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-30990

Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Linux) before build 29240, Acronis Agent (Linux) before build 28037……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-30991

HTML injection via report name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-30992

Open redirect via user-controlled query parameter. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-30993

Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-30994

Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 29240……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-1774

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-29229

CaSS is a Competency and Skills System. CaSS Library, (npm:cassproject) has a missing cryptographic step when storing cryptographic keys that can allow a server administrator access to an account’s c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-29230

Hydrogen is a React-based framework for building dynamic, Shopify-powered custom storefronts. There is a potential Cross-Site Scripting (XSS) vulnerability where an arbitrary user is able to execute s ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-30138

Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-29104, CVE-2022-29132.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-28348

Arm Mali GPU Kernel Driver (Midgard r4p0 through r31p0, Bifrost r0p0 through r36p0 before r37p0, and Valhall r19p0 through r36p0 before r37p0) allows improper GPU memory operations to reach a use-afte ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：7 | 回复：0
CVE-2022-28349

Arm Mali GPU Kernel Driver has a use-after-free: Midgard r28p0 through r29p0 before r30p0, Bifrost r17p0 through r23p0 before r24p0, and Valhall r19p0 through r23p0 before r24p0.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：7 | 回复：0
CVE-2022-28350

Arm Mali GPU Kernel Driver allows improper GPU operations in Valhall r29p0 through r36p0 before r37p0 to reach a use-after-free situation.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：7 | 回复：0
CVE-2022-1670

When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users. It was possible to bypass this restriction of validity to create extra us ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：7 | 回复：0
CVE-2022-1183

On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-o ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：7 | 回复：0
CVE-2022-1785

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：8 | 回复：0
CVE-2021-41938

An issue was discovered in ShopXO CMS 2.2.0. After entering the management page, there is an arbitrary file upload vulnerability in three locations.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：9 | 回复：0
CVE-2022-1730

Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 18.0.4.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：9 | 回复：0
CVE-2022-30018

Mobotix Control Center (MxCC) through 2.5.4.5 has Insufficiently Protected Credentials, Storing Passwords in a Recoverable Format via the MxCC.ini config file. The credential storage method in this so ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：9 | 回复：0
CVE-2021-26630

Improper input validation vulnerability in HANDY Groupware’s ActiveX moudle allows attackers to download or execute arbitrary files. This vulnerability can be exploited by using the file download or ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：9 | 回复：0
CVE-2021-26631

Improper input validation vulnerability in Mangboard commerce package could lead to occur for abnormal request. A remote attacker can exploit this vulnerability to manipulate the total order amount in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：9 | 回复：0
CVE-2021-37413

GRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in the admin login interface. A remote unauthenticated attacker can exploit this vulnerability to obtain administrative access to the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：10 | 回复：0
CVE-2021-45730

JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Repository Layouts while Repository Layouts configuration should onl ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：9 | 回复：0
CVE-2022-22976

Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work facto ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：9 | 回复：0
CVE-2022-22978

In Spring Security versions 5.5.6 and 5.6.3 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMa ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：9 | 回复：0
CVE-2020-4970

IBM Security Identity Governance and Intelligence 5.2.4, 5.2.5, and 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：10 | 回复：0
CVE-2022-1796

Use After Free in GitHub repository vim/vim prior to 8.2.4979.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：11 | 回复：0
CVE-2022-28927

A remote code execution (RCE) vulnerability in Subconverter v0.7.2 allows attackers to execute arbitrary code via crafted config and url parameters.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：11 | 回复：0
CVE-2022-29446

Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Counter Box plugin = 1.1.1 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：12 | 回复：0
CVE-2022-29449

Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Opal Hotel Room Booking plugin = 1.2.7 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：13 | 回复：0
CVE-2020-14496

Successful exploitation of this vulnerability for multiple Mitsubishi Electric Factory Automation Engineering Software Products of various versions could allow an attacker to escalate privilege and ex ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：15 | 回复：0
CVE-2020-16209

A malicious attacker could exploit the interface of the Fieldcomm Group HART-IP (release 1.0.0.0) by constructing messages with sufficiently large payloads to overflow the internal buffer and crash th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：15 | 回复：0
CVE-2020-16231

The affected Bachmann Electronic M-Base Controllers of version MSYS v1.06.14 and later use weak cryptography to protect device passwords. Affected controllers that are actively supported include MX207 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：18 | 回复：0
CVE-2020-16235

Inadequate encryption may allow the credentials used by Emerson OpenEnterprise, up through version 3.3.5, to access field devices and external systems to be obtained.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：17 | 回复：0