CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-30412

Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/individuals/update_status.php?id=.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-30413

Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=delete_application.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-30414

Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/?page=applications/view_applicationid=.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-30415

Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/applications/update_status.php?id=.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-30417

Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via ctpms/admin/?page=user/manage_userid=.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2021-27505

mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive directory listing information.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2021-33005

mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to arbitrary directories.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2021-33009

mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to the file system.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2021-33013

mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive system information.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-22252

The DFX module has a UAF vulnerability.Successful exploitation of this vulnerability may affect system stability.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-29433

Authenticated (contributor or higher role) Cross-Site Scripting (XSS) vulnerability in Donations plugin = 1.8 on WordPress.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-1715

Account Takeover in GitHub repository neorazorx/facturascripts prior to 2022.07.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-22325

IBM MQ (IBM MQ for HPE NonStop 8.1.0) can inadvertently disclose sensitive information under certain circumstances to a local user from a stack trace. IBM X-Force ID: 218853.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-22393

IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.5 , with the adminCenter-1.0 feature configured, could allow an authenticated user to issue a request to obtain the status of HTTP/HTTP ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-1701

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-1702

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Ope ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-21190

This affects the package convict before 6.2.3. This is a bypass of (https://security.snyk.io/vuln/SNYK-JS-CONVICT-2340604). The (https://github.com/mozilla/node-convict/commit/3b86be087d8f14681a9c889d ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-22281

A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client (32 and 64 bit) in 10.2.322 and earlier versions, allows an attacker to potentially execute arbitrary code in the ho ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-22282

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connections from an unauthorized actor leading to Improper Access Cont ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-25862

This affects the package sds from 0.0.0. The library could be tricked into adding or modifying properties of the Object.prototype by abusing the set function located in js/set.js. **Note:** This vulne ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-25865

The package workspace-tools before 0.18.4 are vulnerable to Command Injection via git argument injection. When calling the fetchRemoteBranch(remote: string, remoteBranch: string, cwd: string) function ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-24830

OpenClinica is an open source software for Electronic Data Capture (EDC) and Clinical Data Management (CDM). OpenClinica prior to version 3.16 is vulnerable to path traversal in multiple endpoints, le ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-24831

OpenClinica is an open source software for Electronic Data Capture (EDC) and Clinical Data Management (CDM). Versions prior to 3.16.1 are vulnerable to SQL injection due to the use of string concatena ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-1379

URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-30708

Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-e ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2021-41965

A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4.5 that allows an authenticated attacker to issue an arbitrary SQL command to the database through the unsanitized EN_tyid, theID ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-28929

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the delid parameter at viewtreatmentrecord.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-28936

FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node can trigger an integer overflow and cause a Denial of Service (DoS) via an unusually large viewchange message pac ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-28937

FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via an invalid proposal with an invalid header, will cause normal nodes to stop producing new blocks and process ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-28930

ERP-Pro v3.7.5 was discovered to contain a SQL injection vulnerability via the component /base/SysEveMenuAuthPointMapper.xml..……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-30049

A Server-Side Request Forgery (SSRF) in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-30765

Calibre-Web before 0.6.18 allows user table SQL Injection.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-30763

Janet before 1.22.0 mishandles arrays.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-30767

nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-30770

Terminalfour before 8.3.8 allows XSS, aka RDSM-31817. 8.2.18.2.1 and 8.2.18.5 are also fixed versions.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-30775

xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-30778

Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution via an unserialize pop chain in __destruct in Illuminate\Broadcasting\PendingBroadcast.php and ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-30779

Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution via an unserialize pop chain in __destruct in GuzzleHttp\Cookie\FileCookieJar.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-30781

Gitea before 1.16.7 does not escape git fetch remote.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-29586

Konica Minolta bizhub MFP devices before 2022-04-14 allow a Sandbox Escape. An attacker must attach a keyboard to a USB port, press F12, and then escape from the kiosk mode.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0