CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-29429

Remote Code Execution (RCE) in Alexander Stokmann's Code Snippets Extended plugin = 1.4.7 on WordPress via Cross-Site Request Forgery.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：18 | 回复：0
CVE-2022-30688

needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：16 | 回复：0
CVE-2021-35249

This broken access control vulnerability pertains specifically to a domain admin who can access configuration user data of other domains which they should not have access to. Please note the admin is ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：15 | 回复：0
CVE-2022-0486

Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affe ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：15 | 回复：0
CVE-2022-0997

Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected scri ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：18 | 回复：0
CVE-2022-1118

Connected Components Workbench (v13.00.00 and prior), ISaGRAF Workbench (v6.0 though v6.6.9), and Safety Instrumented System Workstation (v1.2 and prior (for Trusted Controllers)) do not limit the obj ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：18 | 回复：0
CVE-2022-23706

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：13 | 回复：0
CVE-2022-24388

Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox com ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：13 | 回复：0
CVE-2022-24389

Vulnerability in rconfig “cert_utils” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandb ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：12 | 回复：0
CVE-2022-24390

Vulnerability in rconfig “remote_text_file” enables an attacker with user level access to the CLI to inject user level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：13 | 回复：0
CVE-2022-24391

Vulnerability in Fidelis Network and Deception CommandPost enables SQL injection through the web interface by an attacker with user level access. The vulnerability is present in Fidelis Network and De ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：13 | 回复：0
CVE-2022-24392

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “feed_comm_test” value for the “feed” parameter. The vulnerab ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：12 | 回复：0
CVE-2022-24393

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “check_vertica_upgrade” value for the “cpIp” parameter. The v ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：11 | 回复：0
CVE-2022-24394

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “update_checkfile” value for the “filename” parameter. The vu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：11 | 回复：0
CVE-2022-28181

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a speciall ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：11 | 回复：0
CVE-2022-28182

NVIDIA GPU Display Driver for Windows contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), where an unauthorized attacker on the network can cause an out-of-bounds write throug ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：10 | 回复：0
CVE-2022-28183

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause an out-of-bounds read, which may lead to denial of servi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：10 | 回复：0
CVE-2022-28184

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can access administrator- ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：9 | 回复：0
CVE-2022-28185

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the ECC layer, where an unprivileged regular user can cause an out-of-bounds write, which may lead to denial of service and ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：9 | 回复：0
CVE-2022-28186

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or inc ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：8 | 回复：0
CVE-2022-28187

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where the memory management software does not release a resource after its effective lifetime ha ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：8 | 回复：0
CVE-2022-28188

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or inc ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：9 | 回复：0
CVE-2022-28189

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a NULL pointer dereference may lead to a system crash.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：9 | 回复：0
CVE-2022-28190

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where improper input validation can cause denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：9 | 回复：0
CVE-2022-28191

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where uncontrolled resource consumption can be triggered by an unprivileged regular user, which may lead to denial ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：7 | 回复：0
CVE-2022-28192

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where it may lead to a use-after-free, which in turn may cause denial of service. This attack is complex to carry ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：7 | 回复：0
CVE-2022-28617

A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：7 | 回复：0
CVE-2022-29435

Cross-Site Request Forgery (CSRF) vulnerability in Alexander Stokmann's Code Snippets Extended plugin = 1.4.7 on WordPress allows an attacker to delete or to turn on/off snippets.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-29436

Persistent Cross-Site Scripting (XSS) vulnerability in Alexander Stokmann's Code Snippets Extended plugin = 1.4.7 on WordPress via Cross-Site Request Forgery (vulnerable parameters title, snippet_ ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-30045

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap out-of-bounds read.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-30052

In Home Clean Service System 1.0, the password parameter is vulnerable to SQL injection attacks.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-30053

In Toll Tax Management System 1.0, the id parameter appears to be vulnerable to SQL injection attacks.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-30054

In Covid 19 Travel Pass Management 1.0, the code parameter is vulnerable to SQL injection attacks.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-1356

cnMaestro is vulnerable to a local privilege escalation. By default, a user does not have root privileges. However, a user can run scripts as sudo, which could allow an attacker to gain root privilege ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-1357

The affected On-Premise cnMaestro allows an unauthenticated attacker to access the cnMaestro server and execute arbitrary code in the privileges of the web server. This lack of validation could allow ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-1358

The affected On-Premise is vulnerable to data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate and dump all data held ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：6 | 回复：0
CVE-2022-1359

The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. If an attacker supplied path tra ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：7 | 回复：0
CVE-2022-1360

The affected On-Premise cnMaestro is vulnerable to execution of code on the cnMaestro hosting server. This could allow a remote attacker to change server configuration settings.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：7 | 回复：0
CVE-2022-1361

The affected On-Premise cnMaestro is vulnerable to a pre-auth data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate d ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：7 | 回复：0
CVE-2022-24103

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code exec ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:35 | 阅读：67 | 回复：0