CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-30450

A Remote Code Execution (RCE) vulnerability exists in waimairen 9.1 via wx.php……

作者：菜鸟教程小白 | 时间：2022-6-23 09:35 | 阅读：129 | 回复：0
CVE-2022-30451

An authenticated user could execute code via a SQLi vulnerability in waimairenCMS before version 9.1.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:35 | 阅读：143 | 回复：0
CVE-2022-29596

MicroStrategy Enterprise Manager 2022 allows authentication bypass by triggering a login failure and then entering the Uid=/../../../../../../../../../../../windows/win.ini%00.jpgPwd=_any_password_Con ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:35 | 阅读：108 | 回复：0
CVE-2022-29855

Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have undocumented functionality. A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:35 | 阅读：96 | 回复：0
CVE-2022-30557

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:35 | 阅读：56 | 回复：0
CVE-2022-30592

liblsquic/lsquic_qenc_hdl.c in LiteSpeed QUIC (aka LSQUIC) before 3.1.0 mishandles MAX_TABLE_CAPACITY.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:35 | 阅读：50 | 回复：0
CVE-2022-30594

The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:35 | 阅读：35 | 回复：0
CVE-2022-1044

Sensitive Data Exposure Due To Insecure Storage Of Profile Image in GitHub repository polonel/trudesk prior to v1.2.1.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:35 | 阅读：30 | 回复：0
CVE-2022-1681

Authentication Bypass Using an Alternate Path or Channel in GitHub repository requarks/wiki prior to 2.5.281. User can get root user permissions……

作者：菜鸟教程小白 | 时间：2022-6-23 09:35 | 阅读：25 | 回复：0
CVE-2022-29885

The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to ru ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:35 | 阅读：23 | 回复：0
CVE-2022-1682

Reflected Xss using url based payload in GitHub repository neorazorx/facturascripts prior to 2022.07. Xss can use to steal user's cookies which lead to Account takeover or do any malicious activit ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:35 | 阅读：23 | 回复：0
CVE-2022-29927

In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible……

作者：菜鸟教程小白 | 时间：2022-6-23 09:35 | 阅读：18 | 回复：0
CVE-2022-29928

In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible……

作者：菜鸟教程小白 | 时间：2022-6-23 09:35 | 阅读：19 | 回复：0
CVE-2022-29929

In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible……

作者：菜鸟教程小白 | 时间：2022-6-23 09:35 | 阅读：13 | 回复：0
CVE-2022-29930

SHA1 implementation in JetBrains Ktor Native before 2.0.1 was returning the same value……

作者：菜鸟教程小白 | 时间：2022-6-23 09:35 | 阅读：13 | 回复：0
CVE-2022-1650

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository eventsource/eventsource prior to v2.0.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:35 | 阅读：12 | 回复：0
CVE-2022-1674

NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:35 | 阅读：13 | 回复：0
CVE-2022-28872

A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the address bar was not correct if navigation fa ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:35 | 阅读：14 | 回复：0
CVE-2022-28873

A vulnerability affecting F-Secure SAFE browser was discovered. An attacker can potentially exploit Javascript window.open functionality in SAFE Browser which could lead address bar spoofing attacks.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:35 | 阅读：14 | 回复：0
CVE-2021-42863

A buffer overflow in ecma_builtin_typedarray_prototype_filter() in JerryScript version fe3a5c0 allows an attacker to construct a fake object or a fake arraybuffer with unlimited size.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:35 | 阅读：14 | 回复：0
CVE-2022-30525

A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 fir ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:35 | 阅读：14 | 回复：0
CVE-2022-29538

RESI Gemini-Net Web 4.2 is affected by Improper Access Control in authorization logic. An unauthenticated user is able to access some critical resources.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:35 | 阅读：12 | 回复：0
CVE-2022-29539

resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command Injection. It does not properly check the parameters sent as input before they are processed on the server. Due to the lack of validatio ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:35 | 阅读：14 | 回复：0
CVE-2022-29747

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/manage_invoiceid= // Leak place --- id.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:35 | 阅读：13 | 回复：0
CVE-2022-29748

Simple Client Management System 1.0 is vulnerable to SQL Injection via \cms\admin?page=client/manage_clientid=.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:35 | 阅读：12 | 回复：0
CVE-2022-29749

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_invoice.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:35 | 阅读：13 | 回复：0
CVE-2022-29750

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_service.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:35 | 阅读：11 | 回复：0
CVE-2022-29751

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_client.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:35 | 阅读：12 | 回复：0
CVE-2022-29979

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_designation.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:35 | 阅读：12 | 回复：0
CVE-2022-29980

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=user/manage_userid=.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:35 | 阅读：11 | 回复：0
CVE-2022-29981

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Users.php?f=delete.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:35 | 阅读：11 | 回复：0
CVE-2022-29982

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/maintenance/manage_service.php?id=.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:35 | 阅读：10 | 回复：0
CVE-2022-29983

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/view_invoiceid=.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:35 | 阅读：10 | 回复：0
CVE-2022-29984

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=client/view_clientid=.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:35 | 阅读：10 | 回复：0
CVE-2022-29985

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete_category.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:35 | 阅读：10 | 回复：0
CVE-2022-29986

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete_facility.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:35 | 阅读：9 | 回复：0
CVE-2022-29987

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=user/manage_userid=.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:35 | 阅读：8 | 回复：0
CVE-2022-29988

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:35 | 阅读：9 | 回复：0
CVE-2022-29989

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete_booking.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:35 | 阅读：8 | 回复：0
CVE-2022-29990

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/categories/view_category.php?id=.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:35 | 阅读：9 | 回复：0