CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-28557

There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin device web, which can also cooperate with CVE-2021-44971 to cau ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：75 | 回复：0
CVE-2022-28940

In H3C MagicR100 =V100R005, the / Ajax / ajaxget interface can be accessed without authorization. It sends a large amount of data through ajaxmsg to carry out DOS attack.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：68 | 回复：0
CVE-2021-42235

SQL injection in osTicket before 1.14.8 and 1.15.4 login and password reset process allows attackers to access the osTicket administration profile functionality.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：104 | 回复：0
CVE-2022-20734

A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：125 | 回复：0
CVE-2022-20753

A vulnerability in web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：134 | 回复：0
CVE-2022-20764

Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) conditi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：126 | 回复：0
CVE-2022-20770

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus ( ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：95 | 回复：0
CVE-2022-20771

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：67 | 回复：0
CVE-2022-20777

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：70 | 回复：0
CVE-2022-20779

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：44 | 回复：0
CVE-2022-20780

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：43 | 回复：0
CVE-2022-20785

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：39 | 回复：0
CVE-2022-20794

Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) conditi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：30 | 回复：0
CVE-2022-20796

On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：29 | 回复：0
CVE-2022-20799

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：34 | 回复：0
CVE-2022-20801

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：34 | 回复：0
CVE-2022-23724

Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：38 | 回复：0
CVE-2022-1584

Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：49 | 回复：0
CVE-2022-25786

Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. This issue affects: GateManager all versions prior to 9.7.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：44 | 回复：0
CVE-2022-29942

Talend Administration Center has a vulnerability that allows an authenticated user to use the Service Registry 'Add' functionality to perform SSRF HTTP GET requests on URLs in the internal net ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：35 | 回复：0
CVE-2022-29943

Talend Administration Center has a vulnerability that allows an authenticated user to use XML External Entity (XXE) processing to achieve read access as root on the remote filesystem. The issue is fix ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：30 | 回复：0
CVE-2022-30241

The jquery.json-viewer library through 1.4.0 for Node.js does not properly escape characters such as in a JSON object, as demonstrated by a SCRIPT element.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：30 | 回复：0
CVE-2022-29155

In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur durin ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：27 | 回复：0
CVE-2022-30284

** DISPUTED ** In the python-libnmap package through 0.7.2 for Python, remote command execution can occur (if used in a client application that does not validate arguments). NOTE: the vendor believes ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：28 | 回复：0
CVE-2022-30288

** DISPUTED ** Agoo before 2.14.3 does not reject GraphQL fragment spreads that form cycles, leading to an application crash. NOTE: the vendor has disputed this on the grounds that it is not the serve ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：25 | 回复：0
CVE-2022-30292

Heap-based buffer overflow in sqbaselib.cpp in SQUIRREL 3.2 due to lack of a certain sq_reservestack call.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：25 | 回复：0
CVE-2022-1588

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent acciden ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：24 | 回复：0
CVE-2022-28890

A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：24 | 回复：0
CVE-2022-1590

A vulnerability was found in Bludit 3.13.1. It has been declared as problematic. This vulnerability affects the endpoint /admin/new-content of the New Content module. The manipulation of the argument ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：25 | 回复：0
CVE-2021-41739

A OS Command Injection vulnerability was discovered in Artica Proxy 4.30.000000. Attackers can execute OS commands in cyrus.events.php with GET param logs and POST param rp.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：22 | 回复：0
CVE-2021-45783

Bookeen Notea Firmware BK_R_1.0.5_20210608 is affected by a directory traversal vulnerability that allows an attacker to obtain sensitive information.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：24 | 回复：0
CVE-2022-1411

Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web applicatio ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：25 | 回复：0
CVE-2022-1592

Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：25 | 回复：0
CVE-2022-1575

Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. - Arbitrary (remote) code execution in the desktop app. - Stored XSS in the web app.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：20 | 回复：0
CVE-2022-29938

In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\billing\new_payment.php via interface\billing\payment_master.inc.php leads to SQL injection.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：20 | 回复：0
CVE-2022-29939

In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\billing\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：21 | 回复：0
CVE-2022-29940

In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface\orders\find_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：20 | 回复：0
CVE-2021-42242

A command execution vulnerability exists in jfinal_cms 5.0.1 via com.jflyfox.component.controller.Ueditor.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：17 | 回复：0
CVE-2022-28461

mingyuefusu Library Management System all versions as of 03-27-2022 is vulnerable to SQL Injection.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：23 | 回复：0
CVE-2022-28462

novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：19 | 回复：0