CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-20767

A vulnerability in the Snort rule evaluation function of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：105 | 回复：0
CVE-2022-1214

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent acciden ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：172 | 回复：0
CVE-2022-21949

A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. This can be used to gain ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：134 | 回复：0
CVE-2022-1554

Path Traversal due to `send_file` call in GitHub repository clinical-genomics/scout prior to 4.52.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：94 | 回复：0
CVE-2022-23063

In Shopizer versions 2.3.0 to 3.0.1 are vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in, will stil ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：131 | 回复：0
CVE-2021-41959

JerryScript Git version 14ff5bf does not sufficiently track and release allocated memory via jerry-core/ecma/operations/ecma-regexp-object.c after RegExp, which causes a memory leak.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：161 | 回复：0
CVE-2021-42218

OMPL v1.5.2 contains a memory leak in VFRRT.cpp……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：98 | 回复：0
CVE-2021-42165

MitraStar GPT-2541GNAC-N1 (HGU) 100VNZ0b33 devices allow remote authenticated users to obtain root access by executing command deviceinfo show file /bin/bash because of incorrect sanitization of param ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：57 | 回复：0
CVE-2021-39390

Stored XSS in PartKeepr 1.4.0 Edit section in multiple api endpoints via name parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：56 | 回复：0
CVE-2022-0916

An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization opera ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：52 | 回复：0
CVE-2022-28589

A stored cross-site scripting (XSS) vulnerability in Pixelimity 1.0 allows attackers to execute arbitrary web scripts or HTML via the Title field in admin/pages.php?action=add_new……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：59 | 回复：0
CVE-2022-28590

A Remote Code Execution (RCE) vulnerability exists in Pixelimity 1.0 via admin/admin-ajax.php?action=install_theme.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：64 | 回复：0
CVE-2021-22556

The Security Team discovered an integer overflow bug that allows an attacker with code execution to issue memory cache invalidation operations on pages that they don’t own, allowing them to control k ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：97 | 回复：0
CVE-2021-22573

The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：105 | 回复：0
CVE-2022-0882

A bug exists where an attacker can read the kernel log through exposed Zircon kernel addresses without the required capability ZX_RSRC_KIND_ROOT. It is recommended to upgrade the Fuchsia kernel to 4.1 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：86 | 回复：0
CVE-2022-1292

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. O ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：56 | 回复：0
CVE-2022-1343

The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a succe ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：56 | 回复：0
CVE-2022-1434

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：68 | 回复：0
CVE-2022-1473

The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificate ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：82 | 回复：0
CVE-2022-22137

A memory corruption vulnerability exists in the ioca_mys_rgb_allocate functionality of Accusoft ImageGear 19.10. A specially-crafted malformed file can lead to an arbitrary free. An attacker can provi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：90 | 回复：0
CVE-2022-23400

A stack-based buffer overflow vulnerability exists in the IGXMPXMLParser::parseDelimiter functionality of Accusoft ImageGear 19.10. A specially-crafted PSD file can overflow a stack buffer, which coul ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：127 | 回复：0
CVE-2022-28560

There is a stack overflow vulnerability in the goform/fast_setting_wifi_set function in the httpd service of Tenda ac9 15.03.2.21_cn router. An attacker can obtain a stable shell through a carefully c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：160 | 回复：0
CVE-2022-28561

There is a stack overflow vulnerability in the /goform/setMacFilterCfg function in the httpd service of Tenda ax12 22.03.01.21_cn router. An attacker can obtain a stable shell through a carefully cons ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：172 | 回复：0
CVE-2022-27962

Bluecms 1.6 has a SQL injection vulnerability at cooike.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：207 | 回复：0
CVE-2022-28505

Jfinal_cms 5.1.0 is vulnerable to SQL Injection via com.jflyfox.system.log.LogController.java.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：192 | 回复：0
CVE-2021-46440

Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request, get the victim&#39 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：159 | 回复：0
CVE-2022-28585

EmpireCMS 7.5 has a SQL injection vulnerability in AdClass.php……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：107 | 回复：0
CVE-2022-28588

In SpringBootMovie =1.2 when adding movie names, malicious code can be stored because there are no filtering parameters, resulting in stored XSS.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：122 | 回复：0
CVE-2022-28599

A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 that allows an authenticated user to upload a malicious .pdf file which acts as a stored XSS payload. If this stored XSS payl ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：94 | 回复：0
CVE-2022-29001

In SpringBootMovie =1.2, the uploaded file suffix parameter is not filtered, resulting in arbitrary file upload vulnerability……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：107 | 回复：0
CVE-2021-29854

IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remot ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：93 | 回复：0
CVE-2022-1331

In four instances DMARS (All versions prior to v2.1.10.24) does not properly restrict references of XML external entities while processing specific project files, which may allow unauthorized informat ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：85 | 回复：0
CVE-2022-22368

IBM Spectrum Scale 5.1.0 through 5.1.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 221012.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：93 | 回复：0
CVE-2022-20084

In telephony, there is a possible way to disable receiving emergency broadcasts due to a missing permission check. This could lead to local escalation of privilege with no additional execution privile ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：91 | 回复：0
CVE-2022-20085

In netdiag, there is a possible symbolic link following due to an improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：98 | 回复：0
CVE-2022-20087

In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：124 | 回复：0
CVE-2022-20088

In aee driver, there is a possible reference count mistake due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：134 | 回复：0
CVE-2022-20089

In aee driver, there is a possible memory corruption due to active debug code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：224 | 回复：0
CVE-2022-20090

In aee driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：136 | 回复：0
CVE-2022-20091

In aee driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：142 | 回复：0