CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-20102

In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：85 | 回复：0
CVE-2022-20103

In aee daemon, there is a possible information disclosure due to symbolic link following. This could lead to local information disclosure with System execution privileges needed. User interaction is n ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：61 | 回复：0
CVE-2022-20104

In aee daemon, there is a possible information disclosure due to improper access control. This could lead to local information disclosure with no additional execution privileges needed. User interacti ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：83 | 回复：0
CVE-2022-20105

In MM service, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：118 | 回复：0
CVE-2022-20106

In MM service, there is a possible out of bounds write due to a heap-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：145 | 回复：0
CVE-2022-20107

In subtitle service, there is a possible application crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not neede ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：123 | 回复：0
CVE-2022-20108

In voice service, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interacti ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：80 | 回复：0
CVE-2022-20111

In ion, there is a possible use after free due to incorrect error handling. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not nee ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：54 | 回复：0
CVE-2022-21743

In ion, there is a possible use after free due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed f ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：95 | 回复：0
CVE-2022-27413

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the adminname parameter in admin.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：44 | 回复：0
CVE-2021-43159

A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the setSessionTime function in /cgi-bin/luci/api/common. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：57 | 回复：0
CVE-2021-43160

A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the switchFastDhcp function in /cgi-bin/luci/api/diagnos ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：40 | 回复：0
CVE-2021-43161

A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the doSwitchApi function in /cgi-bin/luci/api/switch.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：37 | 回复：0
CVE-2021-43162

A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the runPackDiagnose function in /cgi-bin/luci/api/diagno ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：59 | 回复：0
CVE-2021-43163

A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the checkNet function in /cgi-bin/luci/api/auth.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：68 | 回复：0
CVE-2021-43164

A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the updateVersion function in /cgi-bin/luci/api/wireless ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：51 | 回复：0
CVE-2022-24901

Improper validation of the Apple certificate URL in the Apple Game Center authentication adapter allows attackers to bypass authentication, making the server vulnerable to DoS attacks. The vulnerabili ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：44 | 回复：0
CVE-2022-27420

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：43 | 回复：0
CVE-2022-27431

Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：51 | 回复：0
CVE-2022-27470

SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：84 | 回复：0
CVE-2022-28055

Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：73 | 回复：0
CVE-2022-1502

Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users with only ProjectView permissions.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：51 | 回复：0
CVE-2022-1555

DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/microweber prior to 1.2.16. inject arbitrary js code, deface website, steal cookie...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：49 | 回复：0
CVE-2021-42192

Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：34 | 回复：0
CVE-2022-1571

Cross-site scripting - Reflected in Create Subaccount in GitHub repository neorazorx/facturascripts prior to 2022.07. This vulnerability can be arbitrarily executed javascript code to steal user'c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：25 | 回复：0
CVE-2021-42185

wdja v2.1 is affected by a SQL injection vulnerability in the foreground search function.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：26 | 回复：0
CVE-2022-28096

Skycaiji v2.4 was discovered to contain a remote code execution (RCE) vulnerability via /SkycaijiApp/admin/controller/Develop.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：28 | 回复：0
CVE-2022-28111

MyBatis PageHelper v1.x.x-v5.x.x was discovered to contain a time-blind SQL injection vulnerability via the orderBy parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：25 | 回复：0
CVE-2021-32010

Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle attacks. This issue affects: Secomea SiteManager All version ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：34 | 回复：0
CVE-2022-25778

Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：36 | 回复：0
CVE-2022-25779

Logging of Excessive Data vulnerability in audit log of Secomea GateManager allows logged in user to write text entries in audit log. This issue affects: Secomea GateManager versions prior to 9.7.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：34 | 回复：0
CVE-2022-25780

Information Exposure vulnerability in web UI of Secomea GateManager allows logged in user to query devices outside own scope.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：36 | 回复：0
CVE-2022-25781

Cross-site Scripting (XSS) vulnerability in Web UI of Secomea GateManager allows phishing attacker to inject javascript or html into logged in user session.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：30 | 回复：0
CVE-2022-25782

Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information. This issue affects: Secomea GateManager v ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：54 | 回复：0
CVE-2022-25783

Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. This issue affects: Secomea GateManager versions prior to 9.7.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：33 | 回复：0
CVE-2022-25784

Cross-site Scripting (XSS) vulnerability in Web GUI of SiteManager allows logged-in user to inject scripting. This issue affects: Secomea SiteManager all versions prior to 9.7.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：33 | 回复：0
CVE-2022-25785

Stack-based Buffer Overflow vulnerability in SiteManager allows logged-in or local user to cause arbitrary code execution. This issue affects: Secomea SiteManager all versions prior to 9.7.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：32 | 回复：0
CVE-2022-25787

Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection. This issue affects: Secomea GateManager all ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：26 | 回复：0
CVE-2022-1544

Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in GitHub repository luyadev/yii-helpers prior to 1.2.1. Successful exploitation can lead to impacts such ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:31 | 阅读：134 | 回复：0
CVE-2022-23060

A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0, where a privileged user (attacker) can inject malicious JavaScript in the filename under the “Manage ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:31 | 阅读：129 | 回复：0