CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-27580

A deserialization vulnerability in a .NET framework class used and not properly checked by Safety Designer all versions up to and including 1.11.0 allows an attacker to craft malicious project files. ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：806 | 回复：0
CVE-2022-2469

GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：587 | 回复：0
CVE-2022-35912

In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x before 5.1.9, and 5.2.x before 5.2.1 (at least when certain Java 8 configurations are used), data binding allows a remote attacker ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：697 | 回复：0
CVE-2022-22358

IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vu ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：1302 | 回复：0
CVE-2022-22359

IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmit ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：589 | 回复：0
CVE-2022-22360

IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker coul ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：796 | 回复：0
CVE-2022-22416

IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：645 | 回复：0
CVE-2022-22417

IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus alt ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：548 | 回复：0
CVE-2022-34001

Unit4 ERP through 7.9 allows XXE via ExecuteServerProcessAsynchronously.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：589 | 回复：0
CVE-2022-34023

Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /officials/officials.php.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：781 | 回复：0
CVE-2022-27373

Shanghai Feixun Data Communication Technology Co., Ltd router fir302b A2 was discovered to contain a remote command execution (RCE) vulnerability via the Ping function.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：616 | 回复：0
CVE-2022-2394

Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：623 | 回复：0
CVE-2022-30570

The Column Based Security component of TIBCO Software Inc.'s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains an easily exploitable vulnerability that allows a ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：1085 | 回复：0
CVE-2022-34024

Barangay Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the resident module editing function at /bmis/pages/resident/resident.php.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：585 | 回复：0
CVE-2022-34169

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：600 | 回复：0
CVE-2022-34025

Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the post function at /web/api/v1/upload/UploadHandler.php.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：524 | 回复：0
CVE-2022-36303

Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the handle_file_upload function at /web/api/v1/upload/UploadHandler.php.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：531 | 回复：0
CVE-2022-36304

Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the generate_response function at /web/api/v1/upload/UploadHandler.php.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：535 | 回复：0
CVE-2022-36305

Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the body function at /web/api/v1/upload/UploadHandler.php.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：633 | 回复：0
CVE-2022-1920

Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：562 | 回复：0
CVE-2022-1921

Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files. Potential for arbitrary code execution through heap overwrite.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：1050 | 回复：0
CVE-2022-1922

DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux element in gst_matroska_decompress_data function which causes a segfault, or could cause a he ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：567 | 回复：0
CVE-2022-1923

DOS / potential heap overwrite in mkv demuxing using bzip decompression. Integer overflow in matroskademux element in bzip decompression function which causes a segfault, or could cause a heap overwri ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：607 | 回复：0
CVE-2022-1924

DOS / potential heap overwrite in mkv demuxing using lzo decompression. Integer overflow in matroskademux element in lzo decompression function which causes a segfault, or could cause a heap overwrite ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：750 | 回复：0
CVE-2022-1925

DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：521 | 回复：0
CVE-2022-2122

DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：527 | 回复：0
CVE-2022-2476

A null pointer dereference bug was found in wavpack-5.4.0 The results from the ASAN log: AddressSanitizer:DEADLYSIGNAL ===================================================================84257==ERROR: ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：497 | 回复：0
CVE-2022-34266

The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 allows attackers to cause a denial of service (application crash), a different vulnerability than CVE-2022-0562. When processing a ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：552 | 回复：0
CVE-2022-34534

Digital Watchdog DW Spectrum Server 4.2.0.32842 allows attackers to access sensitive infromation via a crafted API call.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：889 | 回复：0
CVE-2022-34535

Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 allows unauthenticated attackers to view internal paths and scripts via web files.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：568 | 回复：0
CVE-2022-34536

Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 allows attackers to access the core log file and perform session hijacking via a crafted session token.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：791 | 回复：0
CVE-2022-34537

Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a cross-site scripting (XSS) vulnerability via the component bia_oneshot.cgi.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：808 | 回复：0
CVE-2022-34538

Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a command injection vulnerability in the component /admin/vca/bia/addacph.cgi. This vulnerability is exploitable via a ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：847 | 回复：0
CVE-2022-34539

Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a command injection vulnerability in the component /admin/curltest.cgi. This vulnerability is exploitable via a crafted ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：728 | 回复：0
CVE-2022-34540

Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a command injection vulnerability in the component /admin/vca/license/license_tok.cgi. This vulnerability is exploitabl ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：572 | 回复：0
CVE-2022-31144

Redis is an in-memory database that persists on disk. A specially crafted `XAUTOCLAIM` command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：559 | 回复：0
CVE-2022-31150

undici is an HTTP/1.1 client, written from scratch for Node.js. It is possible to inject CRLF sequences into request headers in undici in versions less than 5.7.1. A fix was released in version 5.8.0. ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：725 | 回复：0
CVE-2022-21428

Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1-12.4, 14.0-14.3 and ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：1188 | 回复：0
CVE-2022-21429

Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Billing Care). Supported versions that are affected are 12.0.0.4.0-1 ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：1403 | 回复：0
CVE-2022-21432

Vulnerability in the Oracle Database - Enterprise Edition RDBMS Security component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnera ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：1599 | 回复：0