CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2017-20084

A vulnerability has been found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832 and classified as critical. Affected by this vulnerability is an unknown functionality of the component KNX Group Addre ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：266 | 回复：0
CVE-2022-23056

In ERPNext, versions v13.0.0-beta.13 through v13.30.0 are vulnerable to Stored XSS at the Patient History page which allows a low privilege user to conduct an account takeover attack.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：250 | 回复：0
CVE-2022-23057

In ERPNext, versions v12.0.9--v13.0.3 are vulnerable to Stored Cross-Site-Scripting (XSS), due to user input not being validated properly. A low privileged attacker could inject arbitrary code into in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：255 | 回复：0
CVE-2022-23058

ERPNext in versions v12.0.9-v13.0.3 are affected by a stored XSS vulnerability that allows low privileged users to store malicious scripts in the ‘username’ field in ‘my settings’ which can lead t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：284 | 回复：0
CVE-2022-23055

In ERPNext, versions v11.0.0-beta through v13.0.2 are vulnerable to Missing Authorization, in the chat rooms functionality. A low privileged attacker can send a direct message or a group message to an ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：270 | 回复：0
CVE-2022-21952

An Uncontrolled Resource Consumption vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to D ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：315 | 回复：0
CVE-2022-31248

A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Mana ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：317 | 回复：0
CVE-2022-23077

In habitica versions v4.119.0 through v4.232.2 are vulnerable to DOM XSS via the login page.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：313 | 回复：0
CVE-2022-23078

In habitica versions v4.119.0 through v4.232.2 are vulnerable to open redirect via the login page.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：297 | 回复：0
CVE-2022-2174

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：326 | 回复：0
CVE-2022-23079

In motor-admin versions 0.0.1 through 0.2.56 are vulnerable to host header injection in the password reset functionality where malicious actor can send fake password reset email to arbitrary victim.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：352 | 回复：0
CVE-2022-20651

A vulnerability in the logging component of Cisco Adaptive Security Device Manager (ASDM) could allow an authenticated, local attacker to view sensitive information in clear text on an affected system ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：355 | 回复：0
CVE-2022-32549

Apache Sling Commons Log = 5.4.0 and Apache Sling API = 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：345 | 回复：0
CVE-2022-23080

In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality which allows a low privileged user to perform internal network p ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：296 | 回复：0
CVE-2022-23081

In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are vulnerable to Reflected XSS.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：296 | 回复：0
CVE-2022-32159

In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are vulnerable to Stored XSS.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：288 | 回复：0
CVE-2022-20186

In kbase_mem_alias of mali_kbase_mem_linux.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege with no additional executi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：16 | 回复：0
CVE-2022-20188

Product: AndroidVersions: Android kernelAndroid ID: A-207254598References: N/A……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：19 | 回复：0
CVE-2022-20190

Product: AndroidVersions: Android kernelAndroid ID: A-208744915References: N/A……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：20 | 回复：0
CVE-2022-20191

Product: AndroidVersions: Android kernelAndroid ID: A-209324757References: N/A……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：19 | 回复：0
CVE-2022-20192

In grantEmbeddedWindowFocus of WindowManagerService.java, there is a possible way to change an input channel for embedded hierarchy due to a permissions bypass. This could lead to local escalation of ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：14 | 回复：0
CVE-2022-20193

In getUniqueUsagesWithLabels of PermissionUsageHelper.java, there is a possible incorrect permission attribution due to a logic error in the code. This could lead to local escalation of privilege by c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：17 | 回复：0
CVE-2022-20194

In onCreate of ChooseLockGeneric.java, there is a possible permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not n ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：16 | 回复：0
CVE-2022-20195

In the keystore library, there is a possible prevention of access to system Settings due to unsafe deserialization. This could lead to local denial of service with User execution privileges needed. Us ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：16 | 回复：0
CVE-2022-20196

In gallery3d and photos, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interactio ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：16 | 回复：0
CVE-2022-20197

In recycle of Parcel.java, there is a possible way to start foreground activity from background due to a permissions bypass. This could lead to local escalation of privilege with no additional executi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：15 | 回复：0
CVE-2022-20198

In llcp_dlc_proc_connect_pdu of llcp_dlc.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure from the NFC stack with System execut ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：16 | 回复：0
CVE-2022-20200

In updateApState of SoftApManager.java, there is a possible leak of hotspot state due to a missing permission check. This could lead to local information disclosure with no additional execution privil ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：15 | 回复：0
CVE-2022-20201

In getAppSize of InstalldNativeService.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges need ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：18 | 回复：0
CVE-2022-20202

In ih264_resi_trans_quant_4x4_sse42 of ih264_resi_trans_quant_sse42.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no ad ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：17 | 回复：0
CVE-2022-20204

In registerRemoteBugreportReceivers of DevicePolicyManagerService.java, there is a possible reporting of falsified bug reports due to a missing permission check. This could lead to local escalation of ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：19 | 回复：0
CVE-2022-20205

In isFileUri of FileUtil.java, there is a possible way to bypass the check for a file:// scheme due to improper input validation. This could lead to local information disclosure with no additional exe ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：17 | 回复：0
CVE-2022-20206

In setPackageOrComponentEnabled of NotificationManagerService.java, there is a missing permission check. This could lead to local information disclosure about enabled notification listeners with User ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：20 | 回复：0
CVE-2022-20207

In static definitions of GattServiceConfig.java, there is a possible permission bypass due to an insecure default value. This could lead to local escalation of privilege with no additional execution p ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：31 | 回复：0
CVE-2022-20208

In parseRecursively of cppbor_parse.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges neede ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：34 | 回复：0
CVE-2022-20209

In hme_add_new_node_to_a_sorted_array of hme_utils.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional executio ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：29 | 回复：0
CVE-2022-20210

The UE and the EMM communicate with each other using NAS messages. When a new NAS message arrives from the EMM, the modem parses it and fills in internal objects based on the received data. A bug in t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：26 | 回复：0
CVE-2022-20233

In param_find_digests_internal and related functions of the Titan-M source, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege w ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：23 | 回复：0
CVE-2022-27859

Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark d.o.o. Travel Management plugin = 2.0 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：22 | 回复：0
CVE-2022-29406

Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in DynamicWebLab's WordPress Team Manager plugin = 1.6.9 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：21 | 回复：0