CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-44582

A Privilege Escalation vulnerability exists in Sourcecodester Money Transfer Management System 1.0, which allows a remote malicious user to gain elevated privileges to the Admin role via any URL.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：19 | 回复：0
CVE-2022-27502

RealVNC VNC Server 6.9.0 through 5.1.0 for Windows allows local privilege escalation because an installer repair operation executes %TEMP% files as SYSTEM.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：20 | 回复：0
CVE-2022-31788

IdeaLMS 2022 allows SQL injection via the IdeaLMS/ChatRoom/ClassAccessControl/6?isBigBlueButton=0ClassID= pathname.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：20 | 回复：0
CVE-2022-32978

There is an assertion failure in SingleComponentLSScan::ParseMCU in singlecomponentlsscan.cpp in libjpeg before 1.64 via an empty JPEG-LS scan.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：32 | 回复：0
CVE-2022-22426

IBM Spectrum Copy Data Management Admin 2.2.0.0 through 2.2.15.0 could allow a local attacker to bypass authentication restrictions, caused by the lack of proper session management. An attacker could ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：26 | 回复：0
CVE-2022-22479

IBM Spectrum Copy Data Management 2.2.0.0through 2.2.15.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a use ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：24 | 回复：0
CVE-2022-30610

IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to reverse tabnabbing where it could allow a page linked to from within IBM Spectrum Copy Data Management to rewrite it. An adm ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：26 | 回复：0
CVE-2022-30611

IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerabili ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：20 | 回复：0
CVE-2022-31769

IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 could allow a remote attacker to view product configuration information stored in PostgreSQL, which could be used in further attacks against ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：21 | 回复：0
CVE-2022-29948

Due to an insecure design, the Lepin EP-KP001 flash drive through KP001_V19 is vulnerable to an authentication bypass attack that enables an attacker to gain access to the stored encrypted data. Norma ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：20 | 回复：0
CVE-2022-31402

ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/webservices/export-v2.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：29 | 回复：0
CVE-2018-17240

There is a memory dump vulnerability on Netwave IP camera devices at //proc/kcore that allows an unauthenticated attacker to exfiltrate sensitive information from the network configuration (e.g., user ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：20 | 回复：0
CVE-2022-31282

Bento4 MP4Dump v1.2 was discovered to contain a segmentation violation via an unknown address at /Source/C++/Core/Ap4DataBuffer.cpp:175.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：22 | 回复：0
CVE-2022-31285

An issue was discovered in Bento4 1.2. The allocator is out of memory in /Source/C++/Core/Ap4Array.h.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：19 | 回复：0
CVE-2022-31287

An issue was discovered in Bento4 v1.2. There is an allocation size request error in /Ap4RtpAtom.cpp.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：21 | 回复：0
CVE-2022-2042

Use After Free in GitHub repository vim/vim prior to 8.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：18 | 回复：0
CVE-2022-21211

This affects all versions of package posix. When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable (not a function), and then it will crash with ty ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：19 | 回复：0
CVE-2022-24278

The package convert-svg-core before 0.6.4 are vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG fil ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：16 | 回复：0
CVE-2022-24376

All versions of package git-promise are vulnerable to Command Injection due to an inappropriate fix of a prior (https://security.snyk.io/vuln/SNYK-JS-GITPROMISE-567476) in this package. **Note:** Plea ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：18 | 回复：0
CVE-2022-24429

The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：19 | 回复：0
CVE-2022-25845

The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：21 | 回复：0
CVE-2022-25851

The package jpeg-js before 0.4.4 are vulnerable to Denial of Service (DoS) where a particular piece of input will cause to enter an infinite loop and never return.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：21 | 回复：0
CVE-2022-25863

The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：28 | 回复：0
CVE-2022-29092

Dell SupportAssist Client Consumer versions (3.11.0 and versions prior) and Dell SupportAssist Client Commercial versions (3.2.0 and versions prior) contain a privilege escalation vulnerability. A non ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：24 | 回复：0
CVE-2022-29093

Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion vulnerability. A ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：27 | 回复：0
CVE-2022-29094

Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion/overwrite vulner ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：51 | 回复：0
CVE-2022-29095

Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commercial versions (3.1.1 and prior) contain a cross-site scripting vulnerability. A remote unauthenticate ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：45 | 回复：0
CVE-2022-32981

An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating poi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：31 | 回复：0
CVE-2021-41754

dynamicMarkt = 3.10 is affected by SQL injection in the parent parameter of index.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：31 | 回复：0
CVE-2021-41755

dynamicMarkt = 3.10 is affected by SQL injection in the kat1 parameter of index.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：41 | 回复：0
CVE-2021-41756

dynamicMarkt = 3.10 is affected by SQL injection in the kat parameter of index.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：36 | 回复：0
CVE-2017-20037

A vulnerability has been found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument c leads to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：56 | 回复：0
CVE-2017-20038

A vulnerability was found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this issue is some unknown functionality of the file card_scan_decoder.php. The manipulation of ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：42 | 回复：0
CVE-2017-20039

A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been classified as very critical. This affects an unknown part. The manipulation leads to weak authentication. It is possible to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：84 | 回复：0
CVE-2017-20040

A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been declared as problematic. This vulnerability affects unknown code of the component Password Storage. The manipulation leads ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：46 | 回复：0
CVE-2021-41502

An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting (XSS) vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：53 | 回复：0
CVE-2021-41738

ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerbynet IP parameter, which may allow an authenticated attacker to execute system commands.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：45 | 回复：0
CVE-2021-44266

GUnet Open eClass (aka openeclass) before 3.12.2 allows XSS via the modules/auth/formuser.php auth parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：45 | 回复：0
CVE-2022-30780

Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service (CPU consumption from stuck connections) because connection_read_header_more in connections.c has a typo that disru ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：33 | 回复：0
CVE-2018-25034

A vulnerability, which was classified as problematic, has been found in Thomson TCW710 ST5D.10.05. This issue affects some unknown processing of the file /goform/wlanPrimaryNetwork. The manipulation o ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：25 | 回复：0