CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-32456

Digiwin BPM’s function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify, delete database or disrupt service.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：850 | 回复：0
CVE-2022-32457

Digiwin BPM has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：629 | 回复：0
CVE-2022-32458

Digiwin BPM has a XML External Entity Injection (XXE) vulnerability due to insufficient validation for user input. An unauthenticated remote attacker can perform XML injection attack to access arbitra ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：773 | 回复：0
CVE-2022-32958

A remote attacker with general user privilege can send a message to Teamplus Pro’s chat group that exceeds message size limit, to terminate other recipients’ Teamplus Pro chat process.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：747 | 回复：0
CVE-2022-32959

HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An un ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：741 | 回复：0
CVE-2022-32960

HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unaut ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：575 | 回复：0
CVE-2022-32961

HICOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：867 | 回复：0
CVE-2022-32962

HiCOS’ client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, man ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：559 | 回复：0
CVE-2021-46828

In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infi ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：604 | 回复：0
CVE-2022-33967

squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a defect in the metadata reading process. Loading a s ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：555 | 回复：0
CVE-2022-34866

Passage Drive versions v1.4.0 to v1.5.1.0 and Passage Drive for Box version v1.0.0 contain an insufficient data verification vulnerability for interprocess communication. By running a malicious progra ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：841 | 回复：0
CVE-2022-31250

A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows local attackers to escalate from the keylime user to root. This issue affects: openSUSE Tumbleweed keyli ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：988 | 回复：0
CVE-2022-2486

A vulnerability, which was classified as critical, was found in WAVLINK WN535K2 and WN535K3. This affects an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade. The manipulation of the argument k ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：689 | 回复：0
CVE-2022-2487

A vulnerability has been found in WAVLINK WN535K2 and WN535K3 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/nightled.cgi. The manipulation of the argument st ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：1096 | 回复：0
CVE-2022-2488

A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/touchlist_sync.cgi. The manipulation of the argumen ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：952 | 回复：0
CVE-2022-2489

A vulnerability was found in SourceCodester Simple E-Learning System 1.0. It has been rated as critical. This issue affects some unknown processing of the file classRoom.php. The manipulation of the a ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：933 | 回复：0
CVE-2022-2490

A vulnerability classified as critical has been found in SourceCodester Simple E-Learning System 1.0. Affected is an unknown function of the file search.php. The manipulation of the argument classCode ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：697 | 回复：0
CVE-2022-2491

A vulnerability has been found in SourceCodester Library Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file lab.php. The manipulation of the argument ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：924 | 回复：0
CVE-2022-2492

A vulnerability was found in SourceCodester Library Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /index.php. The manipulation of the argumen ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：793 | 回复：0
CVE-2021-31858

DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows remote authenticated users to inject arbitrary code via a cra ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：988 | 回复：0
CVE-2022-24657

Goldshell ASIC Miners v2.1.x was discovered to contain hardcoded credentials which allow attackers to remotely connect via the SSH protocol (port 22).……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：1034 | 回复：0
CVE-2022-24659

Goldshell ASIC Miners v2.2.1 and below was discovered to contain a path traversal vulnerability which allows unauthenticated attackers to retrieve arbitrary files from the device.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：680 | 回复：0
CVE-2022-24660

The debug interface of Goldshell ASIC Miners v2.2.1 and below was discovered to be exposed publicly on the web interface, allowing attackers to access passwords and other sensitive information in plai ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：802 | 回复：0
CVE-2022-36321

In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：717 | 回复：0
CVE-2022-36322

In JetBrains TeamCity before 2022.04.2 build parameter injection was possible……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：641 | 回复：0
CVE-2022-34599

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the EdittriggerList interface at /goform/aspForm.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：1017 | 回复：0
CVE-2022-34600

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the EditSTList interface at /goform/aspForm.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：615 | 回复：0
CVE-2022-34601

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the Delstlist interface at /goform/aspForm.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：1045 | 回复：0
CVE-2022-34602

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the ipqos_lanip_editlist interface at /goform/aspForm.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：1175 | 回复：0
CVE-2022-34603

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the DelDNSHnList interface at /goform/aspForm.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：1206 | 回复：0
CVE-2022-34604

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the INTF parameter at /dotrace.asp.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：661 | 回复：0
CVE-2022-34605

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the HOST parameter at /dotrace.asp.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：662 | 回复：0
CVE-2022-34606

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the EditvsList parameter at /dotrace.asp.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：1236 | 回复：0
CVE-2022-34607

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the HOST parameter at /doping.asp.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：667 | 回复：0
CVE-2022-34608

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the ajaxmsg parameter at /AJAX/ajaxget.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：627 | 回复：0
CVE-2022-34609

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the INTF parameter at /doping.asp.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：689 | 回复：0
CVE-2022-34610

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the URL /ihomers/app.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：544 | 回复：0
CVE-2022-22202

An Improper Handling of Exceptional Conditions vulnerability on specific PTX Series devices, including the PTX1000, PTX3000 (NextGen), PTX5000, PTX10002-60C, PTX10008, and PTX10016 Series, in Juniper ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：619 | 回复：0
CVE-2022-22203

An Incorrect Comparison vulnerability in PFE of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a Denial of Service (DoS). On QFX5000 Series, and EX4600 and EX4650 platf ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：706 | 回复：0
CVE-2022-22204

An Improper Release of Memory Before Removing Last Reference vulnerability in the Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Juniper Networks Junos OS allows unauthenticated ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：704 | 回复：0