CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-26497

BigBlueButton Greenlight 2.11.1 allows XSS. A threat actor could have a username containing a JavaScript payload. The payload gets executed in the browser of the victim in the Share room access dialog ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：101 | 回复：0
CVE-2022-26944

Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：69 | 回复：0
CVE-2022-29597

Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to Local File Inclusion (LFI). Any authenticated user has the ability to reference internal system files within requests made to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：111 | 回复：0
CVE-2022-29704

BrowsBox CMS v4.0 was discovered to contain a SQL injection vulnerability.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：78 | 回复：0
CVE-2022-30429

Multiple cross-site scripting (XSS) vulnerabilities in Neos CMS allow attackers with the editor role or higher to inject arbitrary script or HTML code using the editor function, the deletion of assets ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：73 | 回复：0
CVE-2022-31023

Play Framework is a web framework for Java and Scala. Verions prior to 2.8.16 are vulnerable to generation of error messages containing sensitive information. Play Framework, when run in dev mode, sho ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：78 | 回复：0
CVE-2022-32019

Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via car-rental-management-system/admin/ajax.php?action=save_car.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：81 | 回复：0
CVE-2021-42875

TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in the function setDiagnosisCfg of the file lib/cste_modules/system.so to control the ipDoamin.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：100 | 回复：0
CVE-2022-31024

richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. Prior to versions 6.0.0, 5.0.4, and 4.2.6, a user could be tricked into working against a remote Off ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：146 | 回复：0
CVE-2021-33473

An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verify_url option is disabled. This vulnerability is exploited via a crafte ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：321 | 回复：0
CVE-2021-42877

TOTOLINK EX1200T V4.1.2cu.5215 contains a denial of service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：150 | 回复：0
CVE-2022-22556

Dell PowerStore contains an Uncontrolled Resource Consumption Vulnerability in PowerStore User Interface. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：112 | 回复：0
CVE-2022-22557

PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X T environments running versions 2.0.0.x and 2.0.1.x A locally authenticated attacker could potentially exploit this vulne ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：74 | 回复：0
CVE-2022-26866

Dell PowerStore Versions before v2.1.1.0. contains a Stored Cross-Site Scripting vulnerability. A high privileged network attacker could potentially exploit this vulnerability, leading to the storage ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：55 | 回复：0
CVE-2022-26867

PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：54 | 回复：0
CVE-2022-26868

Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw. An authenticated attacker could potentially exploit this vulnerability, leading to the execution ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：48 | 回复：0
CVE-2022-26869

Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclo ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：42 | 回复：0
CVE-2022-29084

Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere GUI. A remote unauthenticated attacker may potentially exploit ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：36 | 回复：0
CVE-2022-29085

Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：32 | 回复：0
CVE-2022-29718

Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim use ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：30 | 回复：0
CVE-2022-32250

net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check le ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：30 | 回复：0
CVE-2022-31459

Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the passcode hash via a certain c 10 value over Bluetooth.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：37 | 回复：0
CVE-2022-31460

Owl Labs Meeting Owl 5.2.0.15 allows attackers to activate Tethering Mode with hard-coded hoothoot credentials via a certain c 150 value.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：28 | 回复：0
CVE-2022-31461

Owl Labs Meeting Owl 5.2.0.15 allows attackers to deactivate the passcode protection mechanism via a certain c 11 message.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：20 | 回复：0
CVE-2022-31462

Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device via a backdoor password (derived from the serial number) that can be found in Bluetooth broadcast data.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：33 | 回复：0
CVE-2022-31463

Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetooth commands, because only client-side authentication is used.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：20 | 回复：0
CVE-2022-29594

eG Agent before 7.2 has weak file permissions that enable escalation of privileges to SYSTEM.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：24 | 回复：0
CVE-2022-30232

A CWE-20: Improper Input Validation vulnerability exists that could cause potential remote code execution when an attacker is able to intercept and modify a request on the same network or has configur ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：23 | 回复：0
CVE-2022-30233

A CWE-20: Improper Input Validation vulnerability exists that could allow the product to be maliciously manipulated when the user is tricked into performing certain actions on a webpage. Affected Prod ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：25 | 回复：0
CVE-2022-30234

A CWE-798: Use of Hard-coded Credentials vulnerability exists that could allow arbitrary code to be executed when root level access is obtained. Affected Products: Wiser Smart, EER21000 EER21001 (V4. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：25 | 回复：0
CVE-2022-30235

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow unauthorized access when an attacker uses brute force. Affected Products: Wiser Smart, EER210 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：33 | 回复：0
CVE-2022-30236

A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could allow unauthorized access when an attacker uses cross-domain attacks. Affected Products: Wiser Smart, EER21000 E ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：22 | 回复：0
CVE-2022-30237

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow authentication credentials to be recovered when an attacker breaks the encoding. Affected Products: Wiser Smart, E ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：20 | 回复：0
CVE-2022-30238

A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to take over the admin account when an attacker hijacks a session. Affected Products: Wiser Smart, EER21000 EER210 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：19 | 回复：0
CVE-2022-29767

adbyby v2.7 allows external users to make connections via port 8118. This can cause a program logic error and lead to a Denial of Service (DoS) via high CPU usage due to a large number of connections.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：24 | 回复：0
CVE-2022-32265

qDecoder before 12.1.0 does not ensure that the percent character is followed by two hex digits for URL decoding.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：24 | 回复：0
CVE-2022-32268

StarWind SAN and NAS v0.2 build 1914 allow remote code execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：18 | 回复：0
CVE-2022-32269

In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local HTTP error pages (displayed by Internet Explorer core). This leads to arbitrary code execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：19 | 回复：0
CVE-2022-32270

In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. This occurs because it is possible to pl ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：16 | 回复：0
CVE-2022-32271

In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. This is an internal URL Protocol used by Real Player to reference a file that contains an URL. It is pos ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：19 | 回复：0