CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-1987

Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：18 | 回复：0
CVE-2022-1988

Cross-site Scripting (XSS) - Generic in GitHub repository neorazorx/facturascripts prior to 2022.09.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：18 | 回复：0
CVE-2021-42884

TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceName of the file global.so which can control thedeviceName to attack.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：17 | 回复：0
CVE-2021-42885

TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceMac of the file global.so which can control deviceName to attack.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：20 | 回复：0
CVE-2021-42886

TOTOLINK EX1200T V4.1.2cu.5215 contains an information disclosure vulnerability where an attacker can get the apmib configuration file without authorization, and usernames and passwords can be found i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：19 | 回复：0
CVE-2021-42887

In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：18 | 回复：0
CVE-2021-42888

TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：16 | 回复：0
CVE-2021-42889

In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, wifiname, etc.) without authorization.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：17 | 回复：0
CVE-2021-42890

TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：19 | 回复：0
CVE-2021-42891

In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：19 | 回复：0
CVE-2021-42892

In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：20 | 回复：0
CVE-2021-42893

In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization through getSysStatusCfg.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：19 | 回复：0
CVE-2022-26493

Multiple vulnerabilities vulnerability in Drupal SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider in certain non-default configurations allow a malicious user to login as any chosen user. The ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：19 | 回复：0
CVE-2021-43271

Riverbed AppResponse 11.8.0, 11.8.5, 11.8.5a, 11.9.0, 11.9.0a, 11.10.0, 11.11.0, 11.11.0a, 11.11.1, 11.11.1a, 11.11.5, and 11.11.5a (when configured to use local, RADIUS, or TACACS authentication) log ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：24 | 回复：0
CVE-2022-29770

XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /xxl-job-admin/jobinfo.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：21 | 回复：0
CVE-2022-29773

An access control issue in aleksis/core/util/auth_helpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：19 | 回复：0
CVE-2022-29778

** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter 'descriptor' at SetVirtualServerSet ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：27 | 回复：0
CVE-2022-29784

PublicCMS V4.0.202204.a and below contains an information leak via the component /views/directive/sys/SysConfigDataDirective.java.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：20 | 回复：0
CVE-2022-26134

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：17 | 回复：0
CVE-2022-32291

In Real Player through 20.1.0.312, attackers can execute arbitrary code by placing a UNC share pathname (for a DLL file) in a RAM file.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：24 | 回复：0
CVE-2022-32296

The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：19 | 回复：0
CVE-2021-42245

FlatCore-CMS 2.0.9 has a cross-site scripting (XSS) vulnerability in pages.edit.php through meta tags and content sections.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：15 | 回复：0
CVE-2022-30860

FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：16 | 回复：0
CVE-2022-30861

FUDforum 3.1.2 is vulnerable to Stored XSS via Forum Name field in Forum Manager Feature.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：15 | 回复：0
CVE-2022-30863

FUDForum 3.1.2 is vulnerable to Cross Site Scripting (XSS) via page_title param in Page Manager in the Admin Control Panel.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：16 | 回复：0
CVE-2021-41932

A blind SQL injection vulnerability in search form in TeamMate+ Audit version 28.0.19.0 allows any authenticated user to create malicious SQL injections, which can result in complete database compromi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：13 | 回复：0
CVE-2021-39947

In specific circumstances, trace file buffers in GitLab Runner versions up to 14.3.4, 14.4 to 14.4.2, and 14.5 to 14.5.2 would re-use the file descriptor 0 for multiple traces and mix the output of se ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：17 | 回复：0
CVE-2022-1783

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：14 | 回复：0
CVE-2022-1821

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：18 | 回复：0
CVE-2022-1935

Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：14 | 回复：0
CVE-2022-1936

Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：11 | 回复：0
CVE-2022-1940

A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to e ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：15 | 回复：0
CVE-2022-1944

When the feature is configured, improper authorization in the Interactive Web Terminal in GitLab CE/EE affecting all versions from 11.3 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：15 | 回复：0
CVE-2022-31479

An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts produ ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：20 | 回复：0
CVE-2022-31480

An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS). This vulnerability impacts products based on HID Mercury Intelli ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：22 | 回复：0
CVE-2022-31481

An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：15 | 回复：0
CVE-2022-31482

An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Con ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：16 | 回复：0
CVE-2022-31483

An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload the desired file anywhere on the filesystem. This vulnerability impacts products ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：17 | 回复：0
CVE-2022-31484

An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：12 | 回复：0
CVE-2022-31485

An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. This vulnerability impacts products based on HID Mercury Intelli ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：16 | 回复：0