CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-31486

An authenticated attacker can send a specially crafted route to the “edit_route.cgi” binary and have it execute shell commands. This vulnerability impacts products based on HID Mercury Intelligent C ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：11 | 回复：0
CVE-2022-1680

An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 be ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：17 | 回复：0
CVE-2022-1966

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：12 | 回复：0
CVE-2022-21745

In WIFI Firmware, there is a possible memory corruption due to a use after free. This could lead to remote escalation of privilege, when devices are connecting to the attacker-controllable Wi-Fi hotsp ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：24 | 回复：0
CVE-2022-21746

In imgsensor, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed f ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：20 | 回复：0
CVE-2022-21747

In imgsensor, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed f ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：17 | 回复：0
CVE-2022-21748

In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is n ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：17 | 回复：0
CVE-2022-21749

In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interac ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：15 | 回复：0
CVE-2022-21750

In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：13 | 回复：0
CVE-2022-21751

In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：14 | 回复：0
CVE-2022-21752

In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：9 | 回复：0
CVE-2022-21753

In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：14 | 回复：0
CVE-2022-21754

In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：15 | 回复：0
CVE-2022-21755

In WLAN driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is no ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：14 | 回复：0
CVE-2022-21756

In WLAN driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is no ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：15 | 回复：0
CVE-2022-21757

In WIFI Firmware, there is a possible system crash due to a missing count check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not nee ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：16 | 回复：0
CVE-2022-21758

In ccu, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploit ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：16 | 回复：0
CVE-2022-21759

In power service, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is n ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：14 | 回复：0
CVE-2022-21760

In apusys driver, there is a possible system crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for ex ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：21 | 回复：0
CVE-2022-21761

In apusys driver, there is a possible system crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for ex ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：20 | 回复：0
CVE-2022-21762

In apusys driver, there is a possible system crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for ex ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：17 | 回复：0
CVE-2022-23712

A Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability, an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network req ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：18 | 回复：0
CVE-2022-28224

Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a pri ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：21 | 回复：0
CVE-2022-1550

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：18 | 回复：0
CVE-2022-22396

Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases. Credentials could be the remote vSnap, offload targets, or VADP creden ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：15 | 回复：0
CVE-2022-30586

Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to code execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：15 | 回复：0
CVE-2022-31493

LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：16 | 回复：0
CVE-2022-31768

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete info ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：15 | 回复：0
CVE-2022-32275

Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：21 | 回复：0
CVE-2020-6220

BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerabili ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：23 | 回复：0
CVE-2022-29617

Due to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the application.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：21 | 回复：0
CVE-2022-30587

Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to information disclosure.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：19 | 回复：0
CVE-2022-31492

Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：18 | 回复：0
CVE-2022-29631

Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequest#set and `jodd.http.HttpRequest#send. These vulnerabilities allow attackers t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：21 | 回复：0
CVE-2022-30469

In Afian Filerun 20220202, lack of sanitization of the POST parameter metadata in `/?module=filemansection=getpage=grid` leads to SQL injection.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：22 | 回复：0
CVE-2022-31498

LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：22 | 回复：0
CVE-2022-32511

jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：27 | 回复：0
CVE-2022-27438

Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDe ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：20 | 回复：0
CVE-2022-28051

The Add category functionality inside the Global Keywords menu in SeedDMS version 6.0.18 and 5.1.25, is prone to stored XSS which allows an attacker to inject malicious javascript code.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：28 | 回复：0
CVE-2022-28478

SeedDMS 6.0.17 and 5.1.24 are vulnerable to Directory Traversal. The Remove file functionality inside the Log files management menu does not sanitize user input allowing attackers with admin privilege ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：28 | 回复：0