CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-27782

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection po ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：7 | 回复：0
CVE-2022-28605

LinkPlay Sound Bar v1.0 allows attackers to escalate privileges via a hardcoded password for the SSL certificate.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：7 | 回复：0
CVE-2022-28690

The affected product is vulnerable to an out-of-bounds write via uninitialized pointer, which may allow an attacker to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：7 | 回复：0
CVE-2022-28702

Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：7 | 回复：0
CVE-2022-28799

The TikTok application before 23.8.4 for Android allows account takeover. A crafted URL (unvalidated deeplink) can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may all ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：7 | 回复：0
CVE-2022-28945

An issue in Webbank WeCube v3.2.2 allows attackers to execute a directory traversal via a crafted ZIP file.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：7 | 回复：0
CVE-2022-29483

Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：7 | 回复：0
CVE-2022-29488

The affected product is vulnerable to an out-of-bounds read via uninitialized pointer, which may allow an attacker to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：7 | 回复：0
CVE-2022-29540

resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Unauthenticated remote attackers can inject arbitrary web script or HTML into an HTTP GET parameter that reflects user input w ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：7 | 回复：0
CVE-2022-29598

Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to an reflected Cross-Site Scripting (XSS) vulnerability via RRSWeb/maint/ShowDocument/ShowDocument.aspx .……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：7 | 回复：0
CVE-2022-29624

An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：7 | 回复：0
CVE-2022-29627

An insecure direct object reference (IDOR) in Online Market Place Site v1.0 allows attackers to modify products that are owned by other sellers.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：7 | 回复：0
CVE-2022-29628

A cross-site scripting (XSS) vulnerability in /omps/seller of Online Market Place Site v1.0 allows attackers to execute arbitrary web cripts or HTML via a crafted payload injected into the Page parame ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：7 | 回复：0
CVE-2022-29647

An issue was discovered in MCMS 5.2.7. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：7 | 回复：0
CVE-2022-29648

A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：7 | 回复：0
CVE-2022-29653

OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/comn/service/update.json.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：7 | 回复：0
CVE-2022-29659

Responsive Online Blog v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at single.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：7 | 回复：0
CVE-2022-29692

Unicorn Engine v1.0.3 was discovered to contain a use-after-free vulnerability via the hook function.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：7 | 回复：0
CVE-2022-29693

Unicorn Engine v2.0.0-rc7 and below was discovered to contain a memory leak via the function uc_close at /my/unicorn/uc.c.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：7 | 回复：0
CVE-2022-29694

Unicorn Engine v2.0.0-rc7 and below was discovered to contain a NULL pointer dereference via qemu_ram_free.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：7 | 回复：0
CVE-2022-29695

Unicorn Engine v2.0.0-rc7 contains memory leaks caused by an incomplete unicorn engine initialization.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：7 | 回复：0
CVE-2022-29711

LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Table/GraylogController.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：7 | 回复：0
CVE-2022-29712

LibreNMS v22.3.0 was discovered to contain multiple command injection vulnerabilities via the service_ip, hostname, and service_param parameters.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：7 | 回复：0
CVE-2022-29725

An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP file.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：7 | 回复：0
CVE-2022-29729

Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the we ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：7 | 回复：0
CVE-2022-29730

USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered to contain hard-coded credentials for its highest privileged account. The credentials cannot be altered through normal operation of ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：7 | 回复：0
CVE-2022-29731

An access control issue in ICT Protege GX/WX 2.08 allows attackers to leak SHA1 password hashes of other users.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：7 | 回复：0
CVE-2022-29732

Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to contain a cross-site scripting (XSS) vulnerability via the Username parameter. This vulnerability allows attackers to e ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：7 | 回复：0
CVE-2022-29733

Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and store sensitive information in cleartext. This vulnerability allows attackers to intercept HTTP Cookie aut ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：7 | 回复：0
CVE-2022-29734

A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：7 | 回复：0
CVE-2022-29735

Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 allows attackers to execute arbitrary commands via a crafted HTTP request.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：7 | 回复：0
CVE-2022-29776

Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：7 | 回复：0
CVE-2022-29777

Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a heap overflow via the component DesktopEditor/fontengine/fontconverter/FontFileBase.h.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：7 | 回复：0
CVE-2022-29779

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：7 | 回复：0
CVE-2022-29780

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：7 | 回复：0
CVE-2022-29788

libmobi before v0.10 contains a NULL pointer dereference via the component mobi_buffer_getpointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted mobi file.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：7 | 回复：0
CVE-2022-30034

Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：7 | 回复：0
CVE-2022-30115

Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：7 | 回复：0
CVE-2022-30277

BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：7 | 回复：0
CVE-2022-30324

HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client ag ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:02 | 阅读：7 | 回复：0