CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-22205

A Missing Release of Memory after Effective Lifetime vulnerability in the Application Quality of Experience (appqoe) subsystem of the PFE of Juniper Networks Junos OS on SRX Series allows an unauthent ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：659 | 回复：0
CVE-2022-22206

A Buffer Overflow vulnerability in the PFE of Juniper Networks Junos OS on SRX series allows an unauthenticated network based attacker to cause a Denial of Service (DoS). The PFE will crash when speci ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：732 | 回复：0
CVE-2022-22207

A Use After Free vulnerability in the Advanced Forwarding Toolkit (AFT) manager process (aftmand) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause a kernel crash due ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：1224 | 回复：0
CVE-2022-22209

A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause a Denial of Service (DoS). On al ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：806 | 回复：0
CVE-2022-22210

A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on QFX5000 Series and MX Series allows an unauthenticated adjacent attacker to cause a Denia ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：709 | 回复：0
CVE-2022-22212

An Allocation of Resources Without Limits or Throttling vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows unauthenticated network based attacker to cause ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：1032 | 回复：0
CVE-2022-22213

A vulnerability in Handling of Undefined Values in the routing protocol daemon (RPD) process of Juniper Networks Junos OS and Junos OS Evolved may allow an unauthenticated network-based attacker to cr ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：812 | 回复：0
CVE-2022-22214

An Improper Input Validation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent attacker to cause a PFE crash and thereby a Denial ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：603 | 回复：0
CVE-2022-22215

A Missing Release of File Descriptor or Handle after Effective Lifetime vulnerability in plugable authentication module (PAM) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authent ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：564 | 回复：0
CVE-2022-22216

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the PFE of Juniper Networks Junos OS on PTX Series and QFX10k Series allows an adjacent unauthenticated attacker to gain ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：565 | 回复：0
CVE-2022-22217

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a Denial o ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：540 | 回复：0
CVE-2022-22221

An Improper Neutralization of Special Elements vulnerability in the download manager of Juniper Networks Junos OS on SRX Series and EX Series allows a locally authenticated attacker with low privilege ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：1402 | 回复：0
CVE-2022-1264

The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：811 | 回复：0
CVE-2022-1766

Anchore Enterprise anchorectl version 0.1.4 improperly stored credentials when generating a Software Bill of Materials. anchorectl will add the credentials used to access Anchore Enterprise API in the ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：1069 | 回复：0
CVE-2022-2107

The MiCODUS MV720 GPS tracker API server has an authentication mechanism that allows devices to use a hard-coded master password. This may allow an attacker to send SMS commands directly to the GPS tr ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：671 | 回复：0
CVE-2022-2141

SMS-based GPS commands can be executed by MiCODUS MV720 GPS tracker without authentication.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：921 | 回复：0
CVE-2022-2179

The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：653 | 回复：0
CVE-2022-2199

The main MiCODUS MV720 GPS tracker web server has a reflected cross-site scripting vulnerability that could allow an attacker to gain control by tricking a user into making a request.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：622 | 回复：0
CVE-2022-33944

The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object references vulnerability on endpoint and POST parameter “Device ID,” which accepts arbitrary device IDs.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：602 | 回复：0
CVE-2022-34150

The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object reference vulnerability on endpoint and parameter device IDs, which accept arbitrary device IDs without furthe ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：622 | 回复：0
CVE-2022-29834

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ICONICS GENESIS64 versions 10.97 to 10.97.1 allows a remote unauthenticated attacker to access t ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：602 | 回复：0
CVE-2022-33315

Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows an unauthenticated att ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：603 | 回复：0
CVE-2022-33316

Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows an unauthenticated att ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：596 | 回复：0
CVE-2022-33317

Inclusion of Functionality from Untrusted Control Sphere vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：561 | 回复：0
CVE-2022-33318

Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows a remote unauthenticat ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：729 | 回复：0
CVE-2022-33319

Out-of-bounds Read vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows a remote unauthenticated attacker to ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：635 | 回复：0
CVE-2022-33320

Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows an unauthenticated att ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：897 | 回复：0
CVE-2022-34042

Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /pages/household/household.php.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：767 | 回复：0
CVE-2022-34045

Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key for its configuration files at /etc_ro/lighttpd/www/cgi-bin/ExportAllSettings.sh.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：597 | 回复：0
CVE-2022-34046

An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/sysinit.shtml?r=52300 and searching for .……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：515 | 回复：0
CVE-2022-34047

An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for .……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：662 | 回复：0
CVE-2022-34048

Wavlink WN533A8 M33A8.V5030.190716 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login_page parameter.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：1072 | 回复：0
CVE-2022-34049

An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows unauthenticated attackers to download log files and configuration data.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：646 | 回复：0
CVE-2021-29755

IBM QRadar SIEM 7.3, 7.4, and 7.5 does not preform proper certificate validation for some inter-host communications. IBM X-Force ID: 202015.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：710 | 回复：0
CVE-2021-38936

IBM QRadar SIEM 7.3, 7.4, and 7.5 could disclose highly sensitive information to a privileged user. IBM X-Force ID: 210893.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：666 | 回复：0
CVE-2022-22424

IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information from the TLS key file due to incorrect file permissions. IBM X-Force ID: 223597.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：965 | 回复：0
CVE-2022-26136

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by e ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：654 | 回复：0
CVE-2022-26137

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassi ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：676 | 回复：0
CVE-2022-26138

The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded pa ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：594 | 回复：0
CVE-2022-35569

Blogifier v3.0 was discovered to contain an arbitrary file upload vulnerability at /api/storage/upload/PostImage. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a cra ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:17 | 阅读：824 | 回复：0