CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-24367

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：4 | 回复：0
CVE-2022-24368

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：4 | 回复：0
CVE-2022-24369

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：4 | 回复：0
CVE-2022-24370

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader Foxit reader 11.0.1.0719 macOS. User interaction is required to exploit this ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：4 | 回复：0
CVE-2022-24971

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：4 | 回复：0
CVE-2021-40840

A Stored XSS issue exists in the admin/users user administration form in LiveConfig 2.12.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：4 | 回复：0
CVE-2021-40841

A Path Traversal vulnerability for a log file in LiveConfig 2.12.2 allows authenticated attackers to read files on the underlying server.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：4 | 回复：0
CVE-2021-46110

Online Shopping Portal v3.1 was discovered to contain multiple time-based SQL injection vulnerabilities via the email and contactno parameters.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：4 | 回复：0
CVE-2022-23645

swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted heade ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：4 | 回复：0
CVE-2021-29655

Pexip Infinity Connect before 1.8.0 omits certain provisioning authenticity checks. Thus, untrusted code may execute.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：4 | 回复：0
CVE-2021-29656

Pexip Infinity Connect before 1.8.0 mishandles TLS certificate validation. The allow list is not properly checked.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：4 | 回复：0
CVE-2022-23228

Pexip Infinity before 27.0 has improper WebRTC input validation. An unauthenticated remote attacker can use excessive resources, temporarily causing denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：4 | 回复：0
CVE-2022-23649

Cosign provides container signing, verification, and storage in an OCI registry for the sigstore project. Prior to version 1.5.2, Cosign can be manipulated to claim that an entry for a signature exist ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：4 | 回复：0
CVE-2022-23650

Netmaker is a platform for creating and managing virtual overlay networks using WireGuard. Prior to versions 0.8.5, 0.9.4, and 010.0, there is a hard-coded cryptographic key in the code base which can ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：4 | 回复：0
CVE-2022-25358

A ..%2F path traversal vulnerability exists in the path handler of awful-salmonella-tar before 0.0.4. Attackers can only list directories (not read files). This occurs because the safe-path? Scheme pr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：4 | 回复：0
CVE-2017-0371

MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.28.x before 1.28.1 allows remote attackers to discover the IP addresses of Wiki visitors via a style=background-image: attr(title u ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：4 | 回复：0
CVE-2022-23642

Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.37 is vulnerable to remote code execution in the `gitserver` service. The service acts as a git exec proxy, and fails ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：5 | 回复：0
CVE-2021-44302

BaiCloud-cms v2.5.7 was discovered to contain multiple SQL injection vulnerabilities via the tongji and baidu_map parameters in /user/ztconfig.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：10 | 回复：0
CVE-2021-45082

An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the #from MODULE import substring. ( ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：17 | 回复：0
CVE-2022-25130

A command injection vulnerability in the function updateWifiInfo of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：11 | 回复：0
CVE-2022-25131

A command injection vulnerability in the function recvSlaveCloudCheckStatus of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allow ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：12 | 回复：0
CVE-2022-25132

A command injection vulnerability in the function meshSlaveDlfw of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted M ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：17 | 回复：0
CVE-2022-25133

A command injection vulnerability in the function isAssocPriDevice of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafte ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：10 | 回复：0
CVE-2022-25134

A command injection vulnerability in the function setUpgradeFW of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQ ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：10 | 回复：0
CVE-2022-25135

A command injection vulnerability in the function recv_mesh_info_sync of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a cra ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：13 | 回复：0
CVE-2022-25136

A command injection vulnerability in the function meshSlaveUpdate of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attacker ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：15 | 回复：0
CVE-2022-25137

A command injection vulnerability in the function recvSlaveUpgstatus of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attac ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：16 | 回复：0
CVE-2022-25256

SAS Web Report Studio 4.4 allows XSS. /SASWebReportStudio/logonAndRender.do has two parameters: saspfs_request_backlabel_list and saspfs_request_backurl_list. The first one affects the content of the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：33 | 回复：0
CVE-2022-25365

Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：21 | 回复：0
CVE-2022-25366

Cryptomator through 1.6.5 allows DYLIB injection because, although it has the flag 0x1000 for Hardened Runtime, it has the com.apple.security.cs.disable-library-validation and com.apple.security.cs.al ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：20 | 回复：0
CVE-2022-24979

An issue was discovered in the Varnishcache extension before 2.0.1 for TYPO3. The Edge Site Includes (ESI) content element renderer component does not include an access check. This allows an unauthent ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：28 | 回复：0
CVE-2022-24980

An issue was discovered in the Kitodo.Presentation (aka dif) extension before 2.3.2, 3.x before 3.2.3, and 3.3.x before 3.3.4 for TYPO3. A missing access check in an eID script allows an unauthenticat ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：18 | 回复：0
CVE-2016-20013

sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：13 | 回复：0
CVE-2022-0409

Unrestricted Upload of File with Dangerous Type in Packagist showdoc/showdoc prior to 2.10.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：11 | 回复：0
CVE-2022-0678

Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：16 | 回复：0
CVE-2022-0630

Out-of-bounds Read in Homebrew mruby prior to 3.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：13 | 回复：0
CVE-2022-0632

NULL Pointer Dereference in Homebrew mruby prior to 3.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：12 | 回复：0
CVE-2022-0689

Use multiple time the one-time coupon in Packagist microweber/microweber prior to 1.2.11.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：13 | 回复：0
CVE-2022-23375

WikiDocs version 0.1.18 has an authenticated remote code execution vulnerability. An attacker can upload a malicious file using the image upload form through index.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：13 | 回复：0
CVE-2022-23376

WikiDocs version 0.1.18 has multiple reflected XSS vulnerabilities on different pages.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：13 | 回复：0