CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-25363

WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to modify privileged management user credentials. This vulnerability impacts Fireware OS befo ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：15 | 回复：0
CVE-2022-25401

The copy function of the file manager in Cuppa CMS v1.0 allows any file to be copied to the current directory, granting attackers read access to arbitrary files.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：15 | 回复：0
CVE-2022-25402

An incorrect access control issue in HMS v1.0 allows unauthenticated attackers to read and modify all PHP files.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：13 | 回复：0
CVE-2022-25403

HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：10 | 回复：0
CVE-2022-25404

Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete.php via the DELETE_STR parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：13 | 回复：0
CVE-2022-25405

Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in change_box.php via the DELETE_STR parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：14 | 回复：0
CVE-2022-25406

Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete_query.php via the DELETE_STR parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：11 | 回复：0
CVE-2022-25414

Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the parameter NPTR.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：15 | 回复：0
CVE-2022-25417

Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function saveparentcontrolinfo.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：16 | 回复：0
CVE-2022-25418

Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function openSchedWifi.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：16 | 回复：0
CVE-2022-25636

net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：17 | 回复：0
CVE-2022-25638

In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sig_algo field differs between the certifi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：20 | 回复：0
CVE-2022-25640

In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. A client can simply omit the certificate_verify message from the handshake, and never present ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：17 | 回复：0
CVE-2022-25643

seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：17 | 回复：0
CVE-2022-25809

Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices allows arbitrary voice command execution on these devices via a malicious skill (in the case of remote attac ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：20 | 回复：0
CVE-2022-25838

Laravel Fortify before 1.11.1 allows reuse within a short time window, thus calling into question the OT part of the TOTP concept.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：19 | 回复：0
CVE-2022-0732

The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerab ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：24 | 回复：0
CVE-2022-24687

HashiCorp Consul and Consul Enterprise 1.8.0 through 1.9.14, 1.10.7, and 1.11.2 has Uncontrolled Resource Consumption.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：23 | 回复：0
CVE-2022-24707

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. UNION SQL injection and time-based blind injection vulnerabilities existed in Time Tracker Puncher plugin in v ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：25 | 回复：0
CVE-2022-24708

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. ttUser.class.php in Time Tracker versions prior to 1.20.0.5646 was not escaping primary group name for display ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：27 | 回复：0
CVE-2021-38994

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213072.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：27 | 回复：0
CVE-2021-38995

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213073.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：32 | 回复：0
CVE-2021-39038

IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a v ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：34 | 回复：0
CVE-2022-22349

IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：45 | 回复：0
CVE-2022-22793

Cybonet - PineApp Mail Relay Local File Inclusion. Attacker can send a request to : /manage/mailpolicymtm/log/eml_viewer/email.content.body.php?filesystem_path=ENCDODED PATH and by doing that, the att ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：63 | 回复：0
CVE-2022-22794

Cybonet - PineApp Mail Relay Unauthenticated Sql Injection. Attacker can send a request to: /manage/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：210 | 回复：0
CVE-2020-10632

Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an un ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：74 | 回复：0
CVE-2020-10635

Simulation models for KUKA.Sim Pro version 3.1 are hosted by a server maintained by KUKA. When these devices request a model, the server transmits the model in plaintext.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：41 | 回复：0
CVE-2020-10636

Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：60 | 回复：0
CVE-2020-10640

Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：27 | 回复：0
CVE-2020-14478

A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly configured XML files to access local or remote content. A successful exploit could potentially cause a d ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：28 | 回复：0
CVE-2020-14480

Due to usernames/passwords being stored in plaintext in Random Access Memory (RAM), a local, authenticated attacker could gain access to certain credentials, including Windows Logon credentials.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：38 | 回复：0
CVE-2020-14481

The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：26 | 回复：0
CVE-2020-14502

The web interface of the 1734-AENTR communication module is vulnerable to stored XSS. A remote, unauthenticated attacker could store a malicious script within the web interface that, when executed, co ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：36 | 回复：0
CVE-2020-14504

The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST requests. A remote, unauthenticated attacker can send a crafted request that may allow for modification ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：16 | 回复：0
CVE-2021-26252

A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_prepare_page(),in ps-pdf.cxx may lead to execute arbitrary code and denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：11 | 回复：0
CVE-2021-3596

A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCrea ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：17 | 回复：0
CVE-2021-3607

An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a PVRDMA_REG_DSRHIGH write from the guest d ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：14 | 回复：0
CVE-2021-3608

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a PVRDMA_REG_DSRHIGH write from the guest and may result ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：12 | 回复：0
CVE-2021-3610

A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array siz ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:31 | 阅读：10 | 回复：0