CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-24982

Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to access the cleartext credentials of all other form users. admin.php contains a hidden base64-encoded strin ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：6 | 回复：0
CVE-2022-24983

Forms generated by JQueryForm.com before 2022-02-05 allow remote attackers to obtain the URI to any uploaded file by capturing the POST response. When chained with CVE-2022-24984, this could lead to u ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：6 | 回复：0
CVE-2022-24984

Forms generated by JQueryForm.com before 2022-02-05 (if file-upload capability is enabled) allow remote unauthenticated attackers to upload executable files and achieve remote code execution. This occ ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：6 | 回复：0
CVE-2022-24985

Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to bypass authentication and access the administrative section of other forms hosted on the same web server. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：6 | 回复：0
CVE-2022-25271

Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：6 | 回复：0
CVE-2022-25270

The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the access in-place editing permission viewing some content they are are not authoriz ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：6 | 回复：0
CVE-2022-0622

Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：6 | 回复：0
CVE-2022-22901

There is an Assertion in 'context_p-next_scanner_info_p-type == SCANNER_TYPE_FUNCTION' failed at parser_parse_function_arguments in /js/js-parser.c of JerryScript commit a6ab5e9.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：6 | 回复：0
CVE-2022-24953

The Crypt_GPG extension before 1.6.7 for PHP does not prevent additional options in GPG calls, which presents a risk for certain environments and GPG versions.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：6 | 回复：0
CVE-2022-0623

Out-of-bounds Read in Homebrew mruby prior to 3.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：6 | 回复：0
CVE-2021-46368

TRIGONE Remote System Monitor 3.61 is vulnerable to an unquoted path service allowing local users to launch processes with elevated privileges.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：6 | 回复：0
CVE-2022-0629

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：6 | 回复：0
CVE-2022-22899

Core FTP / SFTP Server v2 Build 725 was discovered to allow unauthenticated attackers to cause a Denial of Service (DoS) via a crafted packet through the SSH service.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：6 | 回复：0
CVE-2022-23318

A heap-buffer-overflow in pcf2bdf, versions = 1.05 allows an attacker to trigger unsafe memory access via a specially crafted PCF font file. This out-of-bound read may lead to an application crash, in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：6 | 回复：0
CVE-2022-23319

A segmentation fault during PCF file parsing in pcf2bdf versions =1.05 allows an attacker to trigger a program crash via a specially crafted PCF font file. This crash affects the availability of the s ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：8 | 回复：0
CVE-2022-20653

A vulnerability in the DNS-based Authentication of Named Entities (DANE) email verification component of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：9 | 回复：0
CVE-2022-20659

A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an unauthenticated, remote attacker to conduct a cr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：8 | 回复：0
CVE-2022-20750

A vulnerability in the checkpoint manager implementation of Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS Software could allow an unauthenticated, remote attacker to cause the checkpoi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：9 | 回复：0
CVE-2022-23632

Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.6.1, Traefik skips the router transport layer security (TLS) configuration when the host header is a fully qualified domain name ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：9 | 回复：0
CVE-2021-44868

A problem was found in ming-soft MCMS v5.1. There is a sql injection vulnerability in /ms/cms/content/list.do……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：9 | 回复：0
CVE-2021-39034

IBM MQ 9.1 LTS is vulnerable to a denial of service attack caused by an issue within the channel process. IBM X-Force ID: 213964.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：9 | 回复：0
CVE-2022-0638

Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：9 | 回复：0
CVE-2022-24683

HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec (or job-submit) capabilities to read arbitrary files on the host filesystem as ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：11 | 回复：0
CVE-2022-0639

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：13 | 回复：0
CVE-2021-46247

The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from ASUS CMAX6000 v1.02.00.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：15 | 回复：0
CVE-2022-0633

The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：14 | 回复：0
CVE-2022-22912

Prototype pollution vulnerability via .parse() in Plist before v3.0.4 allows attackers to cause a Denial of Service (DoS) and may lead to remote code execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：14 | 回复：0
CVE-2014-8597

A reflected cross-site scripting (XSS) vulnerability in PHP-Fusion 7.02.07 allows remote attackers to inject arbitrary web script or HTML via the status parameter in the CMS admin panel.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：12 | 回复：0
CVE-2021-45382

A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file. Note ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：13 | 回复：0
CVE-2021-46314

A Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetNetworkTomographySettings.php of D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin because backti ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：14 | 回复：0
CVE-2022-22914

An incorrect access control issue in the component FileManager of Ovidentia CMS 6.0 allows authenticated attackers to to view and download content in the upload directory via path traversal.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：14 | 回复：0
CVE-2022-23646

Next.js is a React framework. Starting with version 10.0.0 and prior to version 12.1.0, Next.js is vulnerable to User Interface (UI) Misrepresentation of Critical Information. In order to be affected, ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：14 | 回复：0
CVE-2021-46315

Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetWizardConfig.php in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicoius users can use this ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：15 | 回复：0
CVE-2021-46319

Remote Code Execution (RCE) vulnerability exists in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicious users can use this vulnerability to use \ or backticks to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：14 | 回复：0
CVE-2022-22916

O2OA v6.4.7 was discovered to contain a remote code execution (RCE) vulnerability via /x_program_center/jaxrs/invoke.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：12 | 回复：0
CVE-2021-3155

snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been priv ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：16 | 回复：0
CVE-2021-44730

snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binar ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：16 | 回复：0
CVE-2021-44731

A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their o ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：14 | 回复：0
CVE-2021-4120

snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content inter ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：21 | 回复：0
CVE-2021-41599

A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permis ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：28 | 回复：0