CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-22922

TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovered to use highly predictable and easily detectable session keys, allowing attackers to gain administrative privileges.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：22 | 回复：0
CVE-2021-46108

D-Link DSL-2730E CT-20131125 devices allow XSS via the username parameter to the password page in the maintenance configuration.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：22 | 回复：0
CVE-2022-25313

In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：22 | 回复：0
CVE-2022-25314

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：22 | 回复：0
CVE-2022-25315

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：18 | 回复：0
CVE-2022-25317

An issue was discovered in Cerebrate through 1.4. genericForm allows reflected XSS in form descriptions via a user-controlled description.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：17 | 回复：0
CVE-2022-25318

An issue was discovered in Cerebrate through 1.4. An incorrect sharing group ACL allowed an unprivileged user to edit and modify sharing groups.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：17 | 回复：0
CVE-2022-25319

An issue was discovered in Cerebrate through 1.4. Endpoints could be open even when not enabled.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：17 | 回复：0
CVE-2022-25320

An issue was discovered in Cerebrate through 1.4. Username enumeration could occur.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：17 | 回复：0
CVE-2022-25321

An issue was discovered in Cerebrate through 1.4. XSS could occur in the bookmarks component.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：17 | 回复：0
CVE-2020-8107

A Process Control vulnerability in ProductAgentUI.exe as used in Bitdefender Antivirus Plus allows an attacker to tamper with product settings via a specially crafted DLL file. This issue affects: Bit ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：17 | 回复：0
CVE-2022-0660

Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：18 | 回复：0
CVE-2021-46372

Scoold 1.47.2 is a QA/knowledge base platform written in Java. When writing a QA, the markdown editor is vulnerable to a XSS attack when using uppercase letters.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：19 | 回复：0
CVE-2022-25298

This affects the package sprinfall/webcc before 0.3.0. It is possible to traverse directories to fetch arbitrary files from the server.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：19 | 回复：0
CVE-2022-25299

This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mg_http_upload() method may enable attackers to write files to arbitrary locations outside t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：18 | 回复：0
CVE-2022-0451

Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. These headers may be explicitly set and contain sensitive information. By ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：18 | 回复：0
CVE-2022-0631

Heap-based Buffer Overflow in Homebrew mruby prior to 3.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：18 | 回复：0
CVE-2022-0664

Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker prior to 0.8.5,0.9.4,0.10.0,0.10.1.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：22 | 回复：0
CVE-2022-0666

CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：29 | 回复：0
CVE-2022-23647

Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism's command line plugin can be used by attackers to achieve a cross-site scripting attack. The ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：21 | 回复：0
CVE-2022-25322

ZEROF Web Server 2.0 allows /HandleEvent SQL Injection.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：16 | 回复：0
CVE-2022-25323

ZEROF Web Server 2.0 allows /admin.back XSS.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：16 | 回复：0
CVE-2016-2124

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：15 | 回复：0
CVE-2020-25717

A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：12 | 回复：0
CVE-2020-25718

A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：8 | 回复：0
CVE-2020-25719

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：8 | 回复：0
CVE-2020-25722

Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：9 | 回复：0
CVE-2020-8242

Unsanitized user input in ExpressionEngine = 5.4.0 control panel member creation leads to an SQL injection. The user needs member creation/admin control panel access to execute the attack.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：9 | 回复：0
CVE-2021-20315

A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the Application menu or Window list GNOME extensions are enabled. This flaw allows a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：9 | 回复：0
CVE-2021-20320

A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may le ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：9 | 回复：0
CVE-2021-20321

A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：9 | 回复：0
CVE-2021-20322

A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw all ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：9 | 回复：0
CVE-2021-20325

Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of httpd, as shipped in Red Hat Enterprise Linux 8.5.0, causes a security regression compared to the versions shipped in Red Hat Ent ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：9 | 回复：0
CVE-2021-26618

An improper input validation leading to arbitrary file creation was discovered in ToWord of ToOffice. Remote attackers use this vulnerability to execute arbitrary file included malicious code.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：9 | 回复：0
CVE-2021-26619

An path traversal vulnerability leading to delete arbitrary files was discovered in BigFileAgent. Remote attackers can use this vulnerability to delete arbitrary files of unspecified number of users.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：8 | 回复：0
CVE-2021-30650

A reflected cross-site scripting (XSS) vulnerability in the Symantec Layer7 API Management OAuth Toolkit (OTK) allows a remote attacker to craft a malicious URL for the OTK web UI and target OTK users ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：8 | 回复：0
CVE-2021-38935

IBM Maximo Asset Management 7.6.1.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 210892.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：9 | 回复：0
CVE-2021-39026

IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attack ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：9 | 回复：0
CVE-2021-3657

A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email s ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：9 | 回复：0
CVE-2021-3930

An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS ( ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：9 | 回复：0