CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-0571

Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-test-suite/phoronix-test-suite prior to 10.8.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：16 | 回复：0
CVE-2022-0572

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：14 | 回复：0
CVE-2022-0575

Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.2.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：14 | 回复：0
CVE-2022-0576

Cross-site Scripting (XSS) - Generic in Packagist librenms/librenms prior to 22.1.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：13 | 回复：0
CVE-2022-24110

Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' passwords. This is fixed in version 7.6 and later.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：10 | 回复：0
CVE-2022-24976

Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：10 | 回复：0
CVE-2022-24977

ImpressCMS before 1.4.2 allows unauthenticated remote code execution via ...../// directory traversal in origName or imageName, leading to unsafe interaction with the CKEditor processImage.php script. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：11 | 回复：0
CVE-2021-45420

** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：11 | 回复：0
CVE-2021-45421

** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are affected by information disclosure via directory listing. A potential attacker can use this misconfiguration to access all the file ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：14 | 回复：0
CVE-2022-24686

HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download functionality has a race condition such that the Nomad client agent could download the wrong artifact int ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：13 | 回复：0
CVE-2021-46371

antd-admin 5.5.0 is affected by an incorrect access control vulnerability. Unauthorized access to some interfaces in the foreground leads to leakage of sensitive information.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：14 | 回复：0
CVE-2022-0512

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：18 | 回复：0
CVE-2021-45392

A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21_CN in the sub_422CE4 function in page /goform/setIPv6Status via the prefixDelegate parameter, which causes a Denial of Service.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：16 | 回复：0
CVE-2021-39079

IBM Cognos Analytics Mobile for Android applications prior to version 1.1.14 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：21 | 回复：0
CVE-2021-39080

Due to weak obfuscation, IBM Cognos Analytics Mobile for Android application prior to version 1.1.14 , an attacker could be able to reverse engineer the codebase to gain knowledge about the programmin ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：21 | 回复：0
CVE-2022-22854

An access control issue in hprms/admin/?page=user/list of Hospital Patient Record Management System v1.0 allows attackers to escalate privileges via accessing and editing the user list.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：19 | 回复：0
CVE-2022-23367

Fulusso v1.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in /BindAccount/SuccessTips.js. This vulnerability allows attackers to inject malicious code into a victim u ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：19 | 回复：0
CVE-2021-45346

A Memory Leak vulnerabilty exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subse ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：20 | 回复：0
CVE-2021-45347

An Incorrect Access Control vulnerability exists in zzcms 8.2, which lets a malicious user bypass authentication by changing the user name in the cookie to use any password.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：17 | 回复：0
CVE-2022-0579

Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3.9.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：18 | 回复：0
CVE-2022-25150

In Malwarebytes Binisoft Windows Firewall Control before 6.8.1.0, programs executed from the Tools tab can be used to escalate privileges.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：20 | 回复：0
CVE-2019-16864

CompleteFTPService.exe in the server in EnterpriseDT CompleteFTP before 12.1.4 allows Remote Code Execution by leveraging a Windows user account that has SSH access. The exec command is always run as ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：22 | 回复：0
CVE-2021-43106

A Header Injection vulnerability exists in Compass Plus TranzWare Online FIMI Web Interface Tranzware Online (TWO) 5.3.33.3 F38 and FIMI 4.2.19.4 25.The HTTP host header can be manipulated and cause t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：17 | 回复：0
CVE-2021-45348

An Arbitrary File Deletion vulnerability exists in SourceCodester Attendance Management System v1.0 via the csv parameter in admin/pageUploadCSV.php, which can cause a Denial of Service (crash).……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：19 | 回复：0
CVE-2022-24988

In galois_2p8 before 0.1.2, PrimitivePolynomialField::new has an off-by-one buffer overflow for a vector.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：18 | 回复：0
CVE-2019-25057

In Corda before 4.1, the meaning of serialized data can be modified via an attacker-controlled CustomSerializer.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：18 | 回复：0
CVE-2021-45310

Sangoma Technologies Corporation Switchvox Version 102409 is affected by an information disclosure vulnerability due to an improper access restriction. Users information such as first name, last name, ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：17 | 回复：0
CVE-2022-22295

Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in parameter_admin.class.php via the table_para parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：17 | 回复：0
CVE-2022-23335

Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in language_general.class.php via doModifyParameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：18 | 回复：0
CVE-2022-23336

S-CMS v5.0 was discovered to contain a SQL injection vulnerability in member_pay.php via the O_id parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：18 | 回复：0
CVE-2022-23337

DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerability in article_coonepage_rule.php via the ids parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：21 | 回复：0
CVE-2022-23389

PublicCMS v4.0 was discovered to contain a remote code execution (RCE) vulnerability via the cmdarray parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：18 | 回复：0
CVE-2022-23390

An issue in the getType function of BBS Forum v5.3 and below allows attackers to upload arbitrary files.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：24 | 回复：0
CVE-2022-23391

A cross-site scripting (XSS) vulnerability in Pybbs v6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Search box.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：20 | 回复：0
CVE-2022-23637

K-Box is a web-based application to manage documents, images, videos and geodata. Prior to version 0.33.1, a stored Cross-Site-Scripting (XSS) vulnerability is present in the markdown editor used by t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：19 | 回复：0
CVE-2022-23638

svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scripting vulnerability impacts all users of the `svg-sanitizer` library prior to version 0.15.0. This issue is fixed in version 0.15. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：18 | 回复：0
CVE-2022-23902

Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in export_data.php via the d_name parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：23 | 回复：0
CVE-2022-24206

Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in /mobile_seal/get_seal.php via the DEVICE_LIST parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：19 | 回复：0
CVE-2021-45005

Artifex MuJS v1.1.3 was discovered to contain a heap buffer overflow which is caused by conflicting JumpList of nested try/finally statements.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：23 | 回复：0
CVE-2021-46461

njs through 0.7.0, used in NGINX, was discovered to contain an out-of-bounds array access via njs_vmcode_typeof in /src/njs_vmcode.c.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：23 | 回复：0