CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-22538

When a user opens a manipulated Adobe Illustrator file format (.ai, ai.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes tempor ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:28 | 阅读：12 | 回复：0
CVE-2022-22539

When a user opens a manipulated JPEG file format (.jpg, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavai ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:28 | 阅读：11 | 回复：0
CVE-2022-22540

SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute crafted database queries, that could expose the backe ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:28 | 阅读：10 | 回复：0
CVE-2022-22542

S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role, AND Enterprise Search for Customer, Supplier and Business Partner objects ex ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:28 | 阅读：10 | 回复：0
CVE-2022-22543

SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NU ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:28 | 阅读：9 | 回复：0
CVE-2022-22544

Solution Manager (Diagnostics Root Cause Analysis Tools) - version 720, allows an administrator to execute code on all connected Diagnostics Agents and browse files on their systems. An attacker could ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:28 | 阅读：7 | 回复：0
CVE-2022-22545

A high privileged user who has access to transaction SM59 can read connection details stored with the destination for http calls in SAP NetWeaver Application Server ABAP and ABAP Platform - versions 7 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:28 | 阅读：6 | 回复：0
CVE-2022-22546

Due to improper HTML encoding in input control summary, an authorized attacker can execute XSS vulnerability in SAP Business Objects Web Intelligence (BI Launchpad) - version 420.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:28 | 阅读：8 | 回复：0
CVE-2022-22779

The Keybase Clients for macOS and Windows before version 5.9.0 fails to properly remove exploded messages initiated by a user. This can occur if the receiving user switches to a non-chat feature and p ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:28 | 阅读：7 | 回复：0
CVE-2022-22780

The Zoom Client for Meetings chat functionality was susceptible to Zip bombing attacks in the following product versions: Android before version 5.8.6, iOS before version 5.9.0, Linux before version 5 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:28 | 阅读：7 | 回复：0
CVE-2022-22807

A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:28 | 阅读：8 | 回复：0
CVE-2022-22808

A CWE-942: Permissive Cross-domain Policy with Untrusted Domains vulnerability exists that could cause a remote attacker to gain unauthorized access to the product when conducting cross-domain attacks ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:28 | 阅读：10 | 回复：0
CVE-2022-22809

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow modifications of the touch configurations in an unauthorized manner when an attacker attempts to modify th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:28 | 阅读：16 | 回复：0
CVE-2022-22810

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to manipulate the admin after numerous attempts at guessing credentials. Affected ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:28 | 阅读：16 | 回复：0
CVE-2022-22811

A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could induce users to perform unintended actions, leading to the override of the system?s configurations when an attacker persuad ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:28 | 阅读：17 | 回复：0
CVE-2022-22812

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause a web session compromise when an attacker injects and then ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:28 | 阅读：19 | 回复：0
CVE-2022-22813

A CWE-798: Use of Hard-coded Credentials vulnerability exists. If an attacker were to obtain the TLS cryptographic key and take active control of the Courier tunneling communication network, they coul ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:28 | 阅读：17 | 回复：0
CVE-2022-23047

Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the Site/Organization Name,Site Title and Site Header parameters while updating the site setting ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:28 | 阅读：17 | 回复：0
CVE-2022-23048

Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at theme ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:28 | 阅读：20 | 回复：0
CVE-2022-23049

Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the User-Agent header when logging in. When an administrator user visits the User Sessions tab, the JavaSc ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:28 | 阅读：21 | 回复：0
CVE-2022-24310

A CWE-190: Integer Overflow or Wraparound vulnerability exists that could cause heap-based buffer overflow, leading to denial of service and potentially remote code execution when an attacker sends mu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:28 | 阅读：20 | 回复：0
CVE-2022-24311

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by inserting at beginning of file or create a new file in t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:28 | 阅读：17 | 回复：0
CVE-2022-24312

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by adding at end of file or create a new file in the contex ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:28 | 阅读：25 | 回复：0
CVE-2022-24313

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially leading to remote code execution when an attacker sends a speciall ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:28 | 阅读：19 | 回复：0
CVE-2022-24314

A CWE-125: Out-of-bounds Read vulnerability exists that could cause memory leaks potentially resulting in denial of service when an attacker repeatedly sends a specially crafted message. Affected Prod ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:28 | 阅读：21 | 回复：0
CVE-2022-24315

A CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service when an attacker repeatedly sends a specially crafted message. Affected Product: Interactive Graphical SCADA Syste ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:28 | 阅读：20 | 回复：0
CVE-2022-24316

A CWE-665: Improper Initialization vulnerability exists that could cause information exposure when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System D ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:28 | 阅读：17 | 回复：0
CVE-2022-24317

A CWE-862: Missing Authorization vulnerability exists that could cause information exposure when an attacker sends a specific message. Affected Product: Interactive Graphical SCADA System Data Server ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:28 | 阅读：16 | 回复：0
CVE-2022-24318

A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of the ViewX client are used. Affected Product: Clear ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:28 | 阅读：17 | 回复：0
CVE-2022-24319

A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA web server are intercepted. Affected Pro ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:28 | 阅读：15 | 回复：0
CVE-2022-24320

A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA database server are intercepted. Affecte ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:28 | 阅读：16 | 回复：0
CVE-2022-24321

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause Denial of Service against the Geo SCADA server when receiving a malformed HTTP request. Affected P ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:28 | 阅读：15 | 回复：0
CVE-2022-24666

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack affects all swift-nio-http2 versions from 1. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:28 | 阅读：14 | 回复：0
CVE-2022-24667

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded header block. This attack affects all swift-nio-http2 ve ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:28 | 阅读：15 | 回复：0
CVE-2022-24668

A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC or ORIGIN frames. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.1 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:28 | 阅读：16 | 回复：0
CVE-2021-25992

In Ifme, versions 1.0.0 to v.7.33.2 don’t properly invalidate a user’s session even after the user initiated logout. It makes it possible for an attacker to reuse the admin cookies either via local/ ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:28 | 阅读：15 | 回复：0
CVE-2022-0558

Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:28 | 阅读：17 | 回复：0
CVE-2021-45901

The password-reset form in ServiceNow Orlando provides different responses to invalid authentication attempts depending on whether the username exists.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:28 | 阅读：18 | 回复：0
CVE-2022-24111

In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios created in groups that have not been shared with non-group members and portfolios created on the site and institution levels can be ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:28 | 阅读：18 | 回复：0
CVE-2021-31814

In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a client from accessing the VPN and can obtain sensitive information through the SN VPN SSL Client.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:28 | 阅读：16 | 回复：0