CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-2468

A vulnerability was found in SourceCodester Garage Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /editbrand.php. The manipulation of the argu ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：566 | 回复：0
CVE-2022-26113

An execution with unnecessary privileges vulnerability in FortiClientWindows 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.10 may allow a local attacker to perform ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：1221 | 回复：0
CVE-2022-27483

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager version 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.x and 6.0.x and Fort ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：956 | 回复：0
CVE-2022-29057

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiEDR version 5.1.0, 5.0.0 through 5.0.3 Patch 6 and 4.0.0 allows a remote authenticated a ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：698 | 回复：0
CVE-2022-29060

A use of hard-coded cryptographic key vulnerability in FortiDDoS API 5.5.0 through 5.5.1, 5.4.0 through 5.4.2, 5.3.0 through 5.3.1, 5.2.0, 5.1.0 may allow an attacker who managed to retrieve the key ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：617 | 回复：0
CVE-2022-2453

Use After Free in GitHub repository gpac/gpac prior to 2.1-DEV.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：605 | 回复：0
CVE-2022-2454

Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to 2.1-DEV.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：1018 | 回复：0
CVE-2022-30301

A path traversal vulnerability in FortiAP-U CLI 6.2.0 through 6.2.3, 6.0.0 through 6.0.4, 5.4.0 through 5.4.6 may allow an admin user to delete and access unauthorized files and data via specifically ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：1029 | 回复：0
CVE-2022-30302

Multiple relative path traversal vulnerabilities in FortiDeceptor management interface 1.0.0 through 3.2.x, 3.3.0 through 3.3.2, 4.0.0 through 4.0.1 may allow a remote and authenticated attacker to r ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：609 | 回复：0
CVE-2021-32504

Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch fu ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：788 | 回复：0
CVE-2022-1984

This issue affects: HYPR Windows WFA versions prior to 7.2; Unsafe Deserialization vulnerability in HYPR Workforce Access (WFA) before version 7.2 may allow local authenticated attackers to elevate pr ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：1307 | 回复：0
CVE-2022-24082

If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to u ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：915 | 回复：0
CVE-2022-2192

Forced Browsing vulnerability in HYPR Server version 6.10 to 6.15.1 allows remote attackers with a valid one-time recovery token to elevate privileges via path tampering in the Magic Link page. This i ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：1064 | 回复：0
CVE-2022-33673

Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30181, CVE-2022-33641, CVE-2022-33642, CVE-2022-33643, CVE-2022-33650, CVE-2022-33651, CVE-2022-33652, CVE ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：609 | 回复：0
CVE-2022-33674

Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30181, CVE-2022-33641, CVE-2022-33642, CVE-2022-33643, CVE-2022-33650, CVE-2022-33651, CVE-2022-33652, CVE ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：565 | 回复：0
CVE-2022-33675

Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30181, CVE-2022-33641, CVE-2022-33642, CVE-2022-33643, CVE-2022-33650, CVE-2022-33651, CVE-2022-33652, CVE ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：600 | 回复：0
CVE-2022-33676

Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-33678.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：644 | 回复：0
CVE-2022-33677

Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30181, CVE-2022-33641, CVE-2022-33642, CVE-2022-33643, CVE-2022-33650, CVE-2022-33651, CVE-2022-33652, CVE ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：640 | 回复：0
CVE-2022-33678

Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-33676.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：621 | 回复：0
CVE-2022-35628

A SQL injection issue was discovered in the lux extension before 17.6.1, and 18.x through 24.x before 24.0.2, for TYPO3.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：570 | 回复：0
CVE-2021-46827

An issue was discovered in Oxygen XML WebHelp before 22.1 build 2021082006 and 23.x before 23.1 build 2021090310. An XSS vulnerability in search terms proposals (in online documentation generated usin ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：568 | 回复：0
CVE-2022-31781

Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles Content Types. Specially crafted Content Types may cause catastrophic backtracki ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：582 | 回复：0
CVE-2019-10761

This affects the package vm2 before 3.6.11. It is possible to trigger a RangeError exception from the host rather than the sandboxed context by reaching the stack call limit with an infinite recursion ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：606 | 回复：0
CVE-2019-10800

This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：550 | 回复：0
CVE-2020-35257

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：572 | 回复：0
CVE-2021-27294

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：791 | 回复：0
CVE-2020-35259

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：561 | 回复：0
CVE-2022-32274

The Transition Scheduler add-on 6.5.0 for Atlassian Jira is prone to stored XSS via the project name to the creation function.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：602 | 回复：0
CVE-2022-32065

An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：882 | 回复：0
CVE-2022-32073

WolfSSH v1.4.7 was discovered to contain an integer overflow via the function wolfSSH_SFTP_RecvRMDIR.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：597 | 回复：0
CVE-2022-32074

A stored cross-site scripting (XSS) vulnerability in the component audit/class.audit.php of osTicket-plugins - Storage-FS before commit a7842d494889fd5533d13deb3c6a7789768795ae allows attackers to exe ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：983 | 回复：0
CVE-2022-32096

Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via the component r_jwe_aesgcm_key_unwrap. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted JWE t ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：620 | 回复：0
CVE-2022-34358

IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentiall ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：586 | 回复：0
CVE-2017-20126

A vulnerability was found in KB Affiliate Referral Script 1.0. It has been classified as critical. This affects an unknown part of the file /index.php. The manipulation of the argument username/passwo ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：604 | 回复：0
CVE-2017-20127

A vulnerability was found in KB Login Authentication Script 1.1 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument username/password wit ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：1241 | 回复：0
CVE-2017-20128

A vulnerability has been found in KB Messages PHP Script 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument username/password ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：656 | 回复：0
CVE-2022-28888

Spryker Commerce OS 1.4.2 allows Remote Command Execution.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：2129 | 回复：0
CVE-2022-20212

In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution priv ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：893 | 回复：0
CVE-2022-20216

android exported is used to set third-party app access permissions, and the default value of intent-filter is true. com.sprd.firewall has set exported as true.Product: AndroidVersions: Android SoCAndr ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：727 | 回复：0
CVE-2022-20217

There is a unauthorized broadcast in the SprdContactsProvider. A third-party app could use this issue to delete Fdn contact.Product: AndroidVersions: Android SoCAndroid ID: A-232441378……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：698 | 回复：0