CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-21393

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 19c and 21c. Easily exploitable vulnerability allows low privileged attac ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：47 | 回复：0
CVE-2022-21394

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.32. Easily exploitable vulnerability allows low pri ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：39 | 回复：0
CVE-2022-21395

Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easil ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：36 | 回复：0
CVE-2022-21396

Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easil ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：38 | 回复：0
CVE-2022-21397

Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easil ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：37 | 回复：0
CVE-2022-21398

Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easil ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：34 | 回复：0
CVE-2022-21399

Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easil ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：36 | 回复：0
CVE-2022-21400

Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easil ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：32 | 回复：0
CVE-2022-21401

Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easil ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：29 | 回复：0
CVE-2022-21402

Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easil ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：29 | 回复：0
CVE-2022-21403

Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easil ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：30 | 回复：0
CVE-2021-38787

There is an integer overflow in the ION driver /dev/ion of Allwinner R818 SoC Android Q SDK V1.0 that could use the ioctl cmd COMPAT_ION_IOC_SUNXI_FLUSH_RANGE to cause a system crash (denial of servic ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：27 | 回复：0
CVE-2021-45808

jpress v4.2.0 allows users to register an account by default. With the account, user can upload arbitrary files to the server.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：27 | 回复：0
CVE-2021-46104

An issue was discovered in webp_server_go 0.4.0. There is a directory traversal vulnerability that can read arbitrary file information on the server.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：33 | 回复：0
CVE-2021-44837

An issue was discovered in Delta RM 1.2. It is possible for an unprivileged user to access the same information as an admin user regarding the risk creation information in the /risque/administration/r ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：34 | 回复：0
CVE-2021-46030

There is a Cross Site Scripting attack (XSS) vulnerability in JavaQuarkBBS = v2. By entering specific statements into the background tag management module, the attack statement will be stored in the d ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：30 | 回复：0
CVE-2021-38788

The Background service in Allwinner R818 SoC Android Q SDK V1.0 is used to manage background applications. Malicious apps can use the interface provided by the service to set the number of application ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：31 | 回复：0
CVE-2022-22310

IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：35 | 回复：0
CVE-2022-23221

H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a dif ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：140 | 回复：0
CVE-2021-33912

libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：41 | 回复：0
CVE-2021-33913

libspf2 before 1.2.11 has a heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：47 | 回复：0
CVE-2021-42810

A flaw in the previous versions of the product may allow an authenticated attacker the ability to execute code as a privileged user on a system where the agent is installed.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：65 | 回复：0
CVE-2021-44299

A reflected cross-site scripting (XSS) vulnerability in \lib\packages\themes\themes.php of Navigate CMS v2.9.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted pay ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：59 | 回复：0
CVE-2021-46203

Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：127 | 回复：0
CVE-2021-46204

Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. SQL injection vulnerability via taocms\include\Model\Article.php.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：64 | 回复：0
CVE-2022-0274

Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：43 | 回复：0
CVE-2021-38789

Allwinner R818 SoC Android Q SDK V1.0 is affected by an incorrect access control vulnerability that does not check the caller's permission, in which a third-party app could change system settings. ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：44 | 回复：0
CVE-2022-0243

Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：35 | 回复：0
CVE-2022-22769

The Web server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, TIBCO EBX Add-ons, TIBCO EBX Add-ons, TIBCO EBX Add-ons, and TIBCO Product and Service Catalog powered by TIBCO E ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：33 | 回复：0
CVE-2021-23225

Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the new_username field during creation of a new user via Copy method at user_admin.ph ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：33 | 回复：0
CVE-2021-23842

Communication to the AMC2 uses a state-of-the-art cryptographic algorithm for symmetric encryption called Blowfish. An attacker could retrieve the key from the firmware to decrypt network traffic betw ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：37 | 回复：0
CVE-2021-23843

The Bosch software tools AccessIPConfig.exe and AmcIpConfig.exe are used to configure certains settings in AMC2 devices. The tool allows putting a password protection on configured devices to restrict ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：40 | 回复：0
CVE-2021-26247

As an unauthenticated remote user, visit http://CACTI_SERVER/auth_changepassword.php?ref=scriptalert(1)/script to successfully execute the JavaScript payload present in the ref URL parameter.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：23 | 回复：0
CVE-2021-3816

Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the group_prefix field during the creation of a new group via Copy method at user_group_admin.php.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：27 | 回复：0
CVE-2021-44777

Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or bulk e-mail entries deletion discovered in Email Tracker WordPress plugin (versions = 5.2.6).……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：29 | 回复：0
CVE-2022-23045

PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent JavaScript code inside the Site title parameter while updating the site settings. The Site title setting is injected in several l ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：37 | 回复：0
CVE-2022-23046

PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the subnet parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：36 | 回复：0
CVE-2022-21679

Istio is an open platform to connect, manage, and secure microservices. In Istio 1.12.0 and 1.12.1 The authorization policy with hosts and notHosts might be accidentally bypassed for ALLOW action or r ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：46 | 回复：0
CVE-2022-21699

IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：41 | 回复：0
CVE-2022-21701

Istio is an open platform to connect, manage, and secure microservices. In versions 1.12.0 and 1.12.1 Istio is vulnerable to a privilege escalation attack. Users who have `CREATE` permission for `gate ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:08 | 阅读：55 | 回复：0