CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-25803

Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：995 | 回复：0
CVE-2022-2396

A vulnerability classified as problematic was found in SourceCodester Simple e-Learning System 1.0. Affected by this vulnerability is an unknown functionality of the file /vcs/claire_blake. The manipu ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：1004 | 回复：0
CVE-2022-28369

Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not validate the user-provided URL within the crtcmode function's enable_ssh sub-operation of the crtcrpc JSON listener (found at /lib/func ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：1007 | 回复：0
CVE-2022-28370

On Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 devices, the RPC endpoint crtc_fw_upgrade provides a means of provisioning a firmware update for the device. /lib/functions/wnc_jsonsh/wnc_crtc_ ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：630 | 回复：0
CVE-2022-28371

On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static certificate for access control. This certificate is emb ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：674 | 回复：0
CVE-2022-28372

On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints provide a means of provisioning a firmware update for the device via crt ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：553 | 回复：0
CVE-2022-28373

Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not properly sanitize user-controlled parameters within the crtcreadpartition function of the crtcrpc JSON listener in /usr/lib/lua/luci/crtc.l ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：649 | 回复：0
CVE-2022-28374

Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the DMACC URLs on the Settings page of the Engineering portal. An authenticated remote ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：593 | 回复：0
CVE-2022-28375

Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener. A remote attacker on t ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：642 | 回复：0
CVE-2022-28377

On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static account username/password for access control. This pass ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：660 | 回复：0
CVE-2022-30113

Electronic mall system 1.0_build20200203 is affected vulnerable to SQL Injection.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：617 | 回复：0
CVE-2022-30024

A buffer overflow in the httpd daemon on TP-Link TL-WR841N V12 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：810 | 回复：0
CVE-2020-14127

A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by heap overflow and can be exploited by attackers to make remote denial of service.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：585 | 回复：0
CVE-2022-1662

In convert2rhel, there's an ansible playbook named ansible/run-convert2rhel.yml which passes the Red Hat Subscription Manager user password via the CLI to convert2rhel. This could allow unauthoriz ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：779 | 回复：0
CVE-2022-28876

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aeheur.dll component can crash the scanning engine. The exploit ca ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：1805 | 回复：0
CVE-2022-29593

relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication or a valid signed/authorized request.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：586 | 回复：0
CVE-2022-2393

A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：594 | 回复：0
CVE-2022-32210

`Undici.ProxyAgent` never verifies the remote server's certificate, and always exposes all request response data to the proxy. This unexpectedly means that proxies can MitM all HTTPS traffic, and ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：638 | 回复：0
CVE-2022-32212

A OS Command Injection vulnerability exists in Node.js versions 14.20.0, 16.20.0, 18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly ch ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：632 | 回复：0
CVE-2022-32213

The llhttp parser in the http module in Node.js v17.x does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：701 | 回复：0
CVE-2022-32214

The llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：733 | 回复：0
CVE-2022-32215

The llhttp parser in the http module in Node v17.6.0 does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：647 | 回复：0
CVE-2022-32222

A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-ad ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：632 | 回复：0
CVE-2022-32223

Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Window ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：798 | 回复：0
CVE-2022-32225

A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft System Center 8.0. This vulnerability could be exploited by an attacker by conv ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：1017 | 回复：0
CVE-2021-45492

In Sage 300 ERP (formerly accpac) through 6.8.x, the installer configures the C:\Sage\Sage300\Runtime directory to be the first entry in the system-wide PATH environment variable. However, this direct ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：586 | 回复：0
CVE-2021-39015

IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus a ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：907 | 回复：0
CVE-2021-39016

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the so ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：551 | 回复：0
CVE-2021-39017

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 2 ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：574 | 回复：0
CVE-2021-39018

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the syst ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：718 | 回复：0
CVE-2021-39019

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose highly sensitive information through an HTTP GET request to an authenticated user. IBM X-Force ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：592 | 回复：0
CVE-2021-39028

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：960 | 回复：0
CVE-2022-22473

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console data. This information could ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：596 | 回复：0
CVE-2022-22477

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended function ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：609 | 回复：0
CVE-2022-35283

IBM Security Verify Information Queue 10.0.2 could allow an authenticated user to cause a denial of service with a specially crafted HTTP request.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：585 | 回复：0
CVE-2022-22450

IBM Security Verify Identity Manager 10.0 could allow a privileged user to upload a malicious file by bypassing extension security in an HTTP request. IBM X-Force ID: 224916.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：1190 | 回复：0
CVE-2022-22452

IBM Security Verify Identity Manager 10.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 224918.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：600 | 回复：0
CVE-2022-22453

IBM Security Verify Identity Manager 10.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 224919.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：638 | 回复：0
CVE-2022-22460

IBM Security Verify Identity Manager 10.0 contains sensitive information in the source code repository that could be used in further attacks against the system. IBM X-Force ID: 225013.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：1840 | 回复：0
CVE-2022-2401

Unrestricted information disclosure of all users in Mattermost version 6.7.0 and earlier allows team members to access some sensitive information by directly accessing the APIs.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：595 | 回复：0