CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-2406

The legacy Slack import feature in Mattermost version 6.7.0 and earlier fails to properly limit the sizes of imported files, which allows an authenticated attacker to crash the server by importing lar ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：574 | 回复：0
CVE-2022-2408

The Guest account feature in Mattermost version 6.7.0 and earlier fails to properly restrict the permissions, which allows a guest user to fetch a list of all public channels in the team, in spite of ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：644 | 回复：0
CVE-2022-31142

@fastify/bearer-auth is a Fastify plugin to require bearer Authorization headers. @fastify/bearer-auth prior to versions 7.0.2 and 8.0.1 does not securely use crypto.timingSafeEqual. A malicious attac ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：791 | 回复：0
CVE-2021-26382

An attacker with root account privileges can load any legitimately signed firmware image into the Audio Co-Processor (ACP,) irrespective of the respective signing key being declared as usable for auth ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：845 | 回复：0
CVE-2021-26384

A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：617 | 回复：0
CVE-2021-4135

A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being cal ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：1124 | 回复：0
CVE-2022-23825

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：838 | 回复：0
CVE-2022-31147

The jQuery Validation Plugin (jquery-validation) provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service (ReDoS) whe ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：663 | 回复：0
CVE-2022-31156

Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies either through their checksum or cryptograph ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：1047 | 回复：0
CVE-2022-32297

Piwigo v12.2.0 was discovered to contain SQL injection vulnerability via the Search function.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：997 | 回复：0
CVE-2022-32298

Toybox v0.8.7 was discovered to contain a NULL pointer dereference via the component httpd.c. This vulnerability can lead to a Denial of Service (DoS) via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：668 | 回复：0
CVE-2022-32317

The MPlayer Project v1.5 was discovered to contain a heap use-after-free resulting in a double free in the preinit function at libvo/vo_v4l2.c. This vulnerability can lead to a Denial of Service (DoS) ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：579 | 回复：0
CVE-2022-32318

Fast Food Ordering System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via the component /ffos/classes/Master.php?f=save_category.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：563 | 回复：0
CVE-2022-32323

AutoTrace v0.40.0 was discovered to contain a heap overflow via the ReadImage function at input-bmp.c:660.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：761 | 回复：0
CVE-2022-32389

Isode SWIFT v4.0.2 was discovered to contain hard-coded credentials in the Registry Editor. This allows attackers to access sensitive information such as user credentials and certificates.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：1429 | 回复：0
CVE-2022-32406

GtkRadiant v1.6.6 was discovered to contain a buffer overflow via the component q3map2. This vulnerability can cause a Denial of Service (DoS) via a crafted MAP file.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：670 | 回复：0
CVE-2022-32409

A local file inclusion (LFI) vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP reque ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：979 | 回复：0
CVE-2022-32415

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/?p=products/view_productid=.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：645 | 回复：0
CVE-2022-32416

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_product.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：582 | 回复：0
CVE-2022-32417

PbootCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the function parserIfLabel at function.php.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：1173 | 回复：0
CVE-2022-32425

The login function of Mealie v1.0.0beta-2 allows attackers to enumerate existing usernames by timing the server's response time.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：769 | 回复：0
CVE-2022-34092

Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via svg2img.php.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：723 | 回复：0
CVE-2022-34093

Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via access_token.php.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：1070 | 回复：0
CVE-2022-34094

Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via request_token.php.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：641 | 回复：0
CVE-2022-2418

A vulnerability was found in URVE Web Manager. It has been classified as critical. This affects an unknown part of the file kreator.html5/img_upload.php. The manipulation leads to unrestricted upload. ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：1483 | 回复：0
CVE-2022-2419

A vulnerability was found in URVE Web Manager. It has been declared as critical. This vulnerability affects unknown code of the file _internal/collector/upload.php. The manipulation leads to unrestric ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：564 | 回复：0
CVE-2022-2420

A vulnerability was found in URVE Web Manager. It has been rated as critical. This issue affects some unknown processing of the file _internal/uploader.php. The manipulation leads to unrestricted uplo ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：488 | 回复：0
CVE-2022-1881

In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：1361 | 回复：0
CVE-2022-29890

In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：1208 | 回复：0
CVE-2020-35261

Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Restaurant Name field to /dashboard/profile.php.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：605 | 回复：0
CVE-2020-36550

Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Table Name field to /dashboard/table-list.php.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：614 | 回复：0
CVE-2020-36551

Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Item Name field to /dashboard/menu-list.php.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：613 | 回复：0
CVE-2020-36552

Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Made field to /dashboard/menu-list.php.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：538 | 回复：0
CVE-2020-36553

Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Area(food_type) field to /dashboard/menu-list.php.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：953 | 回复：0
CVE-2021-36461

An Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that allows attackers to getshell via the Settings Upload Picture section by uploading pictures with malicious code, user.ini.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：1369 | 回复：0
CVE-2022-30242

Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated configuration changes from remote users. This enables configuration data to be stored on the controller and then ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：622 | 回复：0
CVE-2022-30243

Honeywell Alerton Visual Logic through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be stored on the controller and then run without verification. A use ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：1140 | 回复：0
CVE-2022-30244

Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be store on the controller and then run without verif ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：1063 | 回复：0
CVE-2022-30245

Honeywell Alerton Compass Software 1.6.5 allows unauthenticated configuration changes from remote users. This enables configuration data to be stored on the controller and then implemented. A user wit ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：937 | 回复：0
CVE-2022-31097

Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：544 | 回复：0