CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-31157

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the function used to generate random nonces was not sufficiently cryptographicall ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：577 | 回复：0
CVE-2022-31158

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the Nonce Claim Value was not being validated against the nonce value sent in the ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：603 | 回复：0
CVE-2022-31159

The AWS SDK for Java enables Java developers to work with Amazon Web Services. A partial-path traversal issue exists within the `downloadDirectory` method in the AWS S3 TransferManager component of th ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：1477 | 回复：0
CVE-2021-34986

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.5.0 (49183). An attacker must first obtain the ability to execute low-privileged code ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：1140 | 回复：0
CVE-2021-34987

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.5.1 (49187). An attacker must first obtain the ability to execute high-privileged cod ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：880 | 回复：0
CVE-2022-25858

The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：1243 | 回复：0
CVE-2022-25869

All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of textarea elements.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：798 | 回复：0
CVE-2022-25891

The package github.com/containrrr/shoutrrr/pkg/util before 0.6.0 are vulnerable to Denial of Service (DoS) via the util.PartitionMessage function. Exploiting this vulnerability is possible by sending ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：821 | 回复：0
CVE-2022-30634

Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 32 - 1 bytes.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：514 | 回复：0
CVE-2022-31161

Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocess_execute function without processing t ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：524 | 回复：0
CVE-2022-32434

EIPStackGroup OpENer v2.3.0 was discovered to contain a stack overflow via /bin/posix/src/ports/POSIX/OpENer+0x56073d.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：624 | 回复：0
CVE-2022-35900

An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open a JP2 file conta ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：551 | 回复：0
CVE-2022-2363

A vulnerability, which was classified as problematic, has been found in SourceCodester Simple Parking Management System 1.0. Affected by this issue is some unknown functionality of the file /ci_spms/a ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:14 | 阅读：620 | 回复：0
CVE-2022-2364

A vulnerability, which was classified as problematic, was found in SourceCodester Simple Parking Management System 1.0. This affects an unknown part of the file /ci_spms/admin/category. The manipulati ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:14 | 阅读：564 | 回复：0
CVE-2020-4157

IBM QRadar Network Security 5.4.0 and 5.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to extern ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:14 | 阅读：581 | 回复：0
CVE-2020-4159

IBM QRadar Network Security 5.4.0 and 5.5.0 discloses sensitive information to unauthorized users which could be used to mount further attacks against the system. IBM X-Force ID: 174339.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:14 | 阅读：552 | 回复：0
CVE-2021-39041

IBM QRadar SIEM 7.3, 7.4, and 7.5 may be vulnerable to partial denial of service attack, resulting in some protocols not listening to specified ports. IBM X-Force ID: 214028.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:14 | 阅读：611 | 回复：0
CVE-2022-25875

The package svelte before 3.49.0 are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization and to improper escape of attributes when using objects during SSR (Server-Side Renderi ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:14 | 阅读：587 | 回复：0
CVE-2022-29900

AMD microprocessor families 15h to 18h are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:14 | 阅读：536 | 回复：0
CVE-2022-29901

Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:14 | 阅读：641 | 回复：0
CVE-2022-2385

A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:14 | 阅读：533 | 回复：0
CVE-2022-24800

October/System is the system module for October CMS, a self-hosted CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.476, 1.1.12, and 2.2.15, when the developer allows the user to ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:14 | 阅读：1085 | 回复：0
CVE-2011-4916

Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty*.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:14 | 阅读：1093 | 回复：0
CVE-2022-1025

All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:14 | 阅读：790 | 回复：0
CVE-2022-1737

Pyramid Solutions' affected products, the Developer and DLL kits for EtherNet/IP Adapter and EtherNet/IP Scanner, are vulnerable to an out-of-bounds write, which may allow an unauthorized attacker ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:14 | 阅读：755 | 回复：0
CVE-2022-22997

Addressed a remote code execution vulnerability by resolving a command injection vulnerability and closing an AWS S3 bucket that potentially allowed an attacker to execute unsigned code on My Cloud Ho ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:14 | 阅读：1051 | 回复：0
CVE-2022-22998

Implemented protections on AWS credentials that were not properly protected.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:14 | 阅读：686 | 回复：0
CVE-2022-28771

Due to missing authentication check, SAP Business one License service API - version 10.0 allows an unauthenticated attacker to send malicious http requests over the network. On successful exploitation ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:14 | 阅读：691 | 回复：0
CVE-2022-29187

Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsus ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:14 | 阅读：639 | 回复：0
CVE-2022-29619

Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.x - versions 420,430 allows user Administrator to view, edit or modify rights of objects it doesn't own and which woul ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:14 | 阅读：981 | 回复：0
CVE-2022-2211

A vulnerability was found in libguestfs. This issue occurs while calculating the greatest possible number of matching keys in the get_keys() function. This flaw leads to a denial of service, either by ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:14 | 阅读：633 | 回复：0
CVE-2022-31012

Git for Windows is a fork of Git that contains Windows-specific patches. This vulnerability in versions prior to 2.37.1 lets Git for Windows' installer execute a binary into `C:\mingw64\bin\git.ex ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:14 | 阅读：655 | 回复：0
CVE-2022-31134

Zulip is an open-source team collaboration tool. Zulip Server versions 2.1.0 above have a user interface tool, accessible only to server owners and server administrators, which provides a way to downl ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:14 | 阅读：645 | 回复：0
CVE-2022-31591

SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a search path that contains an unquoted element. A local attacker can gain elevated privileges by inserting an executable file in the ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:14 | 阅读：624 | 回复：0
CVE-2022-31592

The application SAP Enterprise Extension Defense Forces Public Security - versions 605, 606, 616,617,618, 802, 803, 804, 805, 806, does not perform necessary authorization checks for an authenticated ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:14 | 阅读：618 | 回复：0
CVE-2022-31593

SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the application. An attacker could thereby control the behavior of the application ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:14 | 阅读：639 | 回复：0
CVE-2022-31597

Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:14 | 阅读：646 | 回复：0
CVE-2022-31598

Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed operation. On successful exploitation, an at ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:14 | 阅读：582 | 回复：0
CVE-2022-31654

VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:14 | 阅读：615 | 回复：0
CVE-2022-31655

VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:14 | 阅读：721 | 回复：0