CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-34265

An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name valu ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：1278 | 回复：0
CVE-2022-31599

NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated privileges can cause access to an uninitialized pointer, which may lead to code execution, escalation of ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：577 | 回复：0
CVE-2022-31600

NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmmCore, where a user with high privileges can chain another vulnerability to this vulnerability, causing an integer overflow, possibly leading ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：746 | 回复：0
CVE-2022-31601

NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmbiosPei, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of serv ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：997 | 回复：0
CVE-2022-31602

NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with elevated privileges and a preconditioned heap can exploit an out-of-bounds write vulnerability, which may lead to c ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：930 | 回复：0
CVE-2022-31603

NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with high privileges and preconditioned IpSecDxe global data can exploit improper validation of an array index to cause ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：603 | 回复：0
CVE-2022-34829

Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of service (application restart) via a crafted payload to the Mobile App Deployment API.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：1034 | 回复：0
CVE-2022-34918

An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a differe ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：1286 | 回复：0
CVE-2022-2306

Old session tokens can be used to authenticate to the application and send authenticated requests.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：641 | 回复：0
CVE-2022-2309

NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlie ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：578 | 回复：0
CVE-2022-2097

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data tha ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：565 | 回复：0
CVE-2021-43702

ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the rou ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：831 | 回复：0
CVE-2022-30289

A stored Cross-site Scripting (XSS) vulnerability was identified in the Data Import functionality of OpenCTI through 5.2.4. An attacker can abuse the vulnerability to upload a malicious file that will ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：647 | 回复：0
CVE-2022-26365

Linux disk/nic frontends data leaks T Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：468 | 回复：0
CVE-2022-2304

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：690 | 回复：0
CVE-2022-30290

In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the identified vulnerability in order to arbitrarily change their reg ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：1206 | 回复：0
CVE-2022-33740

Linux disk/nic frontends data leaks T Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：2089 | 回复：0
CVE-2022-33741

Linux disk/nic frontends data leaks T Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：618 | 回复：0
CVE-2022-33742

Linux disk/nic frontends data leaks T Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：502 | 回复：0
CVE-2022-33743

network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retaine ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：560 | 回复：0
CVE-2022-33744

Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely w ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：540 | 回复：0
CVE-2021-43116

An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malic ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：814 | 回复：0
CVE-2022-31836

The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：543 | 回复：0
CVE-2022-31770

IBM App Connect Enterprise Certified Container 4.2 could allow a user from the administration console to cause a denial of service by creating a specially crafted request. IBM X-Force ID: 228221.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：502 | 回复：0
CVE-2022-34876

SQL Injection vulnerability in admin interface (/vicidial/admin.php) of VICIdial via modify_email_accounts, access_recordings, and agentcall_email parameters allows attacker to spoof identity, tamper ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：460 | 回复：0
CVE-2022-34877

SQL Injection vulnerability in AST Agent Time Sheet interface ((/vicidial/AST_agent_time_sheet.php) of VICIdial via the agent parameter allows attacker to spoof identity, tamper with existing data, al ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：602 | 回复：0
CVE-2022-34878

SQL Injection vulnerability in User Stats interface (/vicidial/user_stats.php) of VICIdial via the file_download parameter allows attacker to spoof identity, tamper with existing data, allow the compl ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：500 | 回复：0
CVE-2022-34879

Reflected Cross Site Scripting (XSS) vulnerabilities in AST Agent Time Sheet interface (/vicidial/AST_agent_time_sheet.php) of VICIdial via agent, and search_archived_data parameters. This issue affec ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：688 | 回复：0
CVE-2021-44915

Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：452 | 回复：0
CVE-2022-31014

Nextcloud server is an open source personal cloud server. Affected versions were found to be vulnerable to SMTP command injection. The impact varies based on which commands are supported by the backen ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：583 | 回复：0
CVE-2022-31116

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped su ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：557 | 回复：0
CVE-2022-31117

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause th ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：457 | 回复：0
CVE-2022-33075

A stored cross-site scripting (XSS) vulnerability in the Add Classification function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：712 | 回复：0
CVE-2022-2321

Improper Restriction of Excessive Authentication Attempts in GitHub repository heroiclabs/nakama prior to 3.13.0. This results in login brute-force attacks.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：1189 | 回复：0
CVE-2022-31856

Newsletter Module v3.x was discovered to contain a SQL injection vulnerability via the zemez_newsletter_email parameter at /index.php.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：1149 | 回复：0
CVE-2022-32310

An access control issue in Ingredient Stock Management System v1.0 allows attackers to take over user accounts via a crafted POST request to /isms/classes/Users.php.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：706 | 回复：0
CVE-2022-32311

Ingredient Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /isms/admin/stocks/view_stock.php.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：808 | 回复：0
CVE-2022-32413

An arbitrary file upload vulnerability in Dice v4.2.0 allows attackers to execute arbitrary code via a crafted file.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：672 | 回复：0
CVE-2022-34972

So Filter Shop v3.x was discovered to contain multiple blind SQL injection vulnerabilities via the att_value_id , manu_value_id , opt_value_id , and subcate_value_id parameters at /index.php?route=ext ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：777 | 回复：0
CVE-2022-22681

Session fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allows remote attackers to bypass security constraint via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：895 | 回复：0