CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2020-19897

A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:53 | 阅读：103 | 回复：0
CVE-2021-41559

Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:53 | 阅读：103 | 回复：0
CVE-2022-24444

Silverstripe silverstripe/framework through 4.10 allows Session Fixation.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:53 | 阅读：97 | 回复：0
CVE-2022-25238

Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not install ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:53 | 阅读：94 | 回复：0
CVE-2022-29858

Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:53 | 阅读：107 | 回复：0
CVE-2022-31884

Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:53 | 阅读：89 | 回复：0
CVE-2021-3433

Invalid channel map in CONNECT_IND results to Deadlock. Zephyr versions = v2.5.0 Improper Check or Handling of Exceptional Conditions (CWE-703). For more information, see https://github.com/zephyrproj ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:52 | 阅读：97 | 回复：0
CVE-2021-3434

Stack based buffer overflow in le_ecred_conn_req(). Zephyr versions = v2.5.0 Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advi ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:52 | 阅读：111 | 回复：0
CVE-2021-3435

Information leakage in le_ecred_conn_req(). Zephyr versions = v2.4.0 Use of Uninitialized Resource (CWE-908). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:52 | 阅读：135 | 回复：0
CVE-2022-2231

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:52 | 阅读：190 | 回复：0
CVE-2022-2246

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent acciden ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:52 | 阅读：133 | 回复：0
CVE-2022-31883

Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:52 | 阅读：138 | 回复：0
CVE-2022-31885

Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to the insecure handling of VBScripts.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:52 | 阅读：107 | 回复：0
CVE-2022-31106

Underscore.deep is a collection of Underscore mixins that operate on nested objects. Versions of `underscore.deep` prior to version 0.5.3 are vulnerable to a prototype pollution vulnerability. An atta ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:51 | 阅读：75 | 回复：0
CVE-2022-31108

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary ` ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:51 | 阅读：84 | 回复：0
CVE-2022-31229

Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive inf ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:51 | 阅读：74 | 回复：0
CVE-2022-31230

Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full sys ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:51 | 阅读：82 | 回复：0
CVE-2021-3430

Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr versions = v1.14 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/securit ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:51 | 阅读：85 | 回复：0
CVE-2021-3431

Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions = v2.5.0 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/adviso ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:51 | 阅读：93 | 回复：0
CVE-2021-3432

Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr versions = v1.14.0 Divide By Zero (CWE-369). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisorie ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:51 | 阅读：90 | 回复：0
CVE-2022-31052

Synapse is an open source home server implementation for the Matrix chat network. In versions prior to 1.61.1 URL previews of some web pages can exhaust the available stack space for the Synapse proce ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:50 | 阅读：75 | 回复：0
CVE-2022-33108

XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:50 | 阅读：74 | 回复：0
CVE-2022-28621

A remote disclosure of sensitive information vulnerability was discovered in HPE NonStop DSM/SCM version: T6031H03^ADP. HPE has provided a software update to resolve this vulnerability in HPE NonStop ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:50 | 阅读：70 | 回复：0
CVE-2022-2145

Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from its ProgramData folder. During installation of the WARP client, it was possible to escalate privileges ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:50 | 阅读：76 | 回复：0
CVE-2022-31056

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all assistance forms (Ticket/Change/Pr ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:50 | 阅读：77 | 回复：0
CVE-2022-31061

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions there is a SQL injection vulnerability ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:50 | 阅读：77 | 回复：0
CVE-2022-31068

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all GLPI instances with the native inv ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:50 | 阅读：76 | 回复：0
CVE-2022-30560

When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:49 | 阅读：70 | 回复：0
CVE-2022-30561

When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user's login packet.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:49 | 阅读：54 | 回复：0
CVE-2022-30562

If the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:49 | 阅读：72 | 回复：0
CVE-2022-30563

When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user's login packet.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:49 | 阅读：67 | 回复：0
CVE-2022-0085

Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:49 | 阅读：71 | 回复：0
CVE-2021-3779

A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 a ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:49 | 阅读：64 | 回复：0
CVE-2021-40553

piwigo 11.5.0 is affected by a remote code execution (RCE) vulnerability in the LocalFiles Editor.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:49 | 阅读：69 | 回复：0
CVE-2022-0987

A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and kn ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:49 | 阅读：78 | 回复：0
CVE-2021-41689

DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:48 | 阅读：55 | 回复：0
CVE-2021-41690

DCMTK through 3.6.6 does not handle memory free properly. The malloced memory for storing all file information are recorded in a global variable LST and are not freed properly. Sending specific reques ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:48 | 阅读：77 | 回复：0
CVE-2022-23896

Admidio 4.1.2 version is affected by stored cross-site scripting (XSS).……

作者：菜鸟教程小白 | 时间：2022-7-7 08:48 | 阅读：72 | 回复：0
CVE-2022-29519

Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4.31, which may allow an adjacent attacker to login the affected products an ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:48 | 阅读：62 | 回复：0
CVE-2022-30707

Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:48 | 阅读：65 | 回复：0