CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-30997

Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change configuratio ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:48 | 阅读：75 | 回复：0
CVE-2022-34750

An issue was discovered in MediaWiki through 1.38.1. The lemma length of a Wikibase lexeme is currently capped at a thousand characters. Unfortunately, this length is not validated, allowing much larg ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:48 | 阅读：76 | 回复：0
CVE-2022-23763

Origin validation error vulnerability in NeoRS’s ActiveX moudle allows attackers to download and execute arbitrary files. Remote attackers can use this vulerability to encourage users to access craft ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:48 | 阅读：68 | 回复：0
CVE-2021-40607

The schm_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:47 | 阅读：49 | 回复：0
CVE-2021-40608

The gf_hinter_track_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:47 | 阅读：54 | 回复：0
CVE-2021-40609

The GetHintFormat function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:47 | 阅读：55 | 回复：0
CVE-2021-40943

In Bento4 1.6.0-638, there is a null pointer reference in the function AP4_DescriptorListInspector::Action function in Ap4Descriptor.h:124 , as demonstrated by GPAC. This can cause a denial of service ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:47 | 阅读：52 | 回复：0
CVE-2021-40944

In GPAC MP4Box 1.1.0, there is a Null pointer reference in the function gf_filter_pid_get_packet function in src/filter_core/filter_pid.c:5394, as demonstrated by GPAC. This can cause a denial of serv ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:47 | 阅读：52 | 回复：0
CVE-2021-41460

ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:47 | 阅读：59 | 回复：0
CVE-2021-41687

DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb progra ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:47 | 阅读：59 | 回复：0
CVE-2021-41688

DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in other locations. Sending specific requests to the dcmqrdb program will incu ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:47 | 阅读：65 | 回复：0
CVE-2022-34134

Benjamin BALET Jorani v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /application/controllers/Users.php.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:46 | 阅读：42 | 回复：0
CVE-2017-20104

A vulnerability was found in Simplessus 3.7.7. It has been declared as critical. This vulnerability affects unknown code of the component Cookie Handler. The manipulation of the argument UWA_SID leads ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:46 | 阅读：49 | 回复：0
CVE-2017-20105

A vulnerability was found in Simplessus 3.7.7. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument path with the input ..%2f..%2f..%2f..%2f..%2f ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:46 | 阅读：44 | 回复：0
CVE-2017-20106

A vulnerability, which was classified as critical, has been found in Lithium Forum 2017 Q1. This issue affects some unknown processing of the component Compose Message Handler. The manipulation of the ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:46 | 阅读：51 | 回复：0
CVE-2017-20107

A vulnerability, which was classified as problematic, was found in ShadeYouVPN.com Client 2.0.1.11. Affected is an unknown function. The manipulation leads to improper privilege management. Local acce ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:46 | 阅读：52 | 回复：0
CVE-2022-0624

Authorization Bypass Through User-Controlled Key in GitHub repository ionicabizau/parse-path prior to 5.0.0.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:46 | 阅读：49 | 回复：0
CVE-2021-40606

The gf_bs_write_data function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:46 | 阅读：49 | 回复：0
CVE-2022-31101

prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is f ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:45 | 阅读：42 | 回复：0
CVE-2022-31103

lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:45 | 阅读：48 | 回复：0
CVE-2022-32994

Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:45 | 阅读：41 | 回复：0
CVE-2022-32995

Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:45 | 阅读：46 | 回复：0
CVE-2022-33009

A stored cross-site scripting (XSS) vulnerability in LightCMS v1.3.11 allows attackers to execute arbitrary web scripts or HTML via uploading a crafted PDF file.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:45 | 阅读：46 | 回复：0
CVE-2022-31104

Wasmtime is a standalone runtime for WebAssembly. In affected versions wasmtime's implementation of the SIMD proposal for WebAssembly on x86_64 contained two distinct bugs in the instruction lower ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:45 | 阅读：41 | 回复：0
CVE-2022-34132

Benjamin BALET Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at application/controllers/Leaves.php.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:45 | 阅读：47 | 回复：0
CVE-2022-34133

Benjamin BALET Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Comment parameter at application/controllers/Leaves.php.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:45 | 阅读：50 | 回复：0
CVE-2022-31096

Discourse is an open source discussion platform. Under certain conditions, a logged in user can redeem an invite with an email that either doesn't match the invite's email or does not adhere t ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:44 | 阅读：70 | 回复：0
CVE-2022-31098

Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in the logging of Weave GitOps could allow ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:44 | 阅读：53 | 回复：0
CVE-2022-31100

rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, rulex may crash, possibly enabling a Denial of Service attack. This happens when the expression contain ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:44 | 阅读：61 | 回复：0
CVE-2022-32092

D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter at __ajax_explorer.sgi.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:44 | 阅读：46 | 回复：0
CVE-2022-33007

TRENDnet Wi-Fi routers TEW751DR v1.03 and TEW-752DRU v1.03 were discovered to contain a stack overflow via the function genacgi_main.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:44 | 阅读：45 | 回复：0
CVE-2022-33879

The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the Standa ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:44 | 阅读：48 | 回复：0
CVE-2022-31099

rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, the stack may overflow, possibly enabling a Denial of Service attack. This happens when parsing an expr ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:44 | 阅读：48 | 回复：0
CVE-2022-31094

ScratchTools is a web extension designed to make interacting with the Scratch programming language community (Scratching) easier. In affected versions anybody who uses the Recently Viewed Projects fea ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:43 | 阅读：60 | 回复：0
CVE-2022-33005

A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload i ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:43 | 阅读：54 | 回复：0
CVE-2022-33116

An issue in the jmpath variable in /modules/mindmap/index.php of GUnet Open eClass Platform (aka openeclass) v3.12.4 and below allows attackers to read arbitrary files via a directory traversal.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:43 | 阅读：64 | 回复：0
CVE-2017-20103

A vulnerability classified as critical has been found in Kama Click Counter Plugin up to 3.4.8. This affects an unknown part of the file wp-admin/admin.php. The manipulation of the argument order_by/o ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:43 | 阅读：59 | 回复：0
CVE-2022-31090

Guzzle, an extensible PHP HTTP client. `Authorization` headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the `CURLOPT_HTTPAUTH` opt ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:43 | 阅读：55 | 回复：0
CVE-2022-31091

Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:43 | 阅读：57 | 回复：0
CVE-2022-31092

Pimcore is an Open Source Data Experience Management Platform. Pimcore offers developers listing classes to make querying data easier. This listing classes also allow to order or group the results ba ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:43 | 阅读：59 | 回复：0