CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-34491

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-29969. Reason: This candidate is a duplicate of CVE-2022-29969. A typo caused the wrong ID to be used. Notes: All CVE users should r ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:27 | 阅读：61 | 回复：0
CVE-2022-34059

The Sixfab-Tool in PyPI v0.0.2 to v0.0.3 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digit ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:26 | 阅读：51 | 回复：0
CVE-2022-34060

The Togglee package in PyPI version v0.0.8 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as w ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:26 | 阅读：53 | 回复：0
CVE-2022-34061

The Catly-Translate package in PyPI v0.0.3 to v0.0.5 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:26 | 阅读：70 | 回复：0
CVE-2022-34064

The Zibal package in PyPI v1.0.0 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as esc ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:26 | 阅读：88 | 回复：0
CVE-2022-34065

The Rondolu-YT-Concate package in PyPI v0.1.0 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, a ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:26 | 阅读：82 | 回复：0
CVE-2022-34066

The Texercise package in PyPI v0.0.1 to v0.0.12 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:26 | 阅读：75 | 回复：0
CVE-2021-40894

A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in underscore-99xp v1.7.2 when the deepValueSearch function is called.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:26 | 阅读：60 | 回复：0
CVE-2022-33128

RG-EG series gateway EG350 EG_RGOS 11.1(6) was discovered to contain a SQL injection vulnerability via the function get_alarmAction at /alarm_pi/alarmService.php.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:26 | 阅读：55 | 回复：0
CVE-2022-33121

A Cross-Site Request Forgery (CSRF) in MiniCMS v1.11 allows attackers to arbitrarily delete local .dat files via clicking on a malicious link.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:25 | 阅读：54 | 回复：0
CVE-2022-33122

A stored cross-site scripting (XSS) vulnerability in eyoucms v1.5.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL field under the login page.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:25 | 阅读：55 | 回复：0
CVE-2022-34053

The DR-Web-Engine package in PyPI v0.2.0b0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and dig ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:25 | 阅读：53 | 回复：0
CVE-2022-34054

The Perdido package in PyPI v0.0.1 to v0.0.2 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and d ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:25 | 阅读：53 | 回复：0
CVE-2022-34055

The drxhello package in PyPI v0.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital cu ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:25 | 阅读：63 | 回复：0
CVE-2022-34056

The Watertools package in PyPI v0.0.0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:25 | 阅读：56 | 回复：0
CVE-2022-34057

The Scoptrial package in PyPI version v0.0.5 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and d ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:25 | 阅读：57 | 回复：0
CVE-2022-32996

The django-navbar-client package of v0.9.50 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user informat ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:24 | 阅读：49 | 回复：0
CVE-2022-32997

The RootInteractive package in PyPI v0.0.5 to v0.0.19b0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user inform ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:24 | 阅读：51 | 回复：0
CVE-2022-32998

The cryptoasset-data-downloader package in PyPI v1.0.0 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive us ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:24 | 阅读：50 | 回复：0
CVE-2022-32999

The cloudlabeling package in PyPI v0.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digit ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:24 | 阅读：45 | 回复：0
CVE-2022-33000

The ML-Scanner package in PyPI v0.1.0 to v0.1.5 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information an ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:24 | 阅读：56 | 回复：0
CVE-2022-33001

The AAmiles package in PyPI v0.1.0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital cur ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:24 | 阅读：50 | 回复：0
CVE-2022-33002

The KGExplore package in PyPI v0.1.1 to v0.1.2 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:24 | 阅读：50 | 回复：0
CVE-2022-33003

The watools package in PyPI v0.0.1 to v0.0.8 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and d ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:24 | 阅读：51 | 回复：0
CVE-2022-33004

The Beginner package in PyPI v0.0.2 to v0.0.4 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:24 | 阅读：50 | 回复：0
CVE-2022-29096

Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in saveGroupConfigurations page. An authenticated attacker could potentially exploit this vulnerabili ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:23 | 阅读：50 | 回复：0
CVE-2022-29097

Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API. A remote attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:23 | 阅读：55 | 回复：0
CVE-2022-29578

Meridian Cooperative Utility Software versions 22.02 and 22.03 allows remote attackers to obtain sensitive information such as name, address, and daily energy usage.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:23 | 阅读：48 | 回复：0
CVE-2022-30028

Dradis Professional Edition before 4.3.0 allows attackers to change an account password via reusing a password reset token.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:23 | 阅读：50 | 回复：0
CVE-2022-33910

An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers to attach crafted SVG documents to issue reports or bugnotes. When a user or an admin clicks on the attachment, file_download.php ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:23 | 阅读：50 | 回复：0
CVE-2022-21231

All versions of package deep-get-set are vulnerable to Prototype Pollution via the 'deep' function. **Note:** This vulnerability derives from an incomplete fix of (https://security.snyk.io/vul ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:23 | 阅读：52 | 回复：0
CVE-2022-30885

** Reserved ** The pyesasky for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2.0-1.4.2.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:23 | 阅读：53 | 回复：0
CVE-2021-38879

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploi ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:22 | 阅读：52 | 回复：0
CVE-2021-39408

Cross Site Scripting (XSS) vulnerability exists in Online Student Rate System 1.0 via the page parameter on the index.php file……

作者：菜鸟教程小白 | 时间：2022-7-7 08:22 | 阅读：51 | 回复：0
CVE-2021-39409

A vulnerability exists in Online Student Rate System v1.0 that allows any user to register as an administrator without needing to be authenticated.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:22 | 阅读：46 | 回复：0
CVE-2021-40893

A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in validate-data v0.1.1 when validating crafted invalid emails.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:22 | 阅读：50 | 回复：0
CVE-2021-42056

Thales Safenet Authentication Client (SAC) for Linux and Windows through 10.7.7 creates insecure temporary hid and lock files allowing a local attacker, through a symlink attack, to overwrite arbitrar ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:22 | 阅读：45 | 回复：0
CVE-2022-22389

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an au ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:22 | 阅读：55 | 回复：0
CVE-2022-22390

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used. IBM X-Force ID: ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:22 | 阅读：46 | 回复：0
CVE-2021-20355

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploi ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:21 | 阅读：44 | 回复：0