• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    公众号
登陆 注册
OStack程序员社区-中国程序员成长平台 门户 漏洞CVE漏洞

CVE漏洞

RSS
  • CVE-2022-1055
    CVE-2022-1055
    A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:81 | 回复:0
  • CVE-2021-43701
    CVE-2021-43701
    CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnerability in the endpoint /admin/export/getcsv/article_db, via the fieldS and orderby parameters.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:60 | 回复:0
  • CVE-2021-44081
    CVE-2021-44081
    A buffer overflow vulnerability exists in the AMF of open5gs 2.1.4. When the length of MSIN in Supi exceeds 24 characters, it leads to AMF denial of service.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:75 | 回复:0
  • CVE-2022-0343
    CVE-2022-0343
    A local attacker, as a different local user, may be able to send a HTTP request to 127.0.0.1:10000 after the user (typically a developer) manually invoked the ./tools/run-dev-server script. It is reco ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:81 | 回复:0
  • CVE-2022-0923
    CVE-2022-0923
    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialog_KID.ashx. This allows an attacker to inject arbitrary SQL queries, ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:197 | 回复:0
  • CVE-2022-1050
    CVE-2022-1050
    A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potential ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:85 | 回复:0
  • CVE-2022-22934
    CVE-2022-22934
    An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbi ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:84 | 回复:0
  • CVE-2022-22935
    CVE-2022-22935
    An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonat ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:56 | 回复:0
  • CVE-2022-22936
    CVE-2022-22936
    An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:64 | 回复:0
  • CVE-2022-22941
    CVE-2022-22941
    An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisher_acl, if a user configured in the publisher_acl targets any ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:60 | 回复:0
  • CVE-2022-25347
    CVE-2022-25347
    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:84 | 回复:0
  • CVE-2022-25880
    CVE-2022-25880
    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerTag_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:79 | 回复:0
  • CVE-2022-25980
    CVE-2022-25980
    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerCommon.ashx. This allows an attacker to inject arbitrary SQL queries, retr ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:74 | 回复:0
  • CVE-2022-26013
    CVE-2022-26013
    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_dmdsetHandler.ashx. This allows an attacker to inject arbitrary SQL queries, ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:72 | 回复:0
  • CVE-2022-26059
    CVE-2022-26059
    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetQueryData. This allows an attacker to inject arbitrary SQL queries, retrieve a ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:62 | 回复:0
  • CVE-2022-26065
    CVE-2022-26065
    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in GetLatestDemandNode. This allows an attacker to inject arbitrary SQL queries, retrieve ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:60 | 回复:0
  • CVE-2022-26069
    CVE-2022-26069
    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerPage_KID.ashx. This allows an attacker to inject arbitrary SQL queries, re ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:67 | 回复:0
  • CVE-2022-26338
    CVE-2022-26338
    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerPageP_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrie ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:66 | 回复:0
  • CVE-2022-26349
    CVE-2022-26349
    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_eccoefficientHandler.ashx. This allows an attacker to inject arbitrary SQL q ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:45 | 回复:0
  • CVE-2022-26514
    CVE-2022-26514
    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_tagHandler.ashx. This allows an attacker to inject arbitrary SQL queries, re ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:56 | 回复:0
  • CVE-2022-26666
    CVE-2022-26666
    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerECC.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:63 | 回复:0
  • CVE-2022-26667
    CVE-2022-26667
    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetDemandAnalysisData. This allows an attacker to inject arbitrary SQL queries, r ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:54 | 回复:0
  • CVE-2022-26836
    CVE-2022-26836
    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerExport.ashx/Calendar. This allows an attacker to inject arbitrary SQL quer ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:44 | 回复:0
  • CVE-2022-26839
    CVE-2022-26839
    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files (such as ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:62 | 回复:0
  • CVE-2022-26887
    CVE-2022-26887
    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_loopmapHandler.ashx. This allows an attacker to inject arbitrary SQL queries, ret ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:49 | 回复:0
  • CVE-2022-27175
    CVE-2022-27175
    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetCalcTagList. This allows an attacker to inject arbitrary SQL queries, retrieve ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:43 | 回复:0
  • CVE-2021-42970
    CVE-2021-42970
    Cross Site Scripting (XSS) vulnerability exists in cxuucms v3 via the imgurl of /feedback/post/ content parameter.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:38 | 回复:0
  • CVE-2021-43109
    CVE-2021-43109
    An SQL Injection vulnerability exits in PuneethReddyHC online-shopping-system as of 11/01/2021 via the p parameter in product.php.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:47 | 回复:0
  • CVE-2021-43110
    CVE-2021-43110
    An Access Conrol vulnerability exists in PuneethReddyHC online-shopping-system as of 11/01/2021 in add_products.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:45 | 回复:0
  • CVE-2022-1122
    CVE-2022-1122
    A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of t ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:47 | 回复:0
  • CVE-2022-22948
    CVE-2022-22948
    The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue t ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:49 | 回复:0
  • CVE-2021-42911
    CVE-2021-42911
    A Format String vulnerability exists in DrayTek Vigor 2960 = 1.5.1.3, DrayTek Vigor 3900 = 1.5.1.3, and DrayTek Vigor 300B = 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message containing ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:45 | 回复:0
  • CVE-2021-43118
    CVE-2021-43118
    A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900 1.5.1.3, and DrayTek Vigor 300B 1.5.1.3 via a crafted HTTP message containing malformed QUERY STRING i ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:42 | 回复:0
  • CVE-2022-21821
    CVE-2022-21821
    NVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in cuobjdump.To exploit this vulnerability, a remote attacker would require a local user to download a specially crafted, corrupted f ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:36 | 回复:0
  • CVE-2022-26871
    CVE-2022-26871
    An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:40 | 回复:0
  • CVE-2021-44082
    CVE-2021-44082
    textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshel ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:58 | 回复:0
  • CVE-2015-3298
    CVE-2015-3298
    Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first powered up, a signature will be issued even though the PIN has not been validated.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:50 | 回复:0
  • CVE-2021-41594
    CVE-2021-41594
    In RSA Archer 6.9.SP1 P3, if some application functions are precluded by the Administrator, this can be bypassed by intercepting the API request at the /api/V2/internal/TaskPermissions/CheckTaskAccess ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:46 | 回复:0
  • CVE-2022-26244
    CVE-2022-26244
    A stored cross-site scripting (XSS) vulnerability in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the sp ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:44 | 回复:0
  • CVE-2022-26947
    CVE-2022-26947
    Archer 6.x through 6.9 SP3 (6.9.3.0) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:57 | 阅读:48 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap