CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-26948

The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (6.9.1.0) is affected by an insecure credential storage vulnerability. A malicious attacker may obtain access to credential information t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：74 | 回复：0
CVE-2022-26949

Archer 6.x through 6.9 SP2 P1 (6.9.2.1) contains an improper access control vulnerability on attachments. A remote authenticated malicious user could potentially exploit this vulnerability to gain acc ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：60 | 回复：0
CVE-2022-26950

Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：53 | 回复：0
CVE-2022-26951

Archer 6.x through 6.10 (6.10.0.0) contains a reflected XSS vulnerability. A remote SAML-unauthenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim applica ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：49 | 回复：0
CVE-2022-27432

A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to change the password of any given user by exploiting this feature leading to account takeover.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：77 | 回复：0
CVE-2022-27815

SWHKD 1.1.5 unsafely uses the /tmp/swhkd.pid pathname. There can be an information leak or denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：52 | 回复：0
CVE-2020-24769

SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the classes parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：60 | 回复：0
CVE-2020-24770

SQL injection vulnerability in modrules.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：54 | 回复：0
CVE-2020-24771

Incorrect access control in NexusPHP 1.5.beta5.20120707 allows unauthorized attackers to access published content.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：68 | 回复：0
CVE-2022-24693

Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that are easily discovered, and can be used by remote attackers to authenticate via ssh. (The cre ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：67 | 回复：0
CVE-2022-27816

SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：61 | 回复：0
CVE-2022-28202

An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：65 | 回复：0
CVE-2022-1163

Cross-site Scripting (XSS) - Stored in GitHub repository mineweb/minewebcms prior to next.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：51 | 回复：0
CVE-2022-28205

An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：72 | 回复：0
CVE-2022-28206

An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：66 | 回复：0
CVE-2022-28209

An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is incorrect.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：52 | 回复：0
CVE-2022-1172

Null Pointer Dereference Caused Segmentation Fault in GitHub repository gpac/gpac prior to 2.1.0-DEV.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：55 | 回复：0
CVE-2022-25598

Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：74 | 回复：0
CVE-2022-1177

Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：217 | 回复：0
CVE-2022-23868

RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：115 | 回复：0
CVE-2022-23869

In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：94 | 回复：0
CVE-2022-1154

Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：59 | 回复：0
CVE-2022-1178

Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：57 | 回复：0
CVE-2022-1179

Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：53 | 回复：0
CVE-2022-1180

Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：50 | 回复：0
CVE-2022-1181

Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：56 | 回复：0
CVE-2022-24131

DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in the background, which will lead to JavaScript code execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：69 | 回复：0
CVE-2022-1155

Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：73 | 回复：0
CVE-2022-25619

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in ping tool of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause run arbitr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：62 | 回复：0
CVE-2022-25620

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Group Functionality of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause execute arbitr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：51 | 回复：0
CVE-2020-35501

A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：45 | 回复：0
CVE-2021-1000

In createBluetoothDeviceSlice of ConnectedDevicesSliceProvider.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with no addi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：45 | 回复：0
CVE-2021-1033

In createGeneralSlice of ConnectedDevicesSliceProvider.java.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：44 | 回复：0
CVE-2021-23850

A specially crafted TCP/IP packet may cause a camera recovery image telnet interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：39 | 回复：0
CVE-2021-23851

A specially crafted TCP/IP packet may cause the camera recovery image web interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：41 | 回复：0
CVE-2021-39739

In ArrayMap, there is a possible leak of the content of SMS messages due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：34 | 回复：0
CVE-2021-39740

In Messaging, there is a possible way to bypass attachment restrictions due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：46 | 回复：0
CVE-2021-39741

In Keymaster, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not n ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：37 | 回复：0
CVE-2021-39742

In Voicemail, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges need ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：37 | 回复：0
CVE-2021-39743

In PackageManager, there is a possible way to update the last usage time of another package due to a missing permission check. This could lead to local escalation of privilege with no additional execu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：46 | 回复：0