CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-43478

A vulnerability exists in Hoosk 1.8.0 in /install/index.php, due to a failure to check if config.php already exists in the root directory, which could let a malicious user reinstall the website.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：441 | 回复：0
CVE-2021-43484

A Remote Code Execution (RCE) vulnerability exists in Simple Client Management System 1.0 in create.php due to the failure to validate the extension of the file being sent in a request.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：416 | 回复：0
CVE-2021-43479

A Remote Code Execution (RCE) vulnerability exists in The-Secretary 2.5 via install.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：411 | 回复：0
CVE-2021-43707

Cross Site Scripting (XSS) vulnerability exists in Maccms v10 via link_Name parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：397 | 回复：0
CVE-2021-43722

D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnap_main function in the cgibin handler uses sprintf to format the soapaction header onto the stack and has no limit on the size.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：487 | 回复：0
CVE-2022-26546

Hospital Management System v1.0 was discovered to lack an authorization component, allowing attackers to access sensitive information and obtain the admin password.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：401 | 回复：0
CVE-2021-46439

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation show……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：410 | 回复：0
CVE-2022-24758

The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：464 | 回复：0
CVE-2022-24791

Wasmtime is a standalone JIT-style runtime for WebAssembly, using Cranelift. There is a use after free vulnerability in Wasmtime when both running Wasm that uses externrefs and enabling epoch interrup ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：478 | 回复：0
CVE-2022-24794

Express OpenID Connect is an Express JS middleware implementing sign on for Express web apps using OpenID Connect. Users of the `requiresAuth` middleware, either directly or through the default `authR ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：492 | 回复：0
CVE-2022-24796

RaspberryMatic is a free and open-source operating system for running a cloud-free smart-home using the homematicIP / HomeMatic hardware line of IoT devices. A Remote Code Execution (RCE) vulnerabilit ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：467 | 回复：0
CVE-2022-24797

Pomerium is an identity-aware access proxy. In distributed service mode, Pomerium's Authenticate service exposes pprof debug and prometheus metrics handlers to untrusted traffic. This can leak pot ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：564 | 回复：0
CVE-2022-24798

Internet Routing Registry daemon version 4 is an IRR database server, processing IRR objects in the RPSL format. IRRd did not always filter password hashes in query responses relating to `mntner` obje ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：877 | 回复：0
CVE-2022-27049

Raidrive before v2021.12.35 allows attackers to arbitrarily move log files by pre-creating a mountpoint and log files before Raidrive is installed.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：549 | 回复：0
CVE-2022-27050

BitComet Service for Windows before version 1.8.6 contains an unquoted service path vulnerability which allows attackers to escalate privileges to the system level.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：487 | 回复：0
CVE-2022-27052

FreeFtpd version 1.0.13 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：456 | 回复：0
CVE-2022-27963

Xftp 7.0.0088p and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：446 | 回复：0
CVE-2022-27964

Xmanager v7.0.0096 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：532 | 回复：0
CVE-2022-27965

Xlpd v7.0.0094 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：444 | 回复：0
CVE-2022-27966

Xshell v7.0.0099 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：521 | 回复：0
CVE-2022-24802

deepmerge-ts is a typescript library providing functionality to deep merging of javascript objects. deepmerge-ts is vulnerable to Prototype Pollution via file deepmerge.ts, function defaultMergeRecord ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：426 | 回复：0
CVE-2022-24803

Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an at ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：402 | 回复：0
CVE-2022-0551

Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with admin or import manager roles to execute unattended commands on ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：86 | 回复：0
CVE-2022-25568

MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：74 | 回复：0
CVE-2021-43084

An SQL Injection vulnerability exists in Dreamer CMS 4.0.0 via the tableName parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：45 | 回复：0
CVE-2021-43085

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：50 | 回复：0
CVE-2021-43666

A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：39 | 回复：0
CVE-2022-22374

The BMC (IBM Power 9 AC922 OP910, OP920, OP930, and OP940) may be subject to a firmware downgrade attack which may affect its ability to operate its host. IBM X-Force ID: 221442.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：36 | 回复：0
CVE-2022-24769

Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：34 | 回复：0
CVE-2022-24776

Flask-AppBuilder is an application development framework, built on top of the Flask web framework. Flask-AppBuilder contains an open redirect vulnerability when using database authentication login pag ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：38 | 回复：0
CVE-2022-24781

Geon is a board game based on solving questions about the Pythagorean Theorem. Malicious users can obtain the uuid from other users, spoof that uuid through the browser console and become co-owners of ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：36 | 回复：0
CVE-2022-24782

Discourse is an open source discussion platform. Versions 2.8.2 and prior in the `stable` branch, 2.9.0.beta3 and prior in the `beta` branch, and 2.9.0.beta3 and prior in the `tests-passed` branch are ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：35 | 回复：0
CVE-2022-25571

Bluedon Information Security Technologies Co.,Ltd Internet Access Detector v1.0 was discovered to contain an information leak which allows attackers to access the contents of the password file via uns ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：43 | 回复：0
CVE-2022-25575

Multiple cross-site scripting (XSS) vulnerabilities in Parking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via crafted payloads injected into the user name, passwo ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：41 | 回复：0
CVE-2022-26249

Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：48 | 回复：0
CVE-2022-26272

A remote code execution (RCE) vulnerability in Ionize v1.0.8.1 allows attackers to execute arbitrary code via a crafted string written to the file application/config/config.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：39 | 回复：0
CVE-2022-26279

EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：43 | 回复：0
CVE-2022-26301

TuziCMS v2.0.6 was discovered to contain a SQL injection vulnerability via the component App\Manage\Controller\ZhuantiController.class.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：35 | 回复：0
CVE-2022-25576

Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component anchor/routes/posts.php. This vulnerability allows attackers to arbitrarily delete posts.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：53 | 回复：0
CVE-2022-22687

Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote at ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：96 | 回复：0