漏洞 - 第32页-OStack程序员社区-中国程序员成长平台

OStack程序员社区-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-42923

ShowMyPC 3606 on Windows suffers from a DLL hijack vulnerability. If an attacker overwrites the file %temp%\ShowMyPC\-ShowMyPC3606\wodVPN.dll, it will run any malicious code contained in that file. Th ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：555 | 回复：0
CVE漏洞

CVE-2021-41419

QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：1055 | 回复：0
CVE漏洞

CVE-2021-40874

An issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13. When using the RESTServer plug-in to operate a REST password validation service (for another LemonLDAP::NG instance, for example) an ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：979 | 回复：0
CVE漏洞

CVE-2020-23563

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000002cba.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：586 | 回复：0
CVE漏洞

CVE-2020-23562

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x000000000000aefe.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：974 | 回复：0
CVE漏洞

CVE-2020-23561

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000005722.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：524 | 回复：0
CVE漏洞

CVE-2020-16093

In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LD ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：539 | 回复：0
CVE漏洞

CVE-2022-33903

Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：608 | 回复：0
CVE漏洞

CVE-2022-32985

libnx_apl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.02 implements a Backdoor Account for SSH logins on port 50200 or 50201.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：694 | 回复：0
CVE漏洞

CVE-2022-31213

An issue was discovered in dbus-broker before 31. Multiple NULL pointer dereferences can be found when supplying a malformed XML config file.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：904 | 回复：0
CVE漏洞

CVE-2022-31212

An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec line i ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：612 | 回复：0
CVE漏洞

CVE-2022-31211

An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank root password for TELNET by default.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：728 | 回复：0
CVE漏洞

CVE-2022-31210

An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file /usr/local/sbin/webproject/set_param.cgi contains hardcoded credentials to the web application. Because these accounts cannot be d ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：650 | 回复：0
CVE漏洞

CVE-2022-31209

An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The firmware contains a potential buffer overflow by calling strcpy() without checking the string length beforehand.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：607 | 回复：0
CVE漏洞

CVE-2022-31208

An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The webserver contains an endpoint that can execute arbitrary commands by manipulating the cmd_string URL parameter.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：696 | 回复：0
CVE漏洞

CVE-2022-31202

The export function in SoftGuard Web (SGW) before 5.1.5 allows directory traversal to read an arbitrary local file via export or man.tcl.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：643 | 回复：0
CVE漏洞

CVE-2022-31201

SoftGuard Web (SGW) before 5.1.5 allows HTML injection.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：572 | 回复：0
CVE漏洞

CVE-2022-30982

An issue was discovered in Gentics CMS before 5.43.1. There is stored XSS in the profile description and in the username.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：802 | 回复：0
CVE漏洞

CVE-2022-30981

An issue was discovered in Gentics CMS before 5.43.1. By uploading a malicious ZIP file, an attacker is able to deserialize arbitrary data and hence can potentially achieve Java code execution.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：599 | 回复：0
CVE漏洞

CVE-2022-28809

An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. An Out-of-Bounds Read vulnerability exists when reading a DWG file with an invalid vertex number in a recovery mode. An atta ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：888 | 回复：0
CVE漏洞

CVE-2022-28808

An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. An Out-of-Bounds Read vulnerability exists when reading DWG files in a recovery mode. An attacker can leverage this vulnerab ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：975 | 回复：0
CVE漏洞

CVE-2022-28807

An issue was discovered in Open Design Alliance Drawings SDK before 2023.2. An Out-of-Bounds Read vulnerability exists when rendering a .dwg file after it's opened in the recovery mode. An attacke ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：621 | 回复：0
CVE漏洞

CVE-2022-26482

An issue was discovered in Poly EagleEye Director II before 2.2.2.1. os.system command injection can be achieved by an admin.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：613 | 回复：0
CVE漏洞

CVE-2022-26481

An issue was discovered in Poly Studio before 3.7.0. Command Injection can occur via the CN field of a Create Certificate Signing Request (CSR) action.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：1440 | 回复：0
CVE漏洞

CVE-2022-26479

An issue was discovered in Poly EagleEye Director II before 2.2.2.1. Existence of a certain file (which can be created via an rsync backdoor) causes all API calls to execute as admin without authentic ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：662 | 回复：0
CVE漏洞

CVE-2021-40150

The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. In this way an attacker can download the entir ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：1139 | 回复：0
CVE漏洞

CVE-2022-32263

Pexip Infinity before 28.1 allows remote attackers to trigger a software abort via G.719.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：1461 | 回复：0
CVE漏洞

CVE-2022-29286

Pexip Infinity 27 before 28.0 allows remote attackers to trigger excessive resource consumption and termination because of registrar resource mishandling.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：1472 | 回复：0
CVE漏洞

CVE-2022-26352

An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows direc ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：803 | 回复：0
CVE漏洞

CVE-2021-46784

In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：555 | 回复：0
CVE漏洞

CVE-2021-40149

The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory. In this way an attacker can download the entire key via the /self.key URI.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：870 | 回复：0
CVE漏洞

CVE-2022-30622

Disclosure of information - the system allows you to view usernames and passwords without permissions, thus it will be possible to enter the system. Path access: http://api/sys_username_passwd.cmd - T ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：611 | 回复：0
CVE漏洞

CVE-2022-27937

Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：1537 | 回复：0
CVE漏洞

CVE-2022-27936

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via H.323.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：1492 | 回复：0
CVE漏洞

CVE-2022-27935

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via Epic Telehealth.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：1330 | 回复：0
CVE漏洞

CVE-2022-27934

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via HTTP.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：1307 | 回复：0
CVE漏洞

CVE-2022-27933

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：1744 | 回复：0
CVE漏洞

CVE-2022-27932

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：1774 | 回复：0
CVE漏洞

CVE-2022-27931

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：1770 | 回复：0
CVE漏洞

CVE-2022-27930

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via single-sign-on if a random Universally Unique Identifier is guessed.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：1776 | 回复：0