漏洞 - 第37页-OStack程序员社区-中国程序员成长平台

OStack程序员社区-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-32225

A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft System Center 8.0. This vulnerability could be exploited by an attacker by conv ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：1102 | 回复：0
CVE漏洞

CVE-2022-32223

Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Window ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：817 | 回复：0
CVE漏洞

CVE-2022-32222

A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-ad ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：651 | 回复：0
CVE漏洞

CVE-2022-32215

The llhttp parser in the http module in Node v17.6.0 does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：666 | 回复：0
CVE漏洞

CVE-2022-32214

The llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：762 | 回复：0
CVE漏洞

CVE-2022-32213

The llhttp parser in the http module in Node.js v17.x does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：730 | 回复：0
CVE漏洞

CVE-2022-32212

A OS Command Injection vulnerability exists in Node.js versions 14.20.0, 16.20.0, 18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly ch ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：650 | 回复：0
CVE漏洞

CVE-2022-32210

`Undici.ProxyAgent` never verifies the remote server's certificate, and always exposes all request response data to the proxy. This unexpectedly means that proxies can MitM all HTTPS traffic, and ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：658 | 回复：0
CVE漏洞

CVE-2022-2393

A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：615 | 回复：0
CVE漏洞

CVE-2022-29593

relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication or a valid signed/authorized request.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：604 | 回复：0
CVE漏洞

CVE-2022-28876

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aeheur.dll component can crash the scanning engine. The exploit ca ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：1832 | 回复：0
CVE漏洞

CVE-2022-1662

In convert2rhel, there's an ansible playbook named ansible/run-convert2rhel.yml which passes the Red Hat Subscription Manager user password via the CLI to convert2rhel. This could allow unauthoriz ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：857 | 回复：0
CVE漏洞

CVE-2020-14127

A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by heap overflow and can be exploited by attackers to make remote denial of service.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：603 | 回复：0
CVE漏洞

CVE-2022-30024

A buffer overflow in the httpd daemon on TP-Link TL-WR841N V12 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：834 | 回复：0
CVE漏洞

CVE-2022-30113

Electronic mall system 1.0_build20200203 is affected vulnerable to SQL Injection.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：644 | 回复：0
CVE漏洞

CVE-2022-28377

On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static account username/password for access control. This pass ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：687 | 回复：0
CVE漏洞

CVE-2022-28375

Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener. A remote attacker on t ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：665 | 回复：0
CVE漏洞

CVE-2022-28374

Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the DMACC URLs on the Settings page of the Engineering portal. An authenticated remote ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：612 | 回复：0
CVE漏洞

CVE-2022-28373

Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not properly sanitize user-controlled parameters within the crtcreadpartition function of the crtcrpc JSON listener in /usr/lib/lua/luci/crtc.l ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：676 | 回复：0
CVE漏洞

CVE-2022-28372

On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints provide a means of provisioning a firmware update for the device via crt ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：585 | 回复：0
CVE漏洞

CVE-2022-28371

On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static certificate for access control. This certificate is emb ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：700 | 回复：0
CVE漏洞

CVE-2022-28370

On Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 devices, the RPC endpoint crtc_fw_upgrade provides a means of provisioning a firmware update for the device. /lib/functions/wnc_jsonsh/wnc_crtc_ ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：657 | 回复：0
CVE漏洞

CVE-2022-28369

Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not validate the user-provided URL within the crtcmode function's enable_ssh sub-operation of the crtcrpc JSON listener (found at /lib/func ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：1087 | 回复：0
CVE漏洞

CVE-2022-2396

A vulnerability classified as problematic was found in SourceCodester Simple e-Learning System 1.0. Affected by this vulnerability is an unknown functionality of the file /vcs/claire_blake. The manipu ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：1033 | 回复：0
CVE漏洞

CVE-2022-25803

Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：1032 | 回复：0
CVE漏洞

CVE-2022-25802

Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：1187 | 回复：0
CVE漏洞

CVE-2022-25801

Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via Scripted Action tools.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：666 | 回复：0
CVE漏洞

CVE-2022-25800

Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via the whois lookup tool.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：686 | 回复：0
CVE漏洞

CVE-2017-20129

A vulnerability was found in LogoStore. It has been classified as critical. Affected is an unknown function of the file /LogoStore/search.php. The manipulation of the argument query with the input tes ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：1146 | 回复：0
CVE漏洞

CVE-2022-35857

kvf-admin through 2022-02-12 allows remote attackers to execute arbitrary code because deserialization is mishandled. The rememberMe parameter is encrypted with a hardcoded key from the com.kalvin.kvf ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：624 | 回复：0
CVE漏洞

CVE-2022-34765

A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of unauthorized firmware images when user-controlled data is written to the file path. Affected Products: ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：2479 | 回复：0
CVE漏洞

CVE-2022-34764

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service when parsing the URL. Affected Products: X80 advanced RTU Com ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：554 | 回复：0
CVE漏洞

CVE-2022-34763

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists that could cause loading of unauthorized firmware images due to improper verification of the firmware signature. Affected ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：529 | 回复：0
CVE漏洞

CVE-2022-34762

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized firmware image loading when unsigned images are adde ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：919 | 回复：0
CVE漏洞

CVE-2022-34761

A CWE-476: NULL Pointer Dereference vulnerability exists that could cause a denial of service of the webserver when parsing JSON content type. Affected Products: X80 advanced RTU Communication Module ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：565 | 回复：0
CVE漏洞

CVE-2022-34760

A CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability exists that could cause a denial of service of the webserver due to improper handling of the cookies. Affected P ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：975 | 回复：0
CVE漏洞

CVE-2022-34759

A CWE-787: Out-of-bounds Write vulnerability exists that could cause a denial of service of the webserver due to improper parsing of the HTTP Headers. Affected Products: X80 advanced RTU Communication ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：495 | 回复：0
CVE漏洞

CVE-2022-34758

A CWE-20: Improper Input Validation vulnerability exists that could cause the device watchdog function to be disabled if the attacker had access to privileged user credentials. Affected Products: Ease ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：537 | 回复：0
CVE漏洞

CVE-2022-34757

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allo ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：1041 | 回复：0
CVE漏洞

CVE-2022-34756

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution or the crash of HTTPs stack which is used for the device Web HMI. Affected Product ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:15 | 阅读：1570 | 回复：0