CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-31232

SmartFabric storage software version 1.0.0 contains a Command-Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions o ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:42 | 阅读：396 | 回复：0
CVE-2022-33935

Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a Stored Cross Site Scripting, an attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML o ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:42 | 阅读：389 | 回复：0
CVE-2022-34368

Dell EMC NetWorker 19.2.1.x 19.3.x, 19.4.x, 19.5.x, 19.6.x and 19.7.0.0 contain an Improper Handling of Insufficient Permissions or Privileges vulnerability. Authenticated non admin user could exploit ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:42 | 阅读：1145 | 回复：0
CVE-2022-34374

Dell Container Storage Modules 1.2 contains an OS command injection in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:42 | 阅读：668 | 回复：0
CVE-2022-34375

Dell Container Storage Modules 1.2 contains a path traversal vulnerability in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:42 | 阅读：629 | 回复：0
CVE-2022-39028

telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application wo ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:41 | 阅读：661 | 回复：0
CVE-2021-46837

res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:41 | 阅读：396 | 回复：0
CVE-2022-2330

Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 allows a remote attacker to cause the DLP Agent to access a local service that the att ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:41 | 阅读：832 | 回复：0
CVE-2022-3022

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent acciden ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:41 | 阅读：333 | 回复：0
CVE-2022-3063

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent acciden ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:41 | 阅读：310 | 回复：0
CVE-2022-37149

WAVLINK WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability when operating the file adm.cgi. This vulnerability allows attackers to execute arbitrary commands v ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:41 | 阅读：350 | 回复：0
CVE-2022-36552

Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains an issue in the component /cgi-bin/DownloadFlash which allows attackers to steal all data such as source code and system files via a cr ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:41 | 阅读：449 | 回复：0
CVE-2022-37176

Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains a vulnerability which allows attackers to remove the Wi-Fi password and force the device into open security mode via a crafted packet s ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:41 | 阅读：382 | 回复：0
CVE-2022-37237

An attacker can send malicious RTMP requests to make the ZLMediaKit server crash remotely. Affected version is below commit 7d8b212a3c3368bc2f6507cb74664fc419eb9327.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:41 | 阅读：391 | 回复：0
CVE-2022-25887

The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:40 | 阅读：499 | 回复：0
CVE-2022-26527

Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the size of segmented packets’ reference parameter. An unauthenticated attacker in the ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:40 | 阅读：500 | 回复：0
CVE-2022-26528

Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the length of segmented packets’ shift parameter. An unauthenticated attacker in the ad ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:40 | 阅读：389 | 回复：0
CVE-2022-26529

Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for segmented packets’ link parameter. An unauthenticated attacker in the adjacent network ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:40 | 阅读：403 | 回复：0
CVE-2022-38116

Le-yan Personnel and Salary Management System has hard-coded database account and password within the website source code. An unauthenticated remote attacker can access, modify system data or disrupt ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:40 | 阅读：428 | 回复：0
CVE-2022-38118

OAKlouds Portal website’s Meeting Room has insufficient validation for user input. A remote attacker with general user privilege can perform SQL-injection to access, modify, delete database, perform ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:40 | 阅读：402 | 回复：0
CVE-2022-24107

Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:39 | 阅读：468 | 回复：0
CVE-2022-36713

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Section parameter at /librarian/lab.php.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:39 | 阅读：374 | 回复：0
CVE-2022-36714

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Section parameter at /staff/lab.php.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:39 | 阅读：360 | 回复：0
CVE-2022-38784

Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image cou ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:39 | 阅读：363 | 回复：0
CVE-2022-24106

In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerabili ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:39 | 阅读：390 | 回复：0
CVE-2022-25635

Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for broadcast network packet length. An unauthenticated attacker in the adjacent network can ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:39 | 阅读：368 | 回复：0
CVE-2022-25646

All versions of package x-data-spreadsheet are vulnerable to Cross-site Scripting (XSS) due to missing sanitization of values inserted into the cells.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:39 | 阅读：354 | 回复：0
CVE-2022-36560

Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain multiple hard-coded passcodes for root. Attackers are able to access the passcodes at /etc/srapi/config/system.conf and /usr/sbin/ ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:38 | 阅读：363 | 回复：0
CVE-2022-37680

An access control issue in Hitachi Kokusai Electric Inc ISnex HC-IP9100HD Version 1.07 and below allows attackers to remotely reboot the device via a crafted POST request to the endpoint /ptipupgrade. ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:38 | 阅读：415 | 回复：0
CVE-2022-37681

Hitachi Kokusai Electric Inc ISnex HC-IP9100HD Version 1.07 and below allows attackers to perform a directory traversal via a crafted GET request to the endpoint /ptippage.cgi.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:38 | 阅读：491 | 回复：0
CVE-2022-38625

** DISPUTED ** Patlite NH-FB v1.46 and below was discovered to contain insufficient firmware validation during the upgrade firmware file upload process. This vulnerability allows authenticated attacke ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:38 | 阅读：549 | 回复：0
CVE-2022-36709

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /staff/edit_book_details.php.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:38 | 阅读：475 | 回复：0
CVE-2022-36711

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /staff/bookdetails.php.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:38 | 阅读：367 | 回复：0
CVE-2022-36712

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /staff/studentdetails.php.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:38 | 阅读：412 | 回复：0
CVE-2022-36553

Hytec Inter HWL-2511-SS v1.05 and below was discovered to contain a command injection vulnerability via the component /www/cgi-bin/popen.cgi.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:37 | 阅读：369 | 回复：0
CVE-2022-38772

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make dat ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:37 | 阅读：429 | 回复：0
CVE-2022-36554

A command injection vulnerability in the CLI (Command Line Interface) implementation of Hytec Inter HWL-2511-SS v1.05 and below allows attackers to execute arbitrary commands with root privileges.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:37 | 阅读：320 | 回复：0
CVE-2022-36555

Hytec Inter HWL-2511-SS v1.05 and below implements a SHA512crypt hash for the root account which can be easily cracked via a brute-force attack.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:37 | 阅读：327 | 回复：0
CVE-2022-36556

Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain a command injection vulnerability via the ipAddress parameter at 07system08execute_ping_01.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:37 | 阅读：512 | 回复：0
CVE-2022-36557

Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain an arbitrary file upload vulnerability via the restore backup function. This vulnerability allows attackers to execute arbitrary ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:37 | 阅读：479 | 回复：0