CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-43650

WebRun 3.6.0.42 is vulnerable to SQL Injection via the P_0 parameter used to set the username during the login process.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：36 | 回复：0
CVE-2022-21718

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：41 | 回复：0
CVE-2022-24764

PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the AP ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：35 | 回复：0
CVE-2022-24774

CycloneDX BOM Repository Server is a bill of materials (BOM) repository server for distributing CycloneDX BOMs. CycloneDX BOM Repository Server before version 2.0.1 has an improper input validation vu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：35 | 回复：0
CVE-2022-25484

tcpprep v4.4.1 has a reachable assertion (assert(l2len 0)) in packet2tree() at tree.c in tcpprep v4.4.1.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：22 | 回复：0
CVE-2021-41736

Faust v2.35.0 was discovered to contain a heap-buffer overflow in the function realPropagate() at propagate.cpp.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：25 | 回复：0
CVE-2022-27228

In the vote (aka Polls, Votes) module before 21.0.100 of Bitrix Site Manager, a remote unauthenticated attacker can execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：34 | 回复：0
CVE-2022-25517

MyBatis plus v3.4.3 was discovered to contain a SQL injection vulnerability via the Column parameter in /core/conditions/AbstractWrapper.java.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：21 | 回复：0
CVE-2022-26260

Simple-Plist v1.3.0 was discovered to contain a prototype pollution vulnerability via .parse().……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：28 | 回复：0
CVE-2022-1031

Use After Free in op_is_set_bp in GitHub repository radareorg/radare2 prior to 5.6.6.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：21 | 回复：0
CVE-2021-33961

A Cross Site Scripting (XSS) vulnerabililty exists in enhanced-github v5.0.11 via the file name parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：41 | 回复：0
CVE-2022-26186

TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the exportOvpn interface at cstecgi.cgi.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：32 | 回复：0
CVE-2022-26187

TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the pingCheck function.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：30 | 回复：0
CVE-2022-26188

TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via /setting/NTPSyncWithHost.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：40 | 回复：0
CVE-2022-26189

TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the langType parameter in the login interface.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：23 | 回复：0
CVE-2022-25518

In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which allows attackers with database access to read the password of the users who login to the application by ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：25 | 回复：0
CVE-2022-27666

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap o ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：31 | 回复：0
CVE-2022-1033

Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：38 | 回复：0
CVE-2021-45756

Asus RT-AC68U 3.0.0.4.385.20633 and RT-AC5300 3.0.0.4.384.82072 are affected by a buffer overflow in blocking_request.cgi.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：31 | 回复：0
CVE-2021-45757

ASUS AC68U =3.0.0.4.385.20852 is affected by a buffer overflow in blocking.cgi, which may cause a denial of service (DoS).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：31 | 回复：0
CVE-2022-0396

BIND 9.16.11 - 9.16.26, 9.17.0 - 9.18.0 and versions 9.16.11-S1 - 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WA ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：56 | 回复：0
CVE-2022-0635

Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：85 | 回复：0
CVE-2021-25220

BIND 9.11.0 - 9.11.36 9.12.0 - 9.16.26 9.17.0 - 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 - 9.11.36-S1 9.16.8-S1 - 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, inclu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：113 | 回复：0
CVE-2021-44040

Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.3 and 9.0.0 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：75 | 回复：0
CVE-2021-44759

Improper Authentication vulnerability in TLS origin validation of Apache Traffic Server allows an attacker to create a man in the middle attack. This issue affects Apache Traffic Server 8.0.0 to 8.1.0 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：56 | 回复：0
CVE-2022-0842

A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO databa ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：51 | 回复：0
CVE-2022-0886

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-27666. Reason: This candidate is a reservation duplicate of CVE-2022-27666. Notes: All CVE users should reference CVE-2022-27666 ins ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：39 | 回复：0
CVE-2022-0857

A reflected cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrat ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：25 | 回复：0
CVE-2022-0858

A cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's s ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：27 | 回复：0
CVE-2022-0859

McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server. To achieve this ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：36 | 回复：0
CVE-2022-0861

A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote administrator attacker to upload a malicious XML file through the extension ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：32 | 回复：0
CVE-2022-0862

A lack of password change protection vulnerability in a depreciated API of McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to change the password of a com ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：39 | 回复：0
CVE-2021-43735

CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：29 | 回复：0
CVE-2021-43736

CmsWing CMS 1.3.7 is affected by a Remote Code Execution (RCE) vulnerability via parameter: log rule……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：32 | 回复：0
CVE-2021-43738

An issue was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF vulnerability that can that can add the administrator account.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：28 | 回复：0
CVE-2022-23242

TeamViewer Linux versions before 15.28 do not properly execute a deletion command for the connection password in case of a process crash. Knowledge of the crash event and the TeamViewer ID as well as ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：39 | 回复：0
CVE-2021-43737

An issus was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF vulnerability that can modify administrator account's password.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：31 | 回复：0
CVE-2021-44139

Sentinel 1.8.2 is vulnerable to Server-side request forgery (SSRF).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：30 | 回复：0
CVE-2022-22316

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service due to incorrectly configured authorization checks. IBM X-Force ID: 218276.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：41 | 回复：0
CVE-2021-46064

IrfanView 4.59 is vulnerable to buffer overflow via the function at address 0x413c70 (in 32bit version of the binary). The vulnerability triggers when the user opens malicious .tiff image.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：32 | 回复：0