CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-1030

Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be vulnerable to command injection via a specially crafted URL. An attacker, who has knowledge of a valid te ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：45 | 回复：0
CVE-2022-22951

VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains an OS command injection vulnerability. An authenticated, high priv ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：41 | 回复：0
CVE-2022-22952

VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains a file upload vulnerability. A malicious actor with administrative ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：36 | 回复：0
CVE-2022-24291

Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：38 | 回复：0
CVE-2022-24292

Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：39 | 回复：0
CVE-2022-24293

Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：41 | 回复：0
CVE-2022-25221

Money Transfer Management System Version 1.0 allows an attacker to inject JavaScript code in the URL and then trick a user into visit the link in order to execute JavaScript code.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：40 | 回复：0
CVE-2022-25222

Money Transfer Management System Version 1.0 allows an unauthenticated user to inject SQL queries in 'admin/maintenance/manage_branch.php' and 'admin/maintenance/manage_fee.php' via th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：39 | 回复：0
CVE-2022-25223

Money Transfer Management System Version 1.0 allows an authenticated user to inject SQL queries in 'mtms/admin/?page=transaction/view_details' via the 'id' parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：38 | 回复：0
CVE-2022-25608

Cross-Site Request Forgery (CSRF) in Yoo Slider – Image Slider Video Slider (WordPress plugin) allows attackers to trick authenticated users into unwanted slider duplicate or delete action.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：37 | 回复：0
CVE-2022-25609

Stored Cross-Site Scripting (XSS) in Yoo Slider – Image Slider Video Slider (WordPress plugin) allows attackers with contributor or higher user role to inject the malicious code.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：40 | 回复：0
CVE-2021-28275

A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to a wild address read in the Get16u function in exif.c in will cause segmentation fault via a crafted_file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：43 | 回复：0
CVE-2021-28276

A Denial of Service vulnerability exists in jhead 3.04 and 3.05 via a wild address read in the ProcessCanonMakerNoteDir function in makernote.c.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：53 | 回复：0
CVE-2021-28277

A Heap-based Buffer Overflow vulnerabilty exists in jhead 3.04 and 3.05 is affected by: Buffer Overflow via the RemoveUnknownSections function in jpgfile.c.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：47 | 回复：0
CVE-2021-28278

A Heap-based Buffer Overflow vulnerability exists in jhead 3.04 and 3.05 via the RemoveSectionType function in jpgfile.c.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：48 | 回复：0
CVE-2022-23880

An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：50 | 回复：0
CVE-2022-23881

ZZZCMS zzzphp v2.1.0 was discovered to contain a remote command execution (RCE) vulnerability via danger_key() at zzz_template.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：54 | 回复：0
CVE-2022-24730

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.3.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal bug, compou ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：61 | 回复：0
CVE-2022-24731

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.5.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal vulnerabili ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：53 | 回复：0
CVE-2022-24757

The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications. Prior to version 1.15.4, unauthorized actors can access sensitive information f ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：56 | 回复：0
CVE-2020-20093

The Facebook Messenger app for iOS 227.0 and prior and Android 228.1.0.10.116 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：52 | 回复：0
CVE-2020-20094

Instagram iOS 106.0 and prior and Android 107.0.0.11 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：54 | 回复：0
CVE-2020-20095

iMessage (Messages app) iOS 12.4 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：53 | 回复：0
CVE-2020-20096

Whatsapp iOS 2.19.80 and prior and Android 2.19.222 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：66 | 回复：0
CVE-2021-44226

Razer Synapse before 3.7.0228.022817 allows privilege escalation because it relies on %PROGRAMDATA%\Razer\Synapse3\Service\bin even if %PROGRAMDATA%\Razer has been created by any unprivileged user bef ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：38 | 回复：0
CVE-2022-22819

NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, LPC55S69JBD64, LPC55S69JBD100, and LPC55S69JEV98 microcontrollers (ROM version 1B) have a buffer overflow in parsing SB2 updates before the signature ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：42 | 回复：0
CVE-2022-24768

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All unpatched versions of Argo CD starting with 1.0.0 are vulnerable to an improper access control bug, allowing a malicious u ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：41 | 回复：0
CVE-2022-24934

wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEY_CURRENT_USER in the registry.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：34 | 回复：0
CVE-2022-25041

OpenEMR v6.0.0 was discovered to contain an incorrect access control issue.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：38 | 回复：0
CVE-2022-27192

The Reporting module in Aseco Lietuva document management system DVS Avilys before 3.5.58 allows unauthorized file download. An unauthenticated attacker can impersonate an administrator by reading adm ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：33 | 回复：0
CVE-2022-27254

The remote keyless system on Honda Civic 2018 vehicles sends the same RF signal for each door-open request, which allows for a replay attack, a related issue to CVE-2019-20626.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：53 | 回复：0
CVE-2022-25266

Passwork On-Premise Edition before 4.6.13 allows migration/downloadExportFile Directory Traversal (to read files).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：30 | 回复：0
CVE-2022-25267

Passwork On-Premise Edition before 4.6.13 allows migration/uploadExportFile Directory Traversal (to upload files).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：32 | 回复：0
CVE-2022-25268

Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history subsystems.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：37 | 回复：0
CVE-2022-25269

Passwork On-Premise Edition before 4.6.13 has multiple XSS issues.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：35 | 回复：0
CVE-2021-31326

D-Link DIR-816 A2 1.10 B05 allows unauthenticated attackers to arbitrarily reset the device via a crafted tokenid parameter to /goform/form2Reboot.cgi.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：34 | 回复：0
CVE-2022-26289

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/exeCommand.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：39 | 回复：0
CVE-2022-26290

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/WriteFacMac.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：43 | 回复：0
CVE-2022-26536

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setFixTools.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：31 | 回复：0
CVE-2022-27076

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/delAd.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：33 | 回复：0