CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-27077

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadWeiXinPic.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：41 | 回复：0
CVE-2022-27078

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setAdInfoDetail.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：43 | 回复：0
CVE-2022-27079

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setPicListItem.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：83 | 回复：0
CVE-2022-27080

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setWorkmode.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：53 | 回复：0
CVE-2022-27081

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetLanInfo.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：49 | 回复：0
CVE-2022-27082

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetInternetLanInfo.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：41 | 回复：0
CVE-2022-27083

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadAccessCodePic.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：54 | 回复：0
CVE-2022-27811

GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：49 | 回复：0
CVE-2022-27820

OWASP Zed Attack Proxy (ZAP) through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：56 | 回复：0
CVE-2022-0315

Insecure Temporary File in GitHub repository horovod/horovod prior to 0.24.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：62 | 回复：0
CVE-2022-1061

Heap Buffer Overflow in parseDragons in GitHub repository radareorg/radare2 prior to 5.6.8.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：45 | 回复：0
CVE-2022-0145

Cross-site Scripting (XSS) - Stored in GitHub repository forkcms/forkcms prior to 5.11.1.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：47 | 回复：0
CVE-2021-43700

An issue was discovered in ApiManager 1.1. there is sql injection vulnerability that can use in /index.php?act=apitag=8.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：45 | 回复：0
CVE-2022-1052

Heap Buffer Overflow in iterate_chained_fixups in GitHub repository radareorg/radare2 prior to 5.6.6.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：53 | 回复：0
CVE-2021-43659

In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：49 | 回复：0
CVE-2021-39491

A Cross Site Scripting (XSS) vulnerability exists in Yogesh Ojha reNgine v1.0 via the Scan Engine name file in the Scan Engine deletion confirmation modal box . .……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：61 | 回复：0
CVE-2022-0550

Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an authenticated attacker with admin or report manager roles to execute unattended comm ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：86 | 回复：0
CVE-2022-0955

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/data-hub prior to 1.2.4.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：111 | 回复：0
CVE-2022-1058

Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：77 | 回复：0
CVE-2022-26629

An Access Control vulnerability exists in SoroushPlus+ Messenger 1.0.30 in the Lock Screen Security Feature function due to insufficient permissions and privileges, which allows a malicious attacker b ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：86 | 回复：0
CVE-2022-0153

SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：77 | 回复：0
CVE-2022-21820

NVIDIA DCGM contains a vulnerability in nvhostengine, where a network user can cause detection of error conditions without action, which may lead to limited code execution, some denial of service, esc ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：102 | 回复：0
CVE-2021-23556

The package guake before 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of execute_command and execute_command_by_uuid methods via the d-bus interface, which makes it ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：71 | 回复：0
CVE-2021-23632

All versions of package git are vulnerable to Remote Code Execution (RCE) due to missing sanitization in the Git.git method, which allows execution of OS commands rather than just git commands. Steps ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：49 | 回复：0
CVE-2021-23771

This affects all versions of package notevil; all versions of package argencoders-notevil. It is vulnerable to Sandbox Escape leading to Prototype pollution. The package fails to restrict access to th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：44 | 回复：0
CVE-2021-44908

SailsJS Sails.js =1.4.0 is vulnerable to Prototype Pollution via controller/load-action-modules.js, function loadActionModules().……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：42 | 回复：0
CVE-2021-45793

Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：40 | 回复：0
CVE-2021-45794

Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/system/backup.php. User data can be obtained.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：32 | 回复：0
CVE-2022-0748

The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：30 | 回复：0
CVE-2022-0749

This affects all versions of package SinGooCMS.Utility. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket clie ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：35 | 回复：0
CVE-2022-21221

The package github.com/valyala/fasthttp before 1.34.0 are vulnerable to Directory Traversal via the ServeFile function, due to improper sanitization. It is possible to be exploited by using a backslas ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：31 | 回复：0
CVE-2022-25296

The package bodymen from 0.0.0 are vulnerable to Prototype Pollution via the handler function which could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：47 | 回复：0
CVE-2022-25352

The package libnested before 1.5.2 are vulnerable to Prototype Pollution via the set function in index.js. **Note:** This vulnerability derives from an incomplete fix for (https://security.snyk.io/vul ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：33 | 回复：0
CVE-2022-25354

The package set-in before 2.0.3 are vulnerable to Prototype Pollution via the setIn method, as it allows an attacker to merge object prototypes into it. **Note:** This vulnerability derives from an in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：25 | 回复：0
CVE-2022-25760

All versions of package accesslog are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization. If (attacker-controlled) user input is given to th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：36 | 回复：0
CVE-2021-44259

A vulnerability is in the 'wx.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When an ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：30 | 回复：0
CVE-2021-44260

A vulnerability is in the 'live_mfg.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. Wh ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：29 | 回复：0
CVE-2021-44261

A vulnerability is in the 'BRS_top.html' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：31 | 回复：0
CVE-2021-44262

A vulnerability is in the 'MNU_top.htm' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：29 | 回复：0
CVE-2022-24761

Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：25 | 回复：0