CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-24420

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during S ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：30 | 回复：0
CVE-2022-24421

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during S ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：29 | 回复：0
CVE-2021-41848

An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It mishandles software updates such that local third-party apps can provide a spoofed software update file that contains an arbitrary ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：35 | 回复：0
CVE-2021-41849

An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It sends the following Personally Identifiable Information (PII) in plaintext using HTTP to servers located in China: user's list ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：31 | 回复：0
CVE-2021-41850

An issue was discovered in Luna Simo PPR1.180610.011/202001031830. A pre-installed app with a package name of com.skyroam.silverhelper writes three IMEI values to system properties at system startup. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：44 | 回复：0
CVE-2021-42262

An issue was discovered in Softing OPC UA C++ SDK before 5.70. An invalid XML element in the type dictionary makes the OPC/UA client crash due to an out-of-memory condition.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：37 | 回复：0
CVE-2021-42577

An issue was discovered in Softing OPC UA C++ SDK before 5.70. A malformed OPC/UA message abort packet makes the client crash with a NULL pointer dereference.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：42 | 回复：0
CVE-2022-24760

Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution (RCE) vulnerability in Parse Server. This vulnerability affects Parse Server in the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：37 | 回复：0
CVE-2022-26276

An issue in index.php of OneNav v0.9.14 allows attackers to perform directory traversal.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：35 | 回复：0
CVE-2022-26533

Alist v2.1.0 and below was discovered to contain a cross-site scripting (XSS) vulnerability via /i/:data/ipa.plist.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：25 | 回复：0
CVE-2022-0880

Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：47 | 回复：0
CVE-2022-0926

File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：42 | 回复：0
CVE-2022-0929

XSS on dynamic_text module in GitHub repository microweber/microweber prior to 1.2.11.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：50 | 回复：0
CVE-2022-0930

File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：87 | 回复：0
CVE-2022-26966

An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：204 | 回复：0
CVE-2022-26967

GPAC 2.0 allows a heap-based buffer overflow in gf_base64_encode. It can be triggered via MP4Box.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：116 | 回复：0
CVE-2021-36368

** DISPUTED ** An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：74 | 回复：0
CVE-2022-23960

Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buff ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：44 | 回复：0
CVE-2021-45886

An issue was discovered in PONTON X/P Messenger before 3.11.2. Anti-CSRF tokens are globally valid, making the web application vulnerable to a weakened version of CSRF, where an arbitrary token of a l ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：42 | 回复：0
CVE-2021-45887

An issue was discovered in PONTON X/P Messenger before 3.11.2. Due to path traversal in private/SchemaSetUpload.do for uploaded ZIP files, an executable script can be uploaded by web application admin ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：35 | 回复：0
CVE-2021-45888

An issue was discovered in PONTON X/P Messenger before 3.11.2. The navigation tree that is shown on the left side of every page of the web application is vulnerable to XSS: it allows injection of Java ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：31 | 回复：0
CVE-2021-45889

An issue was discovered in PONTON X/P Messenger before 3.11.2. Several functions are vulnerable to reflected XSS, as demonstrated by private/index.jsp?partners/ShowNonLocalPartners.do?localID= or priv ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：36 | 回复：0
CVE-2022-24128

Timescale TimescaleDB 1.x and 2.x before 2.5.2 may allow privilege escalation during extension installation. The installation process uses commands such as CREATE x IF NOT EXIST that allow an unprivil ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：33 | 回复：0
CVE-2022-24696

Mirametrix Glance before 5.1.1.42207 (released on 2018-08-30) allows a local attacker to elevate privileges. NOTE: this is unrelated to products from the glance.com and glance.net websites.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：35 | 回复：0
CVE-2022-26981

Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：43 | 回复：0
CVE-2021-46709

phpLiteAdmin through 1.9.8.2 allows XSS via the index.php newRows parameter (aka num or number).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：44 | 回复：0
CVE-2021-43954

The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have 'can add repository permission', to enumerate the existence of internal ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：55 | 回复：0
CVE-2022-0937

Stored xss in showdoc through file upload in GitHub repository star7th/showdoc prior to 2.10.4.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：48 | 回复：0
CVE-2022-0341

Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.12.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：51 | 回复：0
CVE-2022-0938

Stored XSS via file upload in GitHub repository star7th/showdoc prior to v2.10.4.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：55 | 回复：0
CVE-2022-0940

Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：58 | 回复：0
CVE-2022-22719

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：58 | 回复：0
CVE-2022-22720

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：47 | 回复：0
CVE-2022-22721

If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apach ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：38 | 回复：0
CVE-2022-23943

Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：34 | 回复：0
CVE-2022-0941

Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：34 | 回复：0
CVE-2022-24384

Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：35 | 回复：0
CVE-2022-24385

A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：37 | 回复：0
CVE-2022-24386

Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：30 | 回复：0
CVE-2022-24387

With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.1 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：36 | 回复：0