CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-27193

CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities (XXE). This leads to the inclusion of arbitrary (local) file content into the generated output document. An attacker can exploit thi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：102 | 回复：0
CVE-2022-0950

Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：115 | 回复：0
CVE-2022-0951

File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：89 | 回复：0
CVE-2022-0893

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：86 | 回复：0
CVE-2022-0894

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：170 | 回复：0
CVE-2021-45010

A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP file ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：114 | 回复：0
CVE-2022-0954

Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweb ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：60 | 回复：0
CVE-2022-0956

Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：58 | 回复：0
CVE-2022-0942

Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：60 | 回复：0
CVE-2022-24721

CometD is a scalable comet implementation for web messaging. In any version prior to 5.0.11, 6.0.6, and 7.0.6, internal usage of Oort and Seti channels is improperly authorized, so any remote user cou ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：54 | 回复：0
CVE-2022-0430

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository httpie/httpie prior to 3.1.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：59 | 回复：0
CVE-2022-0961

The microweber application allows large characters to insert in the input field post title which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in GitHub repository ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：46 | 回复：0
CVE-2022-24755

Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director = 18.2 = 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured fo ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:52 | 阅读：51 | 回复：0
CVE-2021-40059

There is a permission control vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect confidentiality.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：34 | 回复：0
CVE-2021-40061

There is a vulnerability of accessing resources using an incompatible type (type confusion) in the Bastet module. Successful exploitation of this vulnerability may affect integrity.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：31 | 回复：0
CVE-2021-40062

There is a vulnerability of copying input buffer without checking its size in the video framework. Successful exploitation of this vulnerability may affect availability.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：37 | 回复：0
CVE-2021-40063

There is an improper access control vulnerability in the video module. Successful exploitation of this vulnerability may affect confidentiality.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：36 | 回复：0
CVE-2021-40064

There is a heap-based buffer overflow vulnerability in system components. Successful exploitation of this vulnerability may affect system stability.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：38 | 回复：0
CVE-2021-40376

otris Update Manager 1.2.1.0 allows local users to achieve SYSTEM access via unauthenticated calls to exposed interfaces over a .NET named pipe. A remote attack may be possible as well, by leveraging ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：37 | 回复：0
CVE-2021-41657

SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulnerability in the web UI which would allow an attacker to conduct a clickjacking attack.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：36 | 回复：0
CVE-2021-42186

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：40 | 回复：0
CVE-2021-42786

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) has Remote Code Execution vulnerabilities in multiple instances of the API requests. The affected endpoints do not hav ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：41 | 回复：0
CVE-2021-42787

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentConfigurationServlet has directory traversal vulnerabilities at the /api/appInternals/1.0/agent/configurati ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：38 | 回复：0
CVE-2021-42853

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentDiagnosticServlet has directory traversal vulnerability at the /api/appInternals/1.0/agent/diagnostic/logs ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：40 | 回复：0
CVE-2021-42854

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) PluginServlet has directory traversal vulnerabilities at the /api/appInternals/1.0/plugin/pmx API. The affected ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：40 | 回复：0
CVE-2021-42855

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) uses the .debug_command.config file to store a json string that contains a list of IDs and pre-configured commands. Th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：38 | 回复：0
CVE-2021-42856

It was discovered that the /DsaDataTest endpoint is susceptible to Cross-site scripting (XSS) attack. It was noted that the Metric parameter does not have any input checks on the user input that allow ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：40 | 回复：0
CVE-2021-42857

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentDaServlet has directory traversal vulnerabilities at the /api/appInternals/1.0/agent/da/pcf API. The affect ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：41 | 回复：0
CVE-2021-43969

The login.jsp page of Quicklert for Digium 10.0.0 (1043) is affected by both Blind SQL Injection with Out-of-Band Interaction (DNS) and Blind Time-Based SQL Injections. Exploitation can be used to dis ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：48 | 回复：0
CVE-2021-43970

An arbitrary file upload vulnerability exists in albumimages.jsp in Quicklert for Digium 10.0.0 (1043) via a .mp3;.jsp filename for a file that begins with audio data bytes. It allows an authenticated ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：53 | 回复：0
CVE-2021-44032

TP-Link Omada SDN Software Controller before 5.0.15 does not check if the authentication method specified in a connection request is allowed. An attacker can bypass the captive portal authentication p ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：55 | 回复：0
CVE-2021-44215

Northern.tech CFEngine Enterprise 3.15.4 before 3.15.5 has Insecure Permissions that may allow unauthorized local users to have an unspecified impact.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：51 | 回复：0
CVE-2021-44216

Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18.1 has Insecure Permissions that may allow unauthorized local users to access the Apache and Mission Portal log files.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：70 | 回复：0
CVE-2021-44269

An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV files. This issue triggered in function WavpackPackSamples of file src/pack_utils.c, tainted variable cnt is too large, that makes ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：73 | 回复：0
CVE-2021-44421

The pointer-validation logic in util/mem_util.rs in Occlum before 0.26.0 for Intel SGX acts as a confused deputy that allows a local attacker to access unauthorized information via side-channel analys ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：109 | 回复：0
CVE-2021-44622

A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/check_reg_verify_code function which could let a remove malicious user execute arbitrary code ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：269 | 回复：0
CVE-2021-44623

A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 via the /cloud_config/router_post/check_reset_pwd_verify_code interface.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：224 | 回复：0
CVE-2021-44625

A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in /cloud_config/cloud_device/info interface, which allows a malicious user to executee arbitrary code on the system via a craf ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：140 | 回复：0
CVE-2021-44626

A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/get_reg_verify_code feature, which allows malicious users to execute arbitrary code on the sys ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：107 | 回复：0
CVE-2021-44627

A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/get_reset_pwd_veirfy_code feature, which allows malicious users to execute arbitrary code on t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：95 | 回复：0