CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-21170

Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：59 | 回复：0
CVE-2022-21219

Out-of-bounds read vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by havi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：58 | 回复：0
CVE-2022-22547

Simple Diagnostics Agent - versions 1.0 (up to version 1.57.), allows an attacker to access information which would otherwise be restricted via a random port 9000-65535. This allows information gather ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：54 | 回复：0
CVE-2022-22795

Signiant - Manager+Agents XML External Entity (XXE) - Extract internal files of the affected machine An attacker can read all the system files, the product is running with root on Linux systems and nt ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：52 | 回复：0
CVE-2022-22814

The System Diagnosis service of MyASUS before 3.1.2.0 allows privilege escalation.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：63 | 回复：0
CVE-2022-22834

An issue was discovered in OverIT Geocall before 8.0. An authenticated user who has the Test Trasformazione XSL functionality enabled can exploit a XSLT Injection vulnerability. Attackers could exploi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：78 | 回复：0
CVE-2022-22835

An issue was discovered in OverIT Geocall before version 8.0. An authenticated user who has the Test Trasformazione XSL functionality enabled can exploit a XXE vulnerability to read arbitrary files fr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：76 | 回复：0
CVE-2022-22985

The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：79 | 回复：0
CVE-2022-23383

YzmCMS v6.3 is affected by broken access control. Without login, unauthorized access to the user's personal home page can be realized. It is necessary to judge the user's login status before a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：103 | 回复：0
CVE-2022-23940

SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users with access to the Scheduled Reports module can achieve this by leveraging PHP deserialization in the em ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：190 | 回复：0
CVE-2022-24177

A cross-site scripting (XSS) vulnerability in the component cgi-bin/ej.cgi of Ex libris ALEPH 500 v18.1 and v20 allows attackers to execute arbitrary web scripts or HTML.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：112 | 回复：0
CVE-2022-24193

CasaOS before v0.2.7 was discovered to contain a command injection vulnerability.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：82 | 回复：0
CVE-2022-24285

Acer Care Center 4.00.30xx before 4.00.3042 contains a local privilege escalation vulnerability. The user process communicates with a service of system authority called ACCsvc through a named pipe. In ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：101 | 回复：0
CVE-2022-24286

Acer QuickAccess 2.01.300x before 2.01.3030 and 3.00.30xx before 3.00.3038 contains a local privilege escalation vulnerability. The user process communicates with a service of system authority through ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：96 | 回复：0
CVE-2022-24395

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerabilit ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：88 | 回复：0
CVE-2022-24396

The Simple Diagnostics Agent - versions 1.0 up to version 1.57, does not perform any authentication checks for functionalities that can be accessed via localhost on http port 3005. Due to lack of auth ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：110 | 回复：0
CVE-2022-24397

SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.This reflected c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：75 | 回复：0
CVE-2022-24398

Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access information which would otherwise be restricted.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：65 | 回复：0
CVE-2022-24399

The SAP Focused Run (Real User Monitoring) - versions 200, 300, REST service does not sufficiently sanitize the input name of the file using multipart/form-data, resulting in Cross-Site Scripting (XSS ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：83 | 回复：0
CVE-2022-24432

Persistent cross-site scripting (XSS) in the web interface of ipDIO allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into specific fields. The XSS ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：64 | 回复：0
CVE-2022-24600

Luocms v2.0 is affected by SQL Injection through /admin/login.php. An attacker can log in to the background through SQL injection statements.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：62 | 回复：0
CVE-2022-24601

Luocms v2.0 is affected by SQL Injection in /admin/manager/admin_mod.php. An attacker can obtain sensitive information through SQL injection statements.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：64 | 回复：0
CVE-2022-24602

Luocms v2.0 is affected by SQL Injection in /admin/news/news_mod.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：73 | 回复：0
CVE-2022-24603

Luocms v2.0 is affected by SQL Injection in /admin/news/sort_mod.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：86 | 回复：0
CVE-2022-24604

Luocms v2.0 is affected by SQL Injection in /admin/link/link_mod.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：95 | 回复：0
CVE-2022-24605

Luocms v2.0 is affected by SQL Injection in /admin/link/link_ok.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：137 | 回复：0
CVE-2022-24606

Luocms v2.0 is affected by SQL Injection in /admin/news/sort_ok.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：89 | 回复：0
CVE-2022-24607

Luocms v2.0 is affected by SQL Injection in /admin/news/news_ok.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：71 | 回复：0
CVE-2022-24608

Luocms v2.0 is affected by Cross Site Scripting (XSS) in /admin/news/sort_add.php and /inc/function.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：62 | 回复：0
CVE-2022-24609

Luocms v2.0 is affected by an incorrect access control vulnerability. Through /admin/templates/template_manage.php, an attacker can write an arbitrary shell file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：61 | 回复：0
CVE-2022-24618

Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and earlier has insecure permissions, which allows unprivileged local users to elevate privileges to SYSTEM via the Browse For Folder w ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：54 | 回复：0
CVE-2022-24644

ZZ Inc. KeyMouse Windows 3.08 and prior is affected by a remote code execution vulnerability during an unauthenticated update. To exploit this vulnerability, a user must trigger an update of an affect ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：48 | 回复：0
CVE-2022-24651

sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through /user/upload/upload.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：55 | 回复：0
CVE-2022-24652

sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in php code execution in /admin/upload/upload.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：58 | 回复：0
CVE-2022-24915

The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：57 | 回复：0
CVE-2022-24928

Security misconfiguration of RKP in kernel prior to SMR Mar-2022 Release 1 allows a system not to be protected by RKP.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：57 | 回复：0
CVE-2022-24929

Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows attacker to change the list of locked app without authentication.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：68 | 回复：0
CVE-2022-24930

An Improper access control vulnerability in StRetailModeReceiver in Wear OS 3.0 prior to Firmware update MAR-2022 Release allows untrusted applications to reset default app settings without a proper p ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：61 | 回复：0
CVE-2022-24931

Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022 Release allows unauthorized attackers to execute arbitrary activity without a proper permission……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：56 | 回复：0
CVE-2022-24932

Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：71 | 回复：0