CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-25820

A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physical attackers to perform brute force attack on screen lock password.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：51 | 回复：0
CVE-2022-25821

Improper use of SMS buffer pointer in Shannon baseband prior to SMR Mar-2022 Release 1 allows OOB read.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：48 | 回复：0
CVE-2022-25822

An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：52 | 回复：0
CVE-2022-25823

Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.220126741 allows attackers to access user information in log.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：47 | 回复：0
CVE-2022-25824

Improper access control vulnerability in BixbyTouch prior to version 2.2.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：51 | 回复：0
CVE-2022-25825

Improper access control vulnerability in Samsung Account prior to version 13.1.0.1 allows attackers to access to the authcode for sign-in.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：57 | 回复：0
CVE-2022-25826

Information Exposure vulnerability in Galaxy S3 Plugin prior to version 2.2.03.22012751 allows attacker to access password information of connected WiFiAp in the log……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：59 | 回复：0
CVE-2022-25827

Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.22012751 allows attacker to access password information of connected WiFiAp in the log……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：66 | 回复：0
CVE-2022-25828

Information Exposure vulnerability in Watch Active Plugin prior to version 2.2.07.22012751 allows attacker to access password information of connected WiFiAp in the log……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：74 | 回复：0
CVE-2022-25829

Information Exposure vulnerability in Watch Active2 Plugin prior to version 2.2.08.22012751 allows attacker to access password information of connected WiFiAp in the log……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：74 | 回复：0
CVE-2022-25830

Information Exposure vulnerability in Galaxy Watch3 Plugin prior to version 2.2.09.22012751 allows attacker to access password information of connected WiFiAp in the log……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：83 | 回复：0
CVE-2022-25922

Power Line Communications PLC4TRUCKS J2497 trailer brake controllers implement diagnostic functions which can be invoked by replaying J2497 messages. There is no authentication or authorization for th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：127 | 回复：0
CVE-2022-26100

SAPCAR - version 7.22, does not contain sufficient input validation on the SAPCAR archive. As a result, the SAPCAR process may crash, and the attacker may obtain privileged access to the system.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：89 | 回复：0
CVE-2022-26101

Fiori launchpad - versions 754, 755, 756, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：127 | 回复：0
CVE-2022-26102

Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：84 | 回复：0
CVE-2022-26103

Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50, allows an attacker to access information which could lead to information gathering for further exploits and atta ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：100 | 回复：0
CVE-2022-26104

SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system message.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：140 | 回复：0
CVE-2022-26131

Power Line Communications PLC4TRUCKS J2497 trailer receivers are susceptible to remote RF induced signals.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：124 | 回复：0
CVE-2022-26143

The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：144 | 回复：0
CVE-2022-26311

Couchbase Operator 2.2.x before 2.2.3 exposes Sensitive Information to an Unauthorized Actor. Secrets are not redacted in logs collected from Kubernetes environments.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：278 | 回复：0
CVE-2022-26333

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：108 | 回复：0
CVE-2022-26355

Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module (TPM ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：79 | 回复：0
CVE-2022-26488

In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the sy ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：112 | 回复：0
CVE-2022-26520

** DISPUTED ** In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：106 | 回复：0
CVE-2022-26521

Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the CatalogMedia ManagerImages settings can be changed by an admi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：125 | 回复：0
CVE-2022-26652

NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：140 | 回复：0
CVE-2022-26661

An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (pro ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：111 | 回复：0
CVE-2022-26662

An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (C ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：129 | 回复：0
CVE-2022-26778

Veritas System Recovery (VSR) 18 and 21 stores a network destination password in the Windows registry during configuration of the backup configuration. This could allow a Windows user (who has suffici ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：111 | 回复：0
CVE-2022-26846

SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：98 | 回复：0
CVE-2022-26847

SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：89 | 回复：0
CVE-2021-44673

A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：94 | 回复：0
CVE-2021-38910

IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. By sending a specially crafted JSON message ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：135 | 回复：0
CVE-2021-39022

IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：114 | 回复：0
CVE-2021-39025

IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 could disclose internal IP address information when the web backend is down. IBM X-Force 213863.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：141 | 回复：0
CVE-2022-23036

Linux PV device frontends vulnerable to attacks by backends T Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：212 | 回复：0
CVE-2022-23037

Linux PV device frontends vulnerable to attacks by backends T Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：137 | 回复：0
CVE-2022-23038

Linux PV device frontends vulnerable to attacks by backends T Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：100 | 回复：0
CVE-2022-23039

Linux PV device frontends vulnerable to attacks by backends T Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：95 | 回复：0
CVE-2022-23040

Linux PV device frontends vulnerable to attacks by backends T Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：87 | 回复：0