CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-22943

VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vulnerability. A malicious actor with local administrative privileges in the Windows guest OS, where V ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：154 | 回复：0
CVE-2022-22947

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote atta ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：122 | 回复：0
CVE-2022-23051

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svg_file' parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：118 | 回复：0
CVE-2022-23052

PeteReport Version 0.5 contains a Cross Site Request Forgery (CSRF) vulnerability allowing an attacker to trick users into deleting users, products, reports and findings on the application.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：111 | 回复：0
CVE-2022-23708

A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated user ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：93 | 回复：0
CVE-2022-23709

A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. A user with this privilege would be able to create new alerting rules or overwrite ex ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：123 | 回复：0
CVE-2022-23710

A cross-site-scripting (XSS) vulnerability was discovered in the Data Preview Pane (previously known as Index Pattern Preview Pane) which could allow arbitrary JavaScript to be executed in a victim’s ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：125 | 回复：0
CVE-2022-24725

Shescape is a shell escape package for JavaScript. An issue in versions 1.4.0 to 1.5.1 allows for exposure of the home directory on Unix systems when using Bash with the `escape` or `escapeAll` functi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：242 | 回复：0
CVE-2022-25220

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：122 | 回复：0
CVE-2021-26259

A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in render_table_row(),in ps-pdf.cxx may lead to arbitrary code execution and denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：111 | 回复：0
CVE-2021-26948

Null pointer dereference in the htmldoc v1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service via a crafted html file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：86 | 回复：0
CVE-2021-3638

An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：79 | 回复：0
CVE-2021-3640

A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_de ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：84 | 回复：0
CVE-2022-0730

Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：101 | 回复：0
CVE-2022-0838

Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：102 | 回复：0
CVE-2022-0848

OS Command Injection in GitHub repository part-db/part-db prior to 0.5.11.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：112 | 回复：0
CVE-2022-0752

Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：87 | 回复：0
CVE-2022-23327

A design flaw in Go-Ethereum 1.10.12 and older versions allows an attacker node to send 5120 future transactions with a high gas price in one message, which can purge all of pending transactions in a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：72 | 回复：0
CVE-2022-23328

A design flaw in all versions of Go-Ethereum allows an attacker node to send 5120 pending transactions of a high gas price from one account that all fully spend the full balance of the account to a vi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：79 | 回复：0
CVE-2021-43392

STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain information on cryptographic secrets. This is associated with the ECDSA signature algorithm on the Java ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：65 | 回复：0
CVE-2021-43393

STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：56 | 回复：0
CVE-2021-44321

Mini-Inventory-and-Sales-Management-System is affected by Cross Site Request Forgery (CSRF), where an attacker can update/delete items in the inventory. The attacker must be logged into the applicatio ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：65 | 回复：0
CVE-2021-46393

There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v10 variable is directly retrieved from the http request parameter startIp. Th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：79 | 回复：0
CVE-2021-46394

There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v13 variable is directly retrieved from the http request parameter startIp. Th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：87 | 回复：0
CVE-2022-0831

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：101 | 回复：0
CVE-2022-0832

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：111 | 回复：0
CVE-2022-26201

Victor CMS v1.0 was discovered to contain a SQL injection vulnerability.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：198 | 回复：0
CVE-2020-18324

Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：140 | 回复：0
CVE-2020-18325

Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：88 | 回复：0
CVE-2020-18326

Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authori ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：92 | 回复：0
CVE-2020-18327

Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.2……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：95 | 回复：0
CVE-2021-46378

DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：99 | 回复：0
CVE-2022-0839

Improper Restriction of XML External Entity Reference in GitHub repository liquibase/liquibase prior to 4.8.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：101 | 回复：0
CVE-2022-23397

The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messages to users which does not properly sanitize data sent in through a URL parameter. This leads to a Reflected Cross- ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：117 | 回复：0
CVE-2021-23214

When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：143 | 回复：0
CVE-2021-3743

An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leadin ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：182 | 回复：0
CVE-2021-3744

A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This v ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：142 | 回复：0
CVE-2021-46379

DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：158 | 回复：0
CVE-2021-46380

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: Reason: This is a duplicate to CVE-2022-22511 Notes:……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：102 | 回复：0
CVE-2021-46381

Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading and .……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：116 | 回复：0