CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-46382

Unauthenticated cross-site scripting (XSS) in Netgear WAC120 AC Access Point may lead to mulitple attacks like session hijacking even clipboard hijacking.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：83 | 回复：0
CVE-2022-22946

In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：77 | 回复：0
CVE-2022-23729

When the device is in factory state, it can be access the shell without adb authentication process. The LG ID is LVE-SMP-210010.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：79 | 回复：0
CVE-2022-26336

A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files (Microsoft Outlook and Microsoft Exchan ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：68 | 回复：0
CVE-2022-21828

A user with high privilege access to the Incapptic Connect web console can remotely execute code on the Incapptic Connect server using a unspecified attack vector in Incapptic Connect version 1.40.0, ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：59 | 回复：0
CVE-2022-24727

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-23915. Reason: This candidate is a reservation duplicate of CVE-2022-23915. Notes: All CVE users should reference CVE-2022-23915 ins ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：64 | 回复：0
CVE-2022-25623

The Symantec Management Agent is susceptible to a privilege escalation vulnerability. A low privilege local account can be elevated to the SYSTEM level through registry manipulations.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：75 | 回复：0
CVE-2021-20300

A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integ ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：74 | 回复：0
CVE-2021-20302

A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exce ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：75 | 回复：0
CVE-2021-20303

A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an ou ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：88 | 回复：0
CVE-2021-20319

An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：130 | 回复：0
CVE-2021-3428

A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent. Fabricating an ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：79 | 回复：0
CVE-2021-3575

A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：78 | 回复：0
CVE-2022-23232

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could allow disabled, expired, or locked external user account ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：77 | 回复：0
CVE-2022-23233

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS) of the Local Distributio ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：58 | 回复：0
CVE-2022-26318

On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：71 | 回复：0
CVE-2021-27757

Insecure password storage issue.The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.Since the information is stored in cleart ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：55 | 回复：0
CVE-2021-3656

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：57 | 回复：0
CVE-2021-3737

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：47 | 回复：0
CVE-2022-0855

Improper Resolution of Path Equivalence in GitHub repository microweber-dev/whmcs_plugin prior to 0.0.4.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：41 | 回复：0
CVE-2022-26483

An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. A reflected cross-site scripting (XSS) vulnerability in admin/cgi-bin/list ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：44 | 回复：0
CVE-2022-26484

An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. The web server fails to sanitize admin/cgi-bin/rulemgr.pl/getfile/ input d ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：37 | 回复：0
CVE-2022-23915

The package weblate from 0 and before 4.11.1 are vulnerable to Remote Code Execution (RCE) via argument injection when using git or mercurial repositories. Authenticated users, can change the behavior ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：45 | 回复：0
CVE-2022-25106

D-Link DIR-859 v1.05 was discovered to contain a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：37 | 回复：0
CVE-2021-43590

Dell EMC Enterprise Storage Analytics for vRealize Operations, versions 4.0.1 to 6.2.1, contain a Plain-text password storage vulnerability. A local high privileged malicious user may potentially expl ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：48 | 回复：0
CVE-2021-27756

TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：43 | 回复：0
CVE-2021-32008

This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Improper Limitation of a Pathname to restricted directory, allows logged in GateManager admin to delete system Fil ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：74 | 回复：0
CVE-2021-40846

An issue was discovered in Rhinode Trading Paints through 2.0.36. TP Updater.exe uses cleartext HTTP to check, and request, updates. Thus, attackers can man-in-the-middle a victim to download a malici ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：61 | 回复：0
CVE-2021-44827

There is remote authenticated OS command injection on TP-Link Archer C20i 0.9.1 3.2 v003a.0 Build 170221 Rel.55462n devices vie the X_TP_ExternalIPv6Address HTTP parameter, allowing a remote attacker ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：71 | 回复：0
CVE-2021-46353

An information disclosure in web interface in D-Link DIR-X1860 before 1.03 RevA1 allows a remote unauthenticated attacker to send a specially crafted HTTP request and gain knowledge of different absol ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：76 | 回复：0
CVE-2021-46384

https://gitee.com/mingSoft/MCMS MCMS =5.2.5 is affected by: RCE. The impact is: execute arbitrary code (remote). The attack vector is: ${freemarker.template.utility.Execute?new()(calc)}. ¶¶ MCMS has ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：57 | 回复：0
CVE-2022-25312

An XML external entity (XXE) injection vulnerability was discovered in the Any23 RDFa XSLTStylesheet extractor and is known to affect Any23 versions 2.7. XML external entity injection (also known as ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：107 | 回复：0
CVE-2022-25069

Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to perform remote code execution (RCE) via injecting a crafted payload into /lib ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：85 | 回复：0
CVE-2022-25044

Espruino 2v11.251 was discovered to contain a stack buffer overflow via src/jsvar.c in jsvNewFromString.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：62 | 回复：0
CVE-2022-25465

Espruino 2v11 release was discovered to contain a stack buffer overflow via src/jsvar.c in jsvGetNextSibling.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：54 | 回复：0
CVE-2022-0849

Use After Free in r_reg_get_name_idx in GitHub repository radareorg/radare2 prior to 5.6.6.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：65 | 回复：0
CVE-2022-24921

regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：59 | 回复：0
CVE-2022-0845

Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：46 | 回复：0
CVE-2022-26487

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-26143. Reason: This candidate is a reservation duplicate of CVE-2022-26143. Notes: All CVE users should reference CVE-2022-26143 ins ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：63 | 回复：0
CVE-2022-26490

st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：43 | 回复：0