CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-0776

Cross-site Scripting (XSS) - DOM in GitHub repository hakimel/reveal.js prior to 4.3.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：242 | 回复：0
CVE-2022-0777

Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：205 | 回复：0
CVE-2021-44747

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the Fmlib component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can b ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：162 | 回复：0
CVE-2022-23377

Archeevo below 5.0 is affected by local file inclusion through file=~/web.config to allow an attacker to retrieve local files.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：182 | 回复：0
CVE-2022-23380

There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=adminid=2ctrl=edit.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：167 | 回复：0
CVE-2021-44238

AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE) via /aya/module/admin/ust_tab_e.inc.php,……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：142 | 回复：0
CVE-2021-46387

ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：151 | 回复：0
CVE-2020-4925

A security vulnerability in the Spectrum Scale 5.0 and 5.1 allows a non-root user to overflow the mmfsd daemon with requests and preventing the daemon to service other requests. IBM X-Force ID: 191599 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：171 | 回复：0
CVE-2021-38955

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user with elevated privileges to cause a denial of service due to a file creation vulnerability in the audit commands. IBM X-Force ID: 211825.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：190 | 回复：0
CVE-2021-38986

IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 212942.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：206 | 回复：0
CVE-2022-22321

IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：179 | 回复：0
CVE-2022-23387

An issue was discovered in taocms 3.0.2. This is a SQL blind injection that can obtain database data through the Comment Update field.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：171 | 回复：0
CVE-2021-36166

An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently guess one administrative account's authentication token by means of the observation of ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：149 | 回复：0
CVE-2021-36171

The use of a cryptographically weak pseudo-random number generator in the password reset feature of FortiPortal before 6.0.6 may allow a remote unauthenticated attacker to predict parts of or the whol ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：146 | 回复：0
CVE-2020-15936

A improper input validation in Fortinet FortiGate version 6.4.3 and below, version 6.2.5 and below, version 6.0.11 and below, version 5.6.13 and below allows attacker to disclose sensitive information ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：132 | 回复：0
CVE-2021-32586

An improper input validation vulnerability in the web server CGI facilities of FortiMail before 7.0.1 may allow an unauthenticated attacker to alter the environment of the underlying script interprete ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：131 | 回复：0
CVE-2021-41193

wire-avs is the audio visual signaling (AVS) component of Wire, an open-source messenger. A remote format string vulnerability in versions prior to 7.1.12 allows an attacker to cause a denial of servi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：149 | 回复：0
CVE-2021-43075

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, ver ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：154 | 回复：0
CVE-2021-43077

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：216 | 回复：0
CVE-2022-22300

A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, FortiAnalyzer version 6.0.0 through 6.0.11, FortiAnalyzer version 6.2.0 through 6. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：152 | 回复：0
CVE-2022-24717

ssr-pages is an HTML page builder for the purpose of server-side rendering (SSR). In versions prior to 0.1.5, a cross site scripting (XSS) issue can occur when providing untrusted input to the `redire ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：130 | 回复：0
CVE-2022-24718

ssr-pages is an HTML page builder for the purpose of server-side rendering (SSR). In versions prior to 0.1.4, a path traversal issue can occur when providing untrusted input to the `svg` property as a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：117 | 回复：0
CVE-2022-24719

Fluture-Node is a FP-style HTTP and streaming utils for Node based on Fluture. Using `followRedirects` or `followRedirectsWith` with any of the redirection strategies built into fluture-node 4.0.0 or ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：105 | 回复：0
CVE-2021-41282

diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netsta ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：88 | 回复：0
CVE-2021-41652

Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 allows attackers to dump the entire database.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：89 | 回复：0
CVE-2022-24251

Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：84 | 回复：0
CVE-2022-24252

An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：100 | 回复：0
CVE-2022-24253

Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：92 | 回复：0
CVE-2022-24254

An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：118 | 回复：0
CVE-2022-24255

Extensis Portfolio v4.0 was discovered to contain hardcoded credentials which allows attackers to gain administrator privileges.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：134 | 回复：0
CVE-2022-24720

image_processing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the `#apply` method from image_processing to apply a series of operations tha ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：86 | 回复：0
CVE-2022-25010

The component /rootfs in RageFile of Stepmania v5.1b2 and below allows attackers access to the entire file system.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：86 | 回复：0
CVE-2022-25012

Argus Surveillance DVR v4.0 employs weak password encryption.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：96 | 回复：0
CVE-2021-45860

An integer overflow in DTSStreamReader::findFrame() of tsMuxer git-2678966 allows attackers to cause a Denial of Service (DoS) via a crafted file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：86 | 回复：0
CVE-2021-45861

There is an Assertion `num = INT_BIT' failed at BitStreamReader::skipBits in /bitStream.h:132 of tsMuxer git-c6a0277.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：81 | 回复：0
CVE-2021-45863

tsMuxer git-2678966 was discovered to contain a heap-based buffer overflow via the function HevcUnit::updateBits in hevc.cpp.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：98 | 回复：0
CVE-2021-45864

tsMuxer git-c6a0277 was discovered to contain a segmentation fault via DTSStreamReader::findFrame in dtsStreamReader.cpp.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：184 | 回复：0
CVE-2022-25050

rtl_433 21.12 was discovered to contain a stack overflow in the function somfy_iohc_decode(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：119 | 回复：0
CVE-2022-25051

An Off-by-one Error occurs in cmr113_decode of rtl_433 21.12 when decoding a crafted file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：113 | 回复：0
CVE-2022-0577

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：112 | 回复：0