CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-29906

The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66) omits a check for the quizadmin user.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：229 | 回复：0
CVE-2022-29907

The Nimbus skin for MediaWiki through 1.37.2 (before 6f9c8fb868345701d9544a54d9752515aace39df) allows XSS in Advertise link messages.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：242 | 回复：0
CVE-2022-1526

A vulnerability, which was classified as problematic, was found in Emlog Pro up to 1.2.2. This affects the POST parameter handling of articles. The manipulation with the input scriptalert(1);/script l ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：363 | 回复：0
CVE-2022-1530

Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. The attacker can execute malicious JavaScript on the application.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：247 | 回复：0
CVE-2022-1531

SQL injection vulnerability in ARAX-UI Synonym Lookup functionality in GitHub repository rtxteam/rtx prior to checkpoint_2022-04-20 . This vulnerability is critical as it can lead to remote code execu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：177 | 回复：0
CVE-2022-1533

Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. This vulnerability is capable of arbitrary code execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：179 | 回复：0
CVE-2022-1534

Buffer Over-read at parse_rawml.c:1416 in GitHub repository bfabiszewski/libmobi prior to 0.11. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow att ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：169 | 回复：0
CVE-2021-41942

The Magic CMS MSVOD v10 video system has a SQL injection vulnerability. Attackers can use vulnerabilities to obtain sensitive information in the database.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：178 | 回复：0
CVE-2021-44595

Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code w ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：154 | 回复：0
CVE-2021-44596

Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to software design flaws an unauthenticated user can communicate over UDP with the InstallAssistService.exe ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：214 | 回复：0
CVE-2022-1536

A vulnerability has been found in automad up to 1.10.9 and classified as problematic. This vulnerability affects the Dashboard. The manipulation of the argument title with the input Home/titlescriptal ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：140 | 回复：0
CVE-2021-41948

A cross-site scripting (XSS) vulnerability exists in the contact us plugin for Subrion CMS = 4.2.1 version via List of subjects.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：129 | 回复：0
CVE-2022-24900

Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer. Version 1.3 and prior are vulnerable to a path traversal attack. The `os.path.joi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：207 | 回复：0
CVE-2022-28452

Red Planet Laundry Management System 1.0 is vulnerable to SQL Injection.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：143 | 回复：0
CVE-2021-39082

IBM UrbanCode Deploy (UCD) 7.1.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：176 | 回复：0
CVE-2021-43937

Elcomplus SmartPTT SCADA Server web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the reque ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：156 | 回复：0
CVE-2021-43938

Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various files from the server without any authentication or authorization.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：134 | 回复：0
CVE-2022-0985

Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：140 | 回复：0
CVE-2022-1015

A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：129 | 回复：0
CVE-2022-1048

A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PC ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：136 | 回复：0
CVE-2022-1114

A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to Im ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：115 | 回复：0
CVE-2022-1195

A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpa ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：115 | 回复：0
CVE-2022-1227

A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：142 | 回复：0
CVE-2022-1249

A NULL pointer dereference flaw was found in pesign's cms_set_pw_data() function of the cms_common.c file. The function fails to handle the NULL pwdata invocation from daemon.c, which leads to an ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：155 | 回复：0
CVE-2022-1353

A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：168 | 回复：0
CVE-2022-29856

A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA packages.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：173 | 回复：0
CVE-2021-36207

Under certain circumstances improper privilege management in Metasys ADS/ADX/OAS servers versions 10 and 11 could allow an authenticated user to elevate their privileges to administrator.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：149 | 回复：0
CVE-2021-3982

Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAP_SYS_NICE is curren ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：169 | 回复：0
CVE-2021-4206

A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：161 | 回复：0
CVE-2021-4207

A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor-header.width` and `cursor-header.height` can lead to the allocation of a small cursor ob ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：168 | 回复：0
CVE-2022-0984

Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badge ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：189 | 回复：0
CVE-2022-1402

ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：190 | 回复：0
CVE-2022-1403

ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds write condition.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：178 | 回复：0
CVE-2022-28480

ALLMediaServer 1.6 is vulnerable to Buffer Overflow via MediaServer.exe.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：177 | 回复：0
CVE-2022-28994

Small HTTP Server version 3.06 suffers from a remote buffer overflow vulnerability via long GET request.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：183 | 回复：0
CVE-2022-29414

Multiple (13x) Cross-Site Request Forgery (CSRF) vulnerabilities in WPKube's Subscribe To Comments Reloaded plugin = 211130 on WordPress allows attackers to clean up Log archive, download system i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：244 | 回复：0
CVE-2022-29451

Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vulnerability in Rara One Click Demo Import plugin = 1.2.9 on WordPress allows attackers to trick logged-in admin users into uploadin ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：177 | 回复：0
CVE-2022-29934

USU Oracle Optimization before 5.17.5 lacks Polkit authentication, which allows smartcollector users to achieve root access via pkexec. NOTE: this is not an Oracle Corporation product.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：172 | 回复：0
CVE-2022-29935

USU Oracle Optimization before 5.17.5 allows attackers to discover the quantum credentials via an agent-installer download. NOTE: this is not an Oracle Corporation product.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：186 | 回复：0
CVE-2022-29936

USU Oracle Optimization before 5.17 allows authenticated quantum users to achieve remote code execution because of /v2/quantum/save-data-upload-big-file Java deserialization. NOTE: this is not an Orac ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：217 | 回复：0