CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-29937

USU Oracle Optimization before 5.17.5 allows authenticated DataCollection users to achieve agent root access because some common OS commands are blocked but (for example) an OS command for base64 deco ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：197 | 回复：0
CVE-2022-1543

Improper handling of Length parameter in GitHub repository erudika/scoold prior to 1.49.4. When the text size is large enough the service results in a momentary outage in a production environment. Tha ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：180 | 回复：0
CVE-2022-25854

This affects the package @yaireo/tagify before 4.9.8. The package is used for rendering UI components inside the input or text fields, and an attacker can pass a malicious placeholder value to it to f ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：229 | 回复：0
CVE-2022-29945

DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator's physical location via the AeroScope protocol.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：240 | 回复：0
CVE-2022-28198

NVIDIA Omniverse Nucleus and Cache contain a vulnerability in its configuration of OpenSSL, where an attacker with physical access to the system can cause arbitrary code execution which can impact con ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：264 | 回复：0
CVE-2022-29947

Woodpecker before 0.15.1 allows XSS via build logs because web/src/components/repo/build/BuildLog.vue lacks escaping.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：229 | 回复：0
CVE-2022-29967

static_compressed_inmemory_website_callback.c in Glewlwyd through 2.6.2 allows directory traversal.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：279 | 回复：0
CVE-2022-29265

Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. The Standard Content Viewer service attempts to resolve XML External Ent ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：297 | 回复：0
CVE-2022-28323

An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported,……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：296 | 回复：0
CVE-2021-41992

A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：240 | 回复：0
CVE-2021-41993

A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：280 | 回复：0
CVE-2021-41994

A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：305 | 回复：0
CVE-2021-42001

PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successf ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：303 | 回复：0
CVE-2022-28367

OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：159 | 回复：0
CVE-2022-29577

OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content. NOT ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：126 | 回复：0
CVE-2022-26672

ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote attacker can use this token to establish connections with the server and carry out login attempts to general ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：120 | 回复：0
CVE-2022-26673

ASUS RT-AX88U has insufficient filtering for special characters in the HTTP header parameter. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perf ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：112 | 回复：0
CVE-2022-26674

ASUS RT-AX88U has a Format String vulnerability, which allows an unauthenticated remote attacker to write to arbitrary memory address and perform remote arbitrary code execution, arbitrary system oper ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：180 | 回复：0
CVE-2022-1429

SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the data……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：78 | 回复：0
CVE-2022-27404

FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：58 | 回复：0
CVE-2022-27405

FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：45 | 回复：0
CVE-2022-27406

FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：38 | 回复：0
CVE-2022-28074

Halo-1.5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via \admin\index.html#/system/tools.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：30 | 回复：0
CVE-2021-32927

An attacker may be able to inject client-side JavaScript code on multiple instances within all versions of Uffizio GPS Tracker.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：32 | 回复：0
CVE-2021-32929

All versions of Uffizio GPS Tracker may allow an attacker to perform unintended actions on behalf of a user.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：33 | 回复：0
CVE-2021-36203

The affected product may allow an attacker to identify and forge requests to internal systems by way of a specially crafted request.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：26 | 回复：0
CVE-2022-1437

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：21 | 回复：0
CVE-2020-14123

There is a pointer double free vulnerability in Some MIUI Services. When a function is called, the memory pointer is copied to two function modules, and an attacker can cause the pointer to be repeate ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：27 | 回复：0
CVE-2022-29582

In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; howev ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：33 | 回复：0
CVE-2022-29583

service_windows.go in the kardianos service package for Go omits quoting that is sometimes needed for execution of a Windows service executable from the intended directory.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：27 | 回复：0
CVE-2021-20464

IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. IBM X-Force ID: 196813.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：12 | 回复：0
CVE-2021-29824

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the 'Data Connections' page to which they don't ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：16 | 回复：0
CVE-2021-38886

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：16 | 回复：0
CVE-2021-38903

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to injec ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：15 | 回复：0
CVE-2021-38904

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings. IBM X-Force ID: 209693.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：14 | 回复：0
CVE-2021-38905

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to. IBM X-Force ID: 209697.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：13 | 回复：0
CVE-2021-38946

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended funct ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：12 | 回复：0
CVE-2022-1439

Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found worki ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：14 | 回复：0
CVE-2022-29589

Crypt Server before 3.3.0 allows XSS in the index view. This is related to serial, computername, and username.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：15 | 回复：0
CVE-2022-1440

Command Injection vulnerability in [email protected] in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a `--upload-pack` command-line arg ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：14 | 回复：0