CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-27905

In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:\) to exploit this.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：75 | 回复：0
CVE-2022-28464

Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS) which can lead to remote code execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：47 | 回复：0
CVE-2022-24888

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders tha ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：41 | 回复：0
CVE-2022-24889

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 21.0.8, 22.2.4, and 23.0.1, it is possible to trick administrators into enabling reco ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：67 | 回复：0
CVE-2022-29505

Due to build misconfiguration in openssl dependency, LINE for Windows before 7.8 is vulnerable to DLL injection that could lead to privilege escalation.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：127 | 回复：0
CVE-2021-29776

IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information from another user's dashboard providing the dashboard ID of that user. IBM X-Force ID: 203030. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：62 | 回复：0
CVE-2021-34587

In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：53 | 回复：0
CVE-2021-34588

In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot .……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：73 | 回复：0
CVE-2021-34589

In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：75 | 回复：0
CVE-2021-34590

In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escap ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：74 | 回复：0
CVE-2021-34591

In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：109 | 回复：0
CVE-2021-34592

In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：198 | 回复：0
CVE-2021-34601

In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：110 | 回复：0
CVE-2021-34602

In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields that are executed w ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：91 | 回复：0
CVE-2021-38869

IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatically log users out after they exceede their idle timeout. IBM X-Force ID: 208341.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：61 | 回复：0
CVE-2021-38874

IBM QRadar SIEM 7.3, 7.4, and 7.5 allows for users to access information across tenant and domain boundaries in some situations. IBM X-Force ID: 208397.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：64 | 回复：0
CVE-2021-38878

IBM QRadar 7.3, 7.4, and 7.5 could allow a malicious actor to impersonate an actor due to key exchange without entity authentication. IBM X-Force ID: 208756.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：49 | 回复：0
CVE-2021-38919

IBM QRadar SIEM 7.3, 7.4, and 7.5 in some senarios may reveal authorized service tokens to other QRadar users. IBM X-Force ID: 210021……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：41 | 回复：0
CVE-2021-38939

IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive information in log files that could be read by an user with access to creating domains. IBM X-Force ID: 211037.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：34 | 回复：0
CVE-2022-22312

IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Sy ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：36 | 回复：0
CVE-2022-22323

IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Sy ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：43 | 回复：0
CVE-2022-22345

IBM QRadar 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentiall ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：53 | 回复：0
CVE-2022-22521

In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed with users privileges. An attacker with low privileges may trick a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：91 | 回复：0
CVE-2022-27336

Seacms v11.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/weixin.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：66 | 回复：0
CVE-2021-25266

An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：53 | 回复：0
CVE-2022-1507

chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. in GitHub repository hpjansson/c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：51 | 回复：0
CVE-2022-22275

Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake potentially resulting in Denial of Service (DoS) attack if a t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：56 | 回复：0
CVE-2022-22276

A vulnerability in SonicOS SNMP service resulting exposure of sensitive information to an unauthorized user.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：66 | 回复：0
CVE-2022-22277

A vulnerability in SonicOS SNMP service resulting exposure of Wireless Access Point sensitive information in cleartext.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：78 | 回复：0
CVE-2022-22278

A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacke ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：93 | 回复：0
CVE-2022-23822

In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader (FSBL) by bypassing authentication and loading a malicious image onto the device. This in turn ma ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：145 | 回复：0
CVE-2022-22315

IBM UrbanCode Deploy (UCD) 7.2.2.1 could allow an authenticated user with special permissions to obtain elevated privileges due to improper handling of permissions. IBM X-Force ID: 217955.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：213 | 回复：0
CVE-2022-24372

Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link to the root directory of a NAS SMB share.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：145 | 回复：0
CVE-2022-28193

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to ca ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：134 | 回复：0
CVE-2022-28194

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where, if TFTP is enabled, a local attacker with elevated privileges can cause a memory buffer overflow, ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：263 | 回复：0
CVE-2022-28195

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_read_file function, where insufficient validation of untrusted data may allow a highly privileged local attacker to cause ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：136 | 回复：0
CVE-2022-28196

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot blob_decompress function, where insufficient validation of untrusted data may allow a local attacker with elevated privileges t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：119 | 回复：0
CVE-2022-28197

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_mount function, where Insufficient validation of untrusted data may allow a highly privileged local attacker to cause an i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：189 | 回复：0
CVE-2022-24735

Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：152 | 回复：0
CVE-2022-24736

Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will res ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：116 | 回复：0