CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2020-16238

A vulnerability in the configuration import mechanism of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with comm ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：35 | 回复：0
CVE-2020-25150

A relative path traversal attack in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with service user privileges t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：31 | 回复：0
CVE-2020-25152

A session fixation vulnerability in the B. Braun Melsungen AG SpaceCom administrative interface Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows remote attacker ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：22 | 回复：0
CVE-2020-25154

An open redirect vulnerability in the administrative interface of the B. Braun Melsungen AG SpaceCom device Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows att ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：27 | 回复：0
CVE-2020-25156

Active debug code in the B. Braun Melsungen AG SpaceCom Version L8/U61, and the Data module compactplus Versions A10 and A11 and earlier enables attackers in possession of cryptographic material to ac ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：32 | 回复：0
CVE-2020-25158

A reflected cross-site scripting (XSS) vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows remote attackers to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：28 | 回复：0
CVE-2020-25160

Improper access controls in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 enables attackers to extract and tamper with the device ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：28 | 回复：0
CVE-2020-25162

A XPath injection vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows unauthenticated remote attackers to acces ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：36 | 回复：0
CVE-2020-25164

A vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to recover user credentials of the administrati ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：35 | 回复：0
CVE-2020-25166

An improper verification of the cryptographic signature of firmware updates of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allo ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：28 | 回复：0
CVE-2020-25168

Hard-coded credentials in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 enable attackers with command line access to access the d ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：29 | 回复：0
CVE-2021-28505

On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：26 | 回复：0
CVE-2022-1304

An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：25 | 回复：0
CVE-2022-1328

Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：27 | 回复：0
CVE-2022-22966

An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：22 | 回复：0
CVE-2022-22968

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：20 | 回复：0
CVE-2022-27848

Authenticated (admin+ user) Stored Cross-Site Scripting (XSS) in Modern Events Calendar Lite (WordPress plugin) = 6.5.1……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：17 | 回复：0
CVE-2022-24824

Discourse is an open source platform for community discussion. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown the crawler ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：18 | 回复：0
CVE-2022-24846

GeoWebCache is a tile caching server implemented in Java. The GeoWebCache disk quota mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and resu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：17 | 回复：0
CVE-2022-24849

DisCatSharp is a Discord API wrapper for .NET. Users of versions 9.8.5, 9.8.6, 9.9.0 and previously published prereleases of 10.0.0 who have used either one of the two `RequireDisCatSharpDeveloperAttr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：15 | 回复：0
CVE-2022-24850

Discourse is an open source platform for community discussion. A category's group permissions settings can be viewed by anyone that has access to the category. As a result, a normal user is able t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：15 | 回复：0
CVE-2022-24853

Metabase is an open source business intelligence and analytics application. Metabase has a proxy to load arbitrary URLs for JSON maps as part of our GeoJSON support. While we do validation to not retu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：16 | 回复：0
CVE-2022-24854

Metabase is an open source business intelligence and analytics application. SQLite has an FDW-like feature called `ATTACH DATABASE`, which allows connecting multiple SQLite databases via the initial c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：14 | 回复：0
CVE-2022-24855

Metabase is an open source business intelligence and analytics application. In affected versions Metabase ships with an internal development endpoint `/_internal` that can allow for cross site scripti ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：15 | 回复：0
CVE-2022-26034

Improper authentication vulnerability in the communication protocol provided by AD (Automation Design) server of CENTUM VP R6.01.10 to R6.09.00, CENTUM VP Small R6.01.10 to R6.09.00, CENTUM VP Basic R ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：15 | 回复：0
CVE-2022-27188

OS command injection vulnerability exists in CENTUM VP R4.01.00 to R4.03.00, CENTUM VP Small R4.01.00 to R4.03.00, CENTUM VP Basic R4.01.00 to R4.03.00, and B/M9000 VP R6.01.01 to R6.03.02, which may ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：16 | 回复：0
CVE-2021-40386

Kaseya Unitrends Client/Agent through 10.5,5 allows remote attackers to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：13 | 回复：0
CVE-2022-26498

An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to dow ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：17 | 回复：0
CVE-2022-26499

An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：16 | 回复：0
CVE-2022-26651

An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL qu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：15 | 回复：0
CVE-2022-28345

The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. It incorrectly renders RTLO encoded URLs beginning with a non-breaking space, when there is a hash character in the URL. This ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：16 | 回复：0
CVE-2022-28868

An Address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted malicious webpage/URL, user may be tricked for a short period of time (until t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：14 | 回复：0
CVE-2022-28869

A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the browser did not show full URL, such as port ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：15 | 回复：0
CVE-2022-28870

A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the address bar was not correct if navigation fa ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：16 | 回复：0
CVE-2022-27474

SuiteCRM v7.11.23 was discovered to allow remote code execution via a crafted payload injected into the FirstName text field.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：16 | 回复：0
CVE-2022-28041

stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：16 | 回复：0
CVE-2022-28042

stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：17 | 回复：0
CVE-2022-28044

Irzip v0.640 was discovered to contain a heap memory corruption via the component lrzip.c:initialise_control.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：18 | 回复：0
CVE-2022-28048

STB v2.27 was discovered to contain an integer shift of invalid size in the component stbi__jpeg_decode_block_prog_ac.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：18 | 回复：0
CVE-2022-28049

NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference via the component njs_vmcode_array at /src/njs_vmcode.c.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:14 | 阅读：20 | 回复：0