CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-37292

An Access Control vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 due to an undocumented backdoor account. A malicious user can log in using the backdor account w ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：82 | 回复：0
CVE-2021-37293

A Directory Traversal vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 via the page GET parameter in index.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：69 | 回复：0
CVE-2021-38929

IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9.1 89.1x.0.0, and R9.2 89.2x.0.0 could allow a remote attacker to obtain sensitive information through unpublished URLs. IBM X-Forc ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：62 | 回复：0
CVE-2021-38930

IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9.1 89.1x.0.0, and R9.2 89.2x.0.0 could allow a remote attacker to obtain sensitive information through unpublished URLs. IBM X-Forc ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：75 | 回复：0
CVE-2021-39068

IBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：113 | 回复：0
CVE-2021-43442

A Logic Flaw vulnerability exists in i3 International Inc Annexxus Camera V5.2.0 build 150317 (Ax46), V5.0.9 build 151106 (Ax68), and V5.0.9 build 150615 (Ax78) due to a failure to allow the creation ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：122 | 回复：0
CVE-2022-29035

In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：98 | 回复：0
CVE-2021-22055

The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the package parameter. Attackers can also insert malicious data and fake entries.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：74 | 回复：0
CVE-2021-36846

Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Premio Chaty (WordPress plugin) = 2.8.3……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：41 | 回复：0
CVE-2021-36848

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Feather (WordPress plugin) versions = 2.0.4……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：45 | 回复：0
CVE-2021-36893

Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Responsive Tabs (WordPress plugin) = 4.0.5……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：37 | 回复：0
CVE-2021-36896

Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Pricing Table (WordPress plugin) versions = 1.5.2……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：35 | 回复：0
CVE-2021-36910

Authenticated (admin user role) Stored Cross-Site Scripting (XSS) in WP-Appbox (WordPress plugin) = 4.3.20.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：39 | 回复：0
CVE-2021-38125

Unauthenticated remote code execution in Micro Focus Operations Bridge containerized, affecting versions 2021.05, 2021.08, and newer versions of Micro Focus Operations Bridge containerized if the depl ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：38 | 回复：0
CVE-2021-40065

The communication module has a service logic error vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：30 | 回复：0
CVE-2021-43177

As a result of an incomplete fix for CVE-2015-7225, in versions of devise-two-factor prior to 4.0.2 it is possible to reuse a One-Time-Password (OTP) for one (and only one) immediately trailing interv ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：38 | 回复：0
CVE-2021-46740

The device authentication service module has a defect vulnerability introduced in the design process.Successful exploitation of this vulnerability may affect data confidentiality.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：46 | 回复：0
CVE-2021-46742

The multi-window module has a vulnerability of unauthorized insertion and tampering of Settings.Secure data.Successful exploitation of this vulnerability may affect the availability.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：77 | 回复：0
CVE-2021-4047

The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. This issue only affects Red Hat OpenShift 4.9.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：84 | 回复：0
CVE-2022-0552

A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-ht ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：69 | 回复：0
CVE-2022-0835

AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to an attacker or a low-privileged user.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：43 | 回复：0
CVE-2022-0999

An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：29 | 回复：0
CVE-2022-1067

Navigating to a specific URL with a patient ID number will result in the server generating a PDF of a lab report without authentication and rate limiting.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：23 | 回复：0
CVE-2022-1157

Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 of GitLab CE/EE causes potential sensitive values in invalid URLs to b ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：20 | 回复：0
CVE-2022-1161

An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable p ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：19 | 回复：0
CVE-2022-1193

Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows a malicious actor to obtain details of the latest commit in a private proje ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：23 | 回复：0
CVE-2022-1262

A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：20 | 回复：0
CVE-2022-1316

ZeroTierOne for windows local privilege escalation because of incorrect directory privilege in GitHub repository zerotier/zerotierone prior to 1.8.8. Local Privilege Escalation……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：21 | 回复：0
CVE-2022-20052

In mdp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploita ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：21 | 回复：0
CVE-2022-20062

In mdp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for explo ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：19 | 回复：0
CVE-2022-20063

In atf (spm), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is neede ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：17 | 回复：0
CVE-2022-20064

In ccci, there is a possible leak of kernel pointer due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not n ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：18 | 回复：0
CVE-2022-20065

In ccci, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed f ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：17 | 回复：0
CVE-2022-20066

In atf (hwfde), there is a possible leak of sensitive information due to incorrect error handling. This could lead to local information disclosure with System execution privileges needed. User interac ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：18 | 回复：0
CVE-2022-20067

In mdp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed f ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：24 | 回复：0
CVE-2022-20068

In mobile_log_d, there is a possible symbolic link following due to an improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interact ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：22 | 回复：0
CVE-2022-20069

In preloader (usb), there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：19 | 回复：0
CVE-2022-20070

In ssmr, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：31 | 回复：0
CVE-2022-20071

In ccu, there is a possible escalation of privilege due to a missing certificate validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：21 | 回复：0
CVE-2022-20072

In search engine service, there is a possible way to change the default search engine due to an incorrect comparison. This could lead to local escalation of privilege with System execution privileges ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：25 | 回复：0