CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-27480

A vulnerability has been identified in SICAM A8000 CP-8031 (All versions V4.80), SICAM A8000 CP-8050 (All versions V4.80). Affected devices do not require an user to be authenticated to access certa ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：30 | 回复：0
CVE-2022-27481

A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions V3.0.0), SCALANCE W1788-2 EEC M12 (All versions V3.0.0), SCALANCE W1788-2 M12 (All versions V3.0.0), SCALANCE W1788-2IA M12 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：27 | 回复：0
CVE-2022-28328

A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions V3.0.0), SCALANCE W1788-2 EEC M12 (All versions V3.0.0), SCALANCE W1788-2 M12 (All versions V3.0.0), SCALANCE W1788-2IA M12 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：22 | 回复：0
CVE-2022-28329

A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions V3.0.0), SCALANCE W1788-2 EEC M12 (All versions V3.0.0), SCALANCE W1788-2 M12 (All versions V3.0.0), SCALANCE W1788-2IA M12 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：24 | 回复：0
CVE-2022-28661

A vulnerability has been identified in Simcenter Femap (All versions V2022.1.2). The affected application contains an out of bounds read past the end of an allocated buffer while parsing specially cr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：28 | 回复：0
CVE-2022-28662

A vulnerability has been identified in Simcenter Femap (All versions V2022.1.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：24 | 回复：0
CVE-2022-28663

A vulnerability has been identified in Simcenter Femap (All versions V2022.1.2). The affected application contains an out of bounds write past the end of an allocated structure while parsing speciall ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：28 | 回复：0
CVE-2022-0140

The Visual Form Builder WordPress plugin before 3.0.8 does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：29 | 回复：0
CVE-2022-0141

The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：30 | 回复：0
CVE-2022-0142

The Visual Form Builder WordPress plugin before 3.0.8 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：46 | 回复：0
CVE-2022-0878

Electric Vehicle (EV) commonly utilises the Combined Charging System (CCS) for DC rapid charging. To exchange important messages such as the State of Charge (SoC) with the Electric Vehicle Supply Equi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：51 | 回复：0
CVE-2022-24247

RiteCMS version 3.1.0 and below suffers from an arbitrary file overwrite via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to overwrite any ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：47 | 回复：0
CVE-2022-24248

RiteCMS version 3.1.0 and below suffers from an arbitrary file deletion via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to delete any fil ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：40 | 回复：0
CVE-2021-32040

It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage. If an ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：33 | 回复：0
CVE-2021-31805

The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evalua ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：30 | 回复：0
CVE-2021-42255

AppGuard Enterprise before 6.7.100.1 creates a Temporary File in a Directory with Insecure Permissions. Local users can gain SYSTEM privileges because a repair operation relies on the %TEMP% directory ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：24 | 回复：0
CVE-2022-21803

This affects the package nconf before 0.11.4. When using the memory engine, it is possible to store a nested JSON representation of the configuration. The .set() function, that is responsible for sett ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：33 | 回复：0
CVE-2022-27161

Csz Cms 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_viewUsers……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：33 | 回复：0
CVE-2022-27162

CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_editUser……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：28 | 回复：0
CVE-2022-27163

CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_editUser……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：32 | 回复：0
CVE-2022-27164

CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_viewUsers……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：46 | 回复：0
CVE-2022-27165

CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Plugin_manager_setstatus……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：52 | 回复：0
CVE-2022-27472

SQL injection vulnerability in Topics Counting feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the s parameter remotely.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：60 | 回复：0
CVE-2022-27473

SQL injection vulnerability in Topics Searching feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the s parameter remotely.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：49 | 回复：0
CVE-2022-27902

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-1215. Reason: This issue was MERGED into CVE-2022-1215 in accordance with CVE content decisions, because it is the same type of vuln ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：72 | 回复：0
CVE-2022-28032

AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_pages.php……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：70 | 回复：0
CVE-2022-28033

Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_uploads.php……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：70 | 回复：0
CVE-2022-28034

AtomCMS 2.0 is vulnerabie to SQL Injection via Atom.CMS_admin_ajax_list-sort.php……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：74 | 回复：0
CVE-2022-28035

Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_blur-save.php……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：85 | 回复：0
CVE-2022-28036

AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_navigation.php……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：82 | 回复：0
CVE-2021-0694

In setServiceForegroundInnerLocked of ActiveServices.java, there is a possible way for a background application to regain foreground permissions due to insufficient background restrictions. This could ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：121 | 回复：0
CVE-2021-0707

In dma_buf_release of dma-buf.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：273 | 回复：0
CVE-2021-36914

Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected Cross-Site Scripting (XSS) in CalderaWP License Manager (WordPress plugin) = 1.2.11.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：116 | 回复：0
CVE-2021-39794

In broadcastPortInfo of AdbService.java, there is a possible way for apps to run code as the shell user, if wireless debugging is enabled, due to a missing permission check. This could lead to local e ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：77 | 回复：0
CVE-2021-39795

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: Pulled from Android ASB#2022-04 publication (https://source.android.com/securit ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：57 | 回复：0
CVE-2021-39796

In HarmfulAppWarningActivity of HarmfulAppWarningActivity.java, there is a possible way to trick victim to install harmful app due to a tapjacking/overlay attack. This could lead to local escalation o ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：49 | 回复：0
CVE-2021-39797

In several functions of of LauncherApps.java, there is a possible escalation of privilege due to a logic error in the code. This could lead to local escalation of privilege with no additional executio ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：47 | 回复：0
CVE-2021-39798

In Bitmap_createFromParcel of Bitmap.cpp, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges ne ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：53 | 回复：0
CVE-2021-39799

In AttributionSource of AttributionSource.java, there is a possible permission bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution pr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：65 | 回复：0
CVE-2021-39800

In ion_ioctl of ion-ioctl.c, there is a possible way to leak kernel head data due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. U ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：84 | 回复：0