CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-1840

A vulnerability, which was classified as problematic, has been found in Home Clean Services Management System 1.0. This issue affects register.php?link=registerand. The manipulation with the input scr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：59 | 回复：0
CVE-2022-26531

Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP s ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：76 | 回复：0
CVE-2022-26532

A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP se ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：82 | 回复：0
CVE-2021-42659

There is a buffer overflow vulnerability in the Web server httpd of the router in Tenda router devices such as Tenda AC9 V1.0 V15.03.02.19(6318) and Tenda AC9 V3.0 V15.03.06.42_multi. When setting the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：87 | 回复：0
CVE-2021-42654

SiteServer CMS V5.1 is affected by an unrestricted upload of a file with dangerous type (getshell), which could be used to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：64 | 回复：0
CVE-2021-42655

SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：61 | 回复：0
CVE-2021-42656

SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vulnerability.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：69 | 回复：0
CVE-2022-1848

Business Logic Errors in GitHub repository erudika/para prior to 1.45.11.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：82 | 回复：0
CVE-2022-30454

Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_product.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：55 | 回复：0
CVE-2022-30455

Badminton Center Management System 1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_court_rental, id.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：62 | 回复：0
CVE-2022-30456

Badminton Center Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /bcms/classes/Master.php?f=save_court_rental.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：55 | 回复：0
CVE-2022-30458

Automotive Shop Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /asms/classes/Master.php?f=save_product, name.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：49 | 回复：0
CVE-2022-30459

ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to SQL Injection via /simple_chat_bot/classes/Master.php?f=delete_response, id.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：30 | 回复：0
CVE-2022-30460

Simple Social Networking Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /sns/classes/Users.php?f=save, firstname.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：25 | 回复：0
CVE-2022-30461

Water-billing-management-system v1.0 is vulnerable to SQL Injection via /wbms/classes/Master.php?f=delete_client, id……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：28 | 回复：0
CVE-2022-30462

Water-billing-management-system v1.0 is affected by: Cross Site Scripting (XSS) via /wbms/classes/Users.php?f=save, firstname.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：28 | 回复：0
CVE-2022-30463

Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_product.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：25 | 回复：0
CVE-2022-30464

ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to Cross Site Scripting (XSS) via /simple_chat_bot/classes/Master.php?f=save_response.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：23 | 回复：0
CVE-2022-30837

Toll-tax-management-system v1.0 is vulnerable to Cross Site Scripting (XSS) via /ttms/classes/Master.php?f=save_recipient, vehicle_name.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：19 | 回复：0
CVE-2021-42248

GJSON = 1.9.2 allows attackers to cause a redos via crafted JSON input.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：19 | 回复：0
CVE-2021-44975

radareorg radare2 5.5.2 is vulnerable to Buffer Overflow via /libr/core/anal_objc.c mach-o parser.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：20 | 回复：0
CVE-2021-45914

In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a POST request. This allows the attacker's session to be authenticated as any registered LuxCal user, includ ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：13 | 回复：0
CVE-2021-45915

In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a cookie value. This allows the attacker's session to be authenticated as any registered LuxCal user, includ ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：17 | 回复：0
CVE-2022-1850

Path Traversal in GitHub repository filegator/filegator prior to 7.8.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：17 | 回复：0
CVE-2022-22306

An improper certificate validation vulnerability in FortiOS 6.0.0 through 6.0.14, 6.2.0 through 6.2.10, 6.4.0 through 6.4.8, 7.0.0 may allow a network adjacent and unauthenticated attacker to man-in- ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：22 | 回复：0
CVE-2022-29217

PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：34 | 回复：0
CVE-2022-29219

Lodestar is a TypeScript implementation of the Ethereum Consensus specification. Prior to version 0.36.0, there is a possible consensus split given maliciously-crafted `AttesterSlashing` or `ProposerS ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：36 | 回复：0
CVE-2022-29221

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：39 | 回复：0
CVE-2022-29223

Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. In versions prior to 6.1.10, an attacker can cause a buffer overflow by providing the Azure RTOS USBX host stack a HUB descri ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：41 | 回复：0
CVE-2022-29237

Opencast is a free and open source solution for automated video capture and distribution at scale. Prior to Opencast 10.14 and 11.7, users could pass along URLs for files belonging to organizations ot ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：57 | 回复：0
CVE-2022-29242

GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. TLS clients using GOST engine when ciphersuite `TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC` is agreed and ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：30 | 回复：0
CVE-2022-29246

Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. Prior to version 6.1.11, he USBX DFU UPLOAD functionality may be utilized to introduce a buffer overflow resulting in overwri ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：27 | 回复：0
CVE-2022-29567

The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 throu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：27 | 回复：0
CVE-2022-30457

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：18 | 回复：0
CVE-2022-30838

Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=update_application_status……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：20 | 回复：0
CVE-2022-30839

Room-rent-portal-site v1.0 is vulnerable to Cross Site Scripting (XSS) via /rrps/classes/Master.php?f=save_category, vehicle_name.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：18 | 回复：0
CVE-2022-30842

Covid-19 Travel Pass Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ctpms/classes/Users.php?f=save, firstname.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：19 | 回复：0
CVE-2022-30843

Room-rent-portal-site v1.0 is vulnerable to SQL Injection via /rrps/classes/Master.php?f=delete_category, id.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：13 | 回复：0
CVE-2022-31261

An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. A successful attack requires a SAML identity provider to be configured. In order to exploit the vulnerability, the attac ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：13 | 回复：0
CVE-2013-10002

A vulnerability was found in Telecommunication Software SAMwin Contact Center Suite 5.1. It has been rated as critical. Affected by this issue is the function getCurrentDBVersion in the library SAMwin ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：20 | 回复：0