CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2013-10003

A vulnerability classified as critical has been found in Telecommunication Software SAMwin Contact Center Suite 5.1. This affects the function getCurrentDBVersion in the library SAMwinLIBVB.dll of the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：22 | 回复：0
CVE-2013-10004

A vulnerability classified as critical was found in Telecommunication Software SAMwin Contact Center Suite 5.1. This vulnerability affects the function passwordScramble in the library SAMwinLIBVB.dll ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：23 | 回复：0
CVE-2014-125001

A vulnerability classified as critical has been found in Cardo Systems Scala Rider Q3. Affected is the file /cardo/api of the Cardo-Updater. Unauthenticated remote code execution with root permissions ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：20 | 回复：0
CVE-2021-4229

A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：19 | 回复：0
CVE-2021-4230

A vulnerability has been found in Airfield Online and classified as problematic. This vulnerability affects the path /backups/ of the MySQL backup handler. An attacker is able to get access to sensiti ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：20 | 回复：0
CVE-2022-1849

Session Fixation in GitHub repository filegator/filegator prior to 7.8.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：20 | 回复：0
CVE-2022-29249

JavaEZ is a library that adds new functions to make Java easier. A weakness in JavaEZ 1.6 allows force decryption of locked text by unauthorized actors. The issue is NOT critical for non-secure applic ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：20 | 回复：0
CVE-2020-4926

A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. I ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：21 | 回复：0
CVE-2022-22309

The POWER systems FSP is vulnerable to unauthenticated logins through the serial port/TTY interface. This vulnerability can be more critical if the serial port is connected to a serial-over-lan device ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：21 | 回复：0
CVE-2022-22495

IBM i 7.3, 7.4, and 7.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：22 | 回复：0
CVE-2021-32962

The AGG Software Web Server version 4.0.40.1014 and prior is vulnerable to cross-site scripting, which may allow an attacker to remotely execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：20 | 回复：0
CVE-2021-32964

The AGG Software Web Server version 4.0.40.1014 and prior is vulnerable to a path traversal attack, which may allow an attacker to read arbitrary files from the file system.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：23 | 回复：0
CVE-2021-32965

Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to type confusion, which may allow an attacker to remotely execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：23 | 回复：0
CVE-2021-32969

Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to an out-of-bounds write condition, which may result in a system crash or allow an attacker to remotely execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：28 | 回复：0
CVE-2022-1669

A buffer overflow vulnerability has been detected in the firewall function of the device management web portal. The device runs a CGI binary (index.cgi) to offer a management web application. Once aut ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：22 | 回复：0
CVE-2021-3597

A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availabili ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：32 | 回复：0
CVE-2021-3629

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat fro ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：60 | 回复：0
CVE-2021-3717

A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat f ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：60 | 回复：0
CVE-2021-42612

A use after free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have other unspecified impact via a crafted text document.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：41 | 回复：0
CVE-2021-42613

A double free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a denial of service or possibly have other unspecified impact via a crafted text document.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：45 | 回复：0
CVE-2021-42614

A use after free in info_width_internal in bk_info.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted text document.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：58 | 回复：0
CVE-2022-22977

VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability. A malicious actor with non-administrative local user privileges in the Windows guest OS, where ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：83 | 回复：0
CVE-2022-23050

ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Bi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：81 | 回复：0
CVE-2022-29333

A vulnerability in CyberLink Power Director v14 allows attackers to escalate privileges via a crafted .exe file.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：208 | 回复：0
CVE-2022-22497

IBM Aspera Faspex 4.4.1 and 5.0.0 could allow unauthorized access due to an incorrectly computed security token. IBM X-Force ID: 226951.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：75 | 回复：0
CVE-2022-29334

An issue in H v1.0 allows attackers to bypass authentication via a session replay attack.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：71 | 回复：0
CVE-2022-29337

C-DATA FD702XW-X-R430 v2.1.13_X001 was discovered to contain a command injection vulnerability via the va_cmd parameter in formlanipv6. This vulnerability allows attackers to execute arbitrary command ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：56 | 回复：0
CVE-2022-29349

kkFileView v4.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：48 | 回复：0
CVE-2022-29358

epub2txt2 v2.04 was discovered to contain an integer overflow via the function bug in _parse_special_tag at sxmlc.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafte ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：40 | 回复：0
CVE-2022-29359

A stored cross-site scripting (XSS) vulnerability in /scas/?page=clubs/application_formid=7 of School Club Application System v0.1 allows attackers to execute arbitrary web scripts or HTML via a craft ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：38 | 回复：0
CVE-2022-29361

** DISPUTED ** Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：38 | 回复：0
CVE-2022-29362

A cross-site scripting (XSS) vulnerability in /navigation/create?ParentID=%23 of ZKEACMS v3.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Parent ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：35 | 回复：0
CVE-2022-29710

A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：28 | 回复：0
CVE-2022-29405

In Apache Archiva, any registered user can reset password for any users. This is fixed in Archiva 2.2.8……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：26 | 回复：0
CVE-2022-1815

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.1.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：21 | 回复：0
CVE-2022-1883

SQL Injection in GitHub repository camptocamp/terraboard prior to 2.2.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：22 | 回复：0
CVE-2022-21951

A Missing Encryption of Sensitive Data vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted via the netw ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：18 | 回复：0
CVE-2021-44974

radareorg radare2 version 5.5.2 is vulnerable to NULL Pointer Dereference via libr/bin/p/bin_symbols.c binary symbol parser.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：21 | 回复：0
CVE-2022-26945

HashiCorp go-getter before 2.0.2 allows Command Injection.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：17 | 回复：0
CVE-2022-28862

In Archibus Web Central before 26.2, multiple SQL Injection vulnerabilities occur in dwr/call/plaincall/workflow.runWorkflowRule.dwr. Through the injection of arbitrary SQL statements, a potential att ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：19 | 回复：0