CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-24417

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during S ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：17 | 回复：0
CVE-2022-24418

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during S ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：17 | 回复：0
CVE-2022-24422

Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gai ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：18 | 回复：0
CVE-2022-26857

Dell OpenManage Enterprise Versions 3.8.3 and prior contain an improper authorization vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerabilit ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：17 | 回复：0
CVE-2022-26865

Dell Support Assist OS Recovery versions before 5.5.2 contain an Authentication Bypass vulnerability. An unauthenticated attacker with physical access to the system may exploit this vulnerability by b ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：17 | 回复：0
CVE-2022-29082

Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0.x, 19.2.1.x 19.3.x, 19.3.0.x, 19.4.x, 19.4.0.x, 19.5.x,19.5.0.x, 19.6 and 19.6.0.1 and 19.6.0.2 contain an Improper Validation of ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：16 | 回复：0
CVE-2022-29091

Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere GUI. An Unauthenticated Remote Attacker could potentiall ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：18 | 回复：0
CVE-2022-30472

Tenda AC Seris Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in function fromAddressNat……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：15 | 回复：0
CVE-2022-30473

Tenda AC Series Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in function form_fast_setting_wifi_set……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：15 | 回复：0
CVE-2022-30474

Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a heap overflow in the httpd module when handling /goform/saveParentControlInfo request.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：17 | 回复：0
CVE-2022-30475

Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/WifiExtraSet request.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：16 | 回复：0
CVE-2022-30476

Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetFirewallCfg request.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：18 | 回复：0
CVE-2022-30477

Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetClientState request.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：28 | 回复：0
CVE-2022-30500

Jfinal cms 5.1.0 is vulnerable to SQL Injection.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：29 | 回复：0
CVE-2022-30783

An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：37 | 回复：0
CVE-2022-30784

A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：29 | 回复：0
CVE-2022-30785

A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：31 | 回复：0
CVE-2022-30786

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：30 | 回复：0
CVE-2022-30787

An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：27 | 回复：0
CVE-2022-30788

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：25 | 回复：0
CVE-2022-30789

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：23 | 回复：0
CVE-2021-33014

An attacker can gain VxWorks Shell after login due to hard-coded credentials on a KUKA KR C4 control software for versions prior to 8.7 or any product running KSS.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：20 | 回复：0
CVE-2021-33016

An attacker can gain full access (read/write/delete) to sensitive folders due to hard-coded credentials on KUKA KR C4 control software for versions prior to 8.7 or any product running KSS.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：23 | 回复：0
CVE-2021-4232

A vulnerability classified as problematic has been found in Zoo Management System 1.0. Affected is an unknown function of the file admin/manage-ticket.php. The manipulation with the input scriptalert( ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：25 | 回复：0
CVE-2022-1261

Matrikon, a subsidary of Honeywell Matrikon OPC Server (all versions) is vulnerable to a condition where a low privileged user allowed to connect to the OPC server to use the functions of the IPersisF ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：25 | 回复：0
CVE-2022-1882

A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. Thi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：23 | 回复：0
CVE-2022-1899

Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：28 | 回复：0
CVE-2022-21827

An improper privilege vulnerability has been discovered in Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows) 21.9.1.2 what could allow an attacker who has gained local access to a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：29 | 回复：0
CVE-2022-21831

A code injection vulnerability exists in the Active Storage = v5.2.0 that could allow an attacker to execute code via image_processing arguments.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：32 | 回复：0
CVE-2022-22576

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was aut ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：29 | 回复：0
CVE-2022-22577

An XSS Vulnerability in Action Pack = 5.2.0 and 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：29 | 回复：0
CVE-2022-27777

A XSS Vulnerability in Action View tag helpers = 5.2.0 and 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：27 | 回复：0
CVE-2022-30493

In oretnom23 Automotive Shop Management System v1.0, the product id parameter suffers from a blind SQL Injection Vulnerability allowing remote attackers to dump all database credential and gain admin ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：27 | 回复：0
CVE-2022-30494

In oretnom23 Automotive Shop Management System v1.0, the first and last name user fields suffer from a stored XSS Injection Vulnerability allowing remote attackers to gain admin access and view intern ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：31 | 回复：0
CVE-2022-30495

In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR - Broken Access Control allowing attackers to change the admin password(vertical privilege escalation)……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：31 | 回复：0
CVE-2022-30516

In Hospital-Management-System v1.0, the editid parameter in the doctor.php page is vulnerable to SQL injection attacks.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：28 | 回复：0
CVE-2022-22616

This issue was addressed with improved checks. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A maliciously crafted ZIP archive may bypass Gatekee ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：41 | 回复：0
CVE-2022-22662

A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may d ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：43 | 回复：0
CVE-2022-22663

This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-004 Catalina, macOS Monterey 12.3, macOS Big Sur 11 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：47 | 回复：0
CVE-2022-22672

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：99 | 回复：0