CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-32934

The affected ThroughTek P2P products (SDKs using versions before 3.1.5, any versions with nossl tag, device firmware not using AuthKey for IOTC conneciton, firmware using AVAPI module without enabling ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：18 | 回复：0
CVE-2022-1413

Missing input masking in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 causes potentially ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：17 | 回复：0
CVE-2022-1416

Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：17 | 回复：0
CVE-2022-1423

Improper access control in the CI/CD cache mechanism in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 bef ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：18 | 回复：0
CVE-2022-30617

An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for other admin panel users that have a relationship (e.g., cr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：16 | 回复：0
CVE-2022-30618

An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for API users if content types accessible to the authenticated ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：18 | 回复：0
CVE-2022-28946

An issue in the component ast/parser.go of Open Policy Agent v0.39.0 causes the application to incorrectly interpret every expression, causing a Denial of Service (DoS) via triggering out-of-range mem ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：18 | 回复：0
CVE-2022-28948

An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：19 | 回复：0
CVE-2022-28959

Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：17 | 回复：0
CVE-2022-28960

A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：22 | 回复：0
CVE-2022-28961

Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：23 | 回复：0
CVE-2022-28962

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=delete_client.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：23 | 回复：0
CVE-2022-29304

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /classes/master.php?f=delete_ Facility.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：41 | 回复：0
CVE-2022-29652

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=save_client.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：30 | 回复：0
CVE-2020-4107

HCL Domino is affected by an Insufficient Access Control vulnerability. An authenticated attacker with local access to the system could exploit this vulnerability to attain escalation of privileges, d ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：31 | 回复：0
CVE-2022-21500

Vulnerability in Oracle E-Business Suite (component: Manage Proxies). The supported version that is affected is 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network acce ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：49 | 回复：0
CVE-2022-28964

An arbitrary file write vulnerability in Avast Premium Security before v21.11.2500 (build 21.11.6809.528) allows attackers to cause a Denial of Service (DoS) via a crafted DLL file.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：58 | 回复：0
CVE-2022-28965

Multiple DLL hijacking vulnerabilities via the components instup.exe and wsc_proxy.exe in Avast Premium Security before v21.11.2500 allows attackers to execute arbitrary code or cause a Denial of Serv ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：65 | 回复：0
CVE-2022-28985

A stored cross-site scripting (XSS) vulnerability in the addNewPost component of OrangeHRM v4.10.1 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：95 | 回复：0
CVE-2021-34111

Thecus 4800Eco was discovered to contain a command injection vulnerability via the username parameter in /adm/setmain.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：47 | 回复：0
CVE-2022-28987

ManageEngine ADSelfService Plus v6.1 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：53 | 回复：0
CVE-2022-1754

Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：49 | 回复：0
CVE-2022-1806

Cross-site Scripting (XSS) - Reflected in GitHub repository rtxteam/rtx prior to checkpoint_2022-05-18.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：38 | 回复：0
CVE-2022-25229

Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Server(s)' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the 'webpage ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：31 | 回复：0
CVE-2022-25224

Proton v0.2.0 allows an attacker to create a malicious link inside a markdown file. When the victim clicks the link, the application opens the site in the current frame allowing an attacker to host Ja ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：50 | 回复：0
CVE-2022-25227

Thinfinity VNC v4.0.0.1 contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can trick a user into browse malicious site, to obtain an ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：32 | 回复：0
CVE-2022-30551

OPC UA Legacy Java Stack 2022-04-01 allows a remote attacker to cause a server to stop processing messages by sending crafted messages that exhaust available resources.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：28 | 回复：0
CVE-2022-31215

In certain Goverlan products, the Windows Firewall is temporarily turned off upon a Goverlan agent update operation. This allows remote attackers to bypass firewall blocking rules for a time period of ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：24 | 回复：0
CVE-2022-1784

Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.8.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：20 | 回复：0
CVE-2022-24043

A vulnerability has been identified in Desigo DXR2 (All versions V01.21.142.5-22), Desigo PXC3 (All versions V01.21.142.4-18), Desigo PXC4 (All versions V02.20.142.10-10884), Desigo PXC5 (All versi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：16 | 回复：0
CVE-2022-24044

A vulnerability has been identified in Desigo DXR2 (All versions V01.21.142.5-22), Desigo PXC3 (All versions V01.21.142.4-18), Desigo PXC4 (All versions V02.20.142.10-10884), Desigo PXC5 (All versi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：20 | 回复：0
CVE-2022-24045

A vulnerability has been identified in Desigo DXR2 (All versions V01.21.142.5-22), Desigo PXC3 (All versions V01.21.142.4-18), Desigo PXC4 (All versions V02.20.142.10-10884), Desigo PXC5 (All versi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：19 | 回复：0
CVE-2022-24287

A vulnerability has been identified in SIMATIC PCS 7 V9.0 and earlier (All versions), SIMATIC PCS 7 V9.1 (All versions V9.1 SP1 UC01), SIMATIC WinCC Runtime Professional V16 and earlier (All versions ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：15 | 回复：0
CVE-2022-24290

A vulnerability has been identified in Teamcenter V12.4 (All versions V12.4.0.13), Teamcenter V13.0 (All versions V13.0.0.9), Teamcenter V13.1 (All versions), Teamcenter V13.2 (All versions V13.2.0 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：18 | 回复：0
CVE-2022-26632

Multi-Vendor Online Groceries Management System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /products/view_product.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：19 | 回复：0
CVE-2022-26633

Simple Student Quarterly Result/Grade System v1.0 was discovered to contain a SQL injection vulnerability via /sqgs/Actions.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：19 | 回复：0
CVE-2022-26634

HMA VPN v5.3.5913.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：20 | 回复：0
CVE-2022-27092

Private Internet Access v3.3 contains an unquoted service path which allows attackers to escalate privileges to the system level.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：15 | 回复：0
CVE-2022-27094

Sony PlayMemories Home v6.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：19 | 回复：0
CVE-2022-27095

BattlEye v0.9 contains an unquoted service path which allows attackers to escalate privileges to the system level.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：21 | 回复：0