CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-24039

A vulnerability has been identified in Desigo PXC4 (All versions V02.20.142.10-10884), Desigo PXC5 (All versions V02.20.142.10-10884). The “addCell” JavaScript function fails to properly sanitize ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：32 | 回复：0
CVE-2022-24040

A vulnerability has been identified in Desigo DXR2 (All versions V01.21.142.5-22), Desigo PXC3 (All versions V01.21.142.4-18), Desigo PXC4 (All versions V02.20.142.10-10884), Desigo PXC5 (All versi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：29 | 回复：0
CVE-2022-24041

A vulnerability has been identified in Desigo DXR2 (All versions V01.21.142.5-22), Desigo PXC3 (All versions V01.21.142.4-18), Desigo PXC4 (All versions V02.20.142.10-10884), Desigo PXC5 (All versi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：28 | 回复：0
CVE-2022-24042

A vulnerability has been identified in Desigo DXR2 (All versions V01.21.142.5-22), Desigo PXC3 (All versions V01.21.142.4-18), Desigo PXC4 (All versions V02.20.142.10-10884), Desigo PXC5 (All versi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：29 | 回复：0
CVE-2021-42645

CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnerability. To exploit this vulnerability, an attacker must use the File parameter to upload a PHP payload to get a reverse shell from ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：30 | 回复：0
CVE-2021-43094

An SQL Injection vulnerability exists in OpenMRS Reference Application Standalone Edition =2.11 and Platform Standalone Edition =2.4.0 via GET requests on arbitrary parameters in patient.page.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：35 | 回复：0
CVE-2022-28110

Hotel Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at the login page.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：33 | 回复：0
CVE-2022-29591

Tenda TX9 Pro 22.03.02.10 devices have a SetNetControlList buffer overflow.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：29 | 回复：0
CVE-2022-1397

API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Full system takeover.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：32 | 回复：0
CVE-2022-1537

file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：48 | 回复：0
CVE-2022-1621

Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possib ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：54 | 回复：0
CVE-2022-1629

Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：70 | 回复：0
CVE-2022-28895

A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：56 | 回复：0
CVE-2022-28896

A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：50 | 回复：0
CVE-2022-28901

A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：38 | 回复：0
CVE-2022-28905

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicemac parameter in /setting/setDeviceName.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：40 | 回复：0
CVE-2022-28906

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the langtype parameter in /setting/setLanguageCfg.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：19 | 回复：0
CVE-2022-28907

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the hosttime function in /setting/NTPSyncWithHost.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：27 | 回复：0
CVE-2022-28908

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the ipdoamin parameter in /setting/setDiagnosisCfg.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：24 | 回复：0
CVE-2022-28909

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the webwlanidx parameter in /setting/setWebWlanIdx.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：22 | 回复：0
CVE-2022-28910

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicename parameter in /setting/setDeviceName.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：25 | 回复：0
CVE-2022-28911

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/CloudACMunualUpdate.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：30 | 回复：0
CVE-2022-28912

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：40 | 回复：0
CVE-2022-28913

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：49 | 回复：0
CVE-2022-28915

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：63 | 回复：0
CVE-2022-29321

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the lanip parameter in /goform/setNetworkLan.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：75 | 回复：0
CVE-2022-29322

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the IPADDR and nvmacaddr parameters in /goform/form2Dhcpip.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：72 | 回复：0
CVE-2022-29323

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the MAC parameter in /goform/editassignment.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：139 | 回复：0
CVE-2022-29324

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the proto parameter in /goform/form2IPQoSTcAdd.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：73 | 回复：0
CVE-2022-29325

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addurlfilter parameter in /goform/websURLFilter.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：52 | 回复：0
CVE-2022-29326

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addhostfilter parameter in /goform/websHostFilter.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：66 | 回复：0
CVE-2022-29327

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the urladd parameter in /goform/websURLFilterAddDel.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：56 | 回复：0
CVE-2022-29328

D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a stack overflow via the function checkvalidupgrade.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：50 | 回复：0
CVE-2022-29329

D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a heap overflow via the devicename parameter in /goform/setDeviceSettings.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：64 | 回复：0
CVE-2022-26987

TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MmtAtePrase` function. Local users could get remote code execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：78 | 回复：0
CVE-2022-26988

TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MntAte` function. Local users could get remote code execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：79 | 回复：0
CVE-2021-39024

IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intende ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：196 | 回复：0
CVE-2022-22454

IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：58 | 回复：0
CVE-2022-1649

Null pointer dereference in libr/bin/format/mach0/mach0.c in radareorg/radare2 in GitHub repository radareorg/radare2 prior to 5.7.0. It is likely to be exploitable. For more general description of he ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：51 | 回复：0
CVE-2022-22774

The DOM XML parser and SAX XML parser components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Intern ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：48 | 回复：0