CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-1428

An issue has been discovered in GitLab affecting all versions before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was incorrectly veri ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：33 | 回复：0
CVE-2022-1433

An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. Missing ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：42 | 回复：0
CVE-2022-1460

An issue has been discovered in GitLab affecting all versions starting from 9.2 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab wa ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：36 | 回复：0
CVE-2022-1510

An issue has been discovered in GitLab affecting all versions starting from 13.9 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab w ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：33 | 回复：0
CVE-2022-1545

It was possible to disclose details of confidential notes created via the API in Gitlab CE/EE affecting all versions from 13.2 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1 if an u ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：32 | 回复：0
CVE-2022-1622

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sour ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：33 | 回复：0
CVE-2022-1623

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sour ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：30 | 回复：0
CVE-2022-27656

The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：33 | 回复：0
CVE-2022-28214

During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：32 | 回复：0
CVE-2022-28774

Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：29 | 回复：0
CVE-2022-29610

SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete (theme) data, which could result in Stored Cross-Site Scripting (XSS) attack.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：41 | 回复：0
CVE-2022-29611

SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：28 | 回复：0
CVE-2022-29613

Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number. On successful exploitation, the attacker can view person ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：25 | 回复：0
CVE-2022-29897

On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the traceroute utility integrated in the WebUI to execute arbitrary code with root privileges on the OS due to an imprope ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：29 | 回复：0
CVE-2022-29898

On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the configuration file uploader in the WebUI to execute arbitrary code with root privileges on the OS due to an improper ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：31 | 回复：0
CVE-2021-38969

IBM Spectrum Virtualize 8.2, 8.3, and 8.4 could allow an attacker to allow unauthorized access due to the reuse of support generated credentials. IBM X-Force ID: 212609.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：27 | 回复：0
CVE-2021-39059

IBM Jazz Foundation (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：28 | 回复：0
CVE-2021-3611

A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：28 | 回复：0
CVE-2021-43066

A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below, version 6.4.6 and below, version 6.2.9 and below, version 6.0.10 and below allows attacker to escalate p ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：29 | 回复：0
CVE-2022-22320

IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：29 | 回复：0
CVE-2022-22975

An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. An attack would involve the malicious user changing the common name (C ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：28 | 回复：0
CVE-2022-23137

ZTE's ZXCDN product has a reflective XSS vulnerability. The attacker could modify the parameters in the content clearing request url, and when a user clicks the url, an XSS attack will be triggere ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：28 | 回复：0
CVE-2022-23743

Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：32 | 回复：0
CVE-2022-29616

SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：33 | 回复：0
CVE-2021-26339

A bug in AMD CPU’s core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denial of service. AMD believes the specific ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：25 | 回复：0
CVE-2021-26342

In SEV guest VMs, the CPU may fail to flush the Translation Lookaside Buffer (TLB) following a particular sequence of operations that includes creation of a new virtual machine control block (VMCB). T ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：32 | 回复：0
CVE-2021-26347

TOCTOU (time-of-check to time-of-use) issue in the System Management Unit (SMU) may result in a DMA (Direct Memory Access) to invalid DRAM address that could result in denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：41 | 回复：0
CVE-2021-26348

Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential los ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：42 | 回复：0
CVE-2021-26349

Failure to assign a new report ID to an imported guest may potentially result in an SEV-SNP guest VM being tricked into trusting a dishonest Migration Agent (MA).……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：42 | 回复：0
CVE-2021-26350

A TOCTOU race condition in SMU may allow for the caller to obtain and manipulate the address of a message port register which may result in a potential denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：55 | 回复：0
CVE-2021-26364

Insufficient bounds checking in an SMU mailbox register could allow an attacker to potentially read outside of the SRAM address range which could result in an exception handling leading to a potential ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：44 | 回复：0
CVE-2021-26372

Insufficient bound checks related to PCIE in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：36 | 回复：0
CVE-2021-26373

Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：38 | 回复：0
CVE-2021-26375

Insufficient General Purpose IO (GPIO) bounds check in System Management Unit (SMU) may result in access/updates from/to invalid address space that could result in denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：41 | 回复：0
CVE-2021-26376

Insufficient checks in System Management Unit (SMU) FeatureConfig may result in reenabling features potentially resulting in denial of resources and/or denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：32 | 回复：0
CVE-2021-26378

Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：31 | 回复：0
CVE-2021-26388

Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：32 | 回复：0
CVE-2021-26400

AMD processors may speculatively re-order load instructions which can result in stale data being observed when multiple processors are operating on shared memory, resulting in potential data leakage.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：31 | 回复：0
CVE-2021-30361

The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：32 | 回复：0
CVE-2021-46744

An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV guest on AMD CPUs by monitoring ciphertext values over time.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：26 | 回复：0