CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-0024

A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated network-based PAN-OS administrator to upload a specifically created configuration that disrupts system proces ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：30 | 回复：0
CVE-2022-0025

A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows r ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：31 | 回复：0
CVE-2022-0026

A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows r ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：35 | 回复：0
CVE-2022-0027

An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an email report that contains summary information abo ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：32 | 回复：0
CVE-2021-28290

A cross-site scripting (XSS) vulnerability in Skoruba IdentityServer4.Admin before 2.0.0 via unencoded value passed to the data-secret-value parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：31 | 回复：0
CVE-2021-31330

A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editin ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：29 | 回复：0
CVE-2021-33315

The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper valid ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：34 | 回复：0
CVE-2021-33316

The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper valid ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：43 | 回复：0
CVE-2021-33317

The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from a null pointer dereference vulnerability. This vulnerability exists in its lldp related component. Due to fail to check ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：50 | 回复：0
CVE-2021-34085

Read access violation in the III_dequantize_sample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：41 | 回复：0
CVE-2021-36613

Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the ptp process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：47 | 回复：0
CVE-2021-36614

Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the tr069-client process. An authenticated remote attacker can cause a Denial of Service (NULL pointer derefere ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：47 | 回复：0
CVE-2021-42646

XML External Entity (XXE) vulnerability in the file based service provider creation feature of the Management Console in WSO2 API Manager 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; and WSO2 IS as Key Mana ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：76 | 回复：0
CVE-2021-42648

Cross-site scripting (XSS) vulnerability exists in Coder Code-Server before 3.12.0, allows attackers to execute arbitrary code via crafted URL.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：94 | 回复：0
CVE-2022-24101

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensiti ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：77 | 回复：0
CVE-2022-24102

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code exec ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:34 | 阅读：86 | 回复：0
CVE-2022-27903

An OS Command Injection vulnerability in the configuration parser of Eve-NG Professional through 4.0.1-65 and Eve-NG Community through 2.0.3-112 allows a remote authenticated attacker to execute comma ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：65 | 回复：0
CVE-2022-28066

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-26280. Reason: This candidate is a duplicate of CVE-2022-26280. Notes: All CVE users should reference CVE-2022-26280 instead of this ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：13 | 回复：0
CVE-2022-28067

An incorrect access control issue in Sandboxie Classic v5.55.13 allows attackers to cause a Denial of Service (DoS) in the Sandbox via a crafted executable.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：20 | 回复：0
CVE-2022-28076

Seacms v11.6 was discovered to contain a remote command execution (RCE) vulnerability via the Mail Server Settings.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：18 | 回复：0
CVE-2022-28081

A reflected cross-site scripting (XSS) vulnerability in the component Query.php of arPHP v3.6.0 allows attackers to execute arbitrary web scripts.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：18 | 回复：0
CVE-2022-28082

Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the list parameter at /goform/SetNetControlList.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：16 | 回复：0
CVE-2022-28090

Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forgery (SSRF) via /cmscp/ext/collect/fetch_url.do?url=.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：15 | 回复：0
CVE-2022-28099

Poultry Farm Management System v1.0 was discovered to contain a SQL injection vulnerability via the Item parameter at /farm/store.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：18 | 回复：0
CVE-2022-28508

An XSS issue was discovered in browser_search_plugin.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：36 | 回复：0
CVE-2022-27461

In nopCommerce 4.50.1, an open redirect vulnerability can be triggered by luring a user to authenticate to a nopCommerce page by clicking on a crafted link.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：26 | 回复：0
CVE-2022-28487

Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. The highest threat from this vulnerability is to data confidentiality.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：20 | 回复：0
CVE-2022-28488

The function wav_format_write in libwav.c in libwav through 2017-04-20 has an Use of Uninitialized Variable vulnerability.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：18 | 回复：0
CVE-2022-28512

A SQL injection vulnerability exists in Sourcecodester Fantastic Blog CMS 1.0 . An attacker can inject query in /fantasticblog/single.php via the id=5 parameters.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：21 | 回复：0
CVE-2022-28552

Cscms 4.1 is vulnerable to SQL Injection. Log into the background, open the song module, create a new song, delete it to the recycle bin, and SQL injection security problems will occur when emptying t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：21 | 回复：0
CVE-2022-28568

Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel. An attacker can obtain remote command execution just by knowing th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：22 | 回复：0
CVE-2022-28806

An issue was discovered on certain Fujitsu LIEFBOOK devices (A3510, U9310, U7511/U7411/U7311, U9311, E5510/E5410, U7510/U7410/U7310, E459/E449) with BIOS versions before v1.09 (A3510), v2.17 (U9310), ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：23 | 回复：0
CVE-2022-29347

An arbitrary file upload vulnerability in Web@rchiv 1.0 allows attackers to execute arbitrary commands via a crafted PHP file.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：26 | 回复：0
CVE-2022-29950

** DISPUTED ** Experian Hunter 1.16 allows remote authenticated users to modify assumed-immutable elements via the (1) rule name parameter to the Rules page or the (2) subrule name or (3) categories n ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：24 | 回复：0
CVE-2021-20051

SonicWall Global VPN Client 4.10.7.1117 installer (32-bit and 64-bit) and earlier versions have a DLL Search Order Hijacking vulnerability in one of the installer components. Successful exploitation v ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：31 | 回复：0
CVE-2021-41020

An improper access control vulnerability in FortiIsolator versions 2.3.2 and below may allow an authenticated, non privileged attacker to regenerate the CA certificate via the regeneration URL.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：30 | 回复：0
CVE-2021-41032

An improper access control vulnerability in FortiOS versions 6.4.8 and prior and 7.0.3 and prior may allow an authenticated attacker with a restricted user profile to gather sensitive information and ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：41 | 回复：0
CVE-2021-43206

A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.x, 6.0.x and FortiProxy 7.0.0 through 7.0.1, 2.0.x allows malicious ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：65 | 回复：0
CVE-2022-23443

An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：66 | 回复：0
CVE-2022-28556

Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin is vulnerable to Buffer Overflow. The stack overflow vulnerability lies in the /goform/setpptpservercfg interface of the web. The sent post data s ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：55 | 回复：0