CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-29491

On F5 BIG-IP LTM, Advanced WAF, ASM, or APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and all versions of 13.1.x, 12.1.x, and 11.6.x, when ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：170 | 回复：0
CVE-2022-29500

SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：104 | 回复：0
CVE-2022-29501

SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：63 | 回复：0
CVE-2022-29502

SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：56 | 回复：0
CVE-2022-29592

Tenda TX9 Pro 22.03.02.10 devices allow OS command injection via set_route (called by doSystemCmd_route).……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：45 | 回复：0
CVE-2021-25267

Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 19.0 GA.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：33 | 回复：0
CVE-2021-25268

Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than version 19.0 GA.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：35 | 回复：0
CVE-2022-25989

An authentication bypass vulnerability exists in the libxm_av.so getpeermac() functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted DHCP packet can lead to authentication bypass. An att ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：43 | 回复：0
CVE-2022-26073

A denial of service vulnerability exists in the libxm_av.so DemuxCmdInBuffer functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted set of network packets can lead to a device reboot. An ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：39 | 回复：0
CVE-2022-28575

It is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows attackers to execute arbitrary command ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：49 | 回复：0
CVE-2022-28577

It is found that there is a command injection vulnerability in the delParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：48 | 回复：0
CVE-2022-28578

It is found that there is a command injection vulnerability in the setOpenVpnCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：59 | 回复：0
CVE-2022-28579

It is found that there is a command injection vulnerability in the setParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：73 | 回复：0
CVE-2022-28580

It is found that there is a command injection vulnerability in the setL2tpServerCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：64 | 回复：0
CVE-2022-28581

It is found that there is a command injection vulnerability in the setWiFiAdvancedCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary comman ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：100 | 回复：0
CVE-2022-28582

It is found that there is a command injection vulnerability in the setWiFiSignalCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：107 | 回复：0
CVE-2022-28583

It is found that there is a command injection vulnerability in the setWiFiWpsCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：364 | 回复：0
CVE-2022-28584

It is found that there is a command injection vulnerability in the setWiFiWpsStart interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：126 | 回复：0
CVE-2022-27337

A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：66 | 回复：0
CVE-2022-27359

Foxit PDF Reader v11.2.1.53537 was discovered to contain a NULL pointer dereference via the component FoxitPDFReader.exe. This vulnerability allows attackers to cause a Denial of Service (DoS) via a c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：52 | 回复：0
CVE-2022-27360

SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：48 | 回复：0
CVE-2022-27411

TOTOLINK N600R v5.3c.5507_B20171031 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter in the Main function.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：42 | 回复：0
CVE-2022-29176

Rubygems is a package registry used to supply software for the Ruby language ecosystem. Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems ev ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：40 | 回复：0
CVE-2022-29166

matrix-appservice-irc is a Node.js IRC bridge for Matrix. The vulnerability in node-irc allows an attacker to manipulate a Matrix user into executing IRC commands by having them reply to a maliciously ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：27 | 回复：0
CVE-2022-29167

Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：22 | 回复：0
CVE-2022-29172

Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. In versions before `11.33.0`, when the â ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：22 | 回复：0
CVE-2022-29173

go-tuf is a Go implementation of The Update Framework (TUF). go-tuf does not correctly implement the client workflow for updating the metadata files for roles other than the root role. Specifically, c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：20 | 回复：0
CVE-2022-29175

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This candidate was withdrawn. Further investigation showed that it was not a security issue. Notes: Consult https://github.com/ ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：17 | 回复：0
CVE-2022-29535

Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：21 | 回复：0
CVE-2022-24817

Flux2 is an open and extensible continuous delivery solution for Kubernetes. Flux2 versions between 0.1.0 and 0.29.0, helm-controller 0.1.0 to v0.19.0, and kustomize-controller 0.1.0 to v0.23.0 are vu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：19 | 回复：0
CVE-2022-24884

ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_legacy()` does not check whether the signature values `r` and `s` are non-zero. A signature consisting ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：15 | 回复：0
CVE-2022-24899

Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications. In versions of Contao prior to 4.13.3 it is possible to inject code into the canonic ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：13 | 回复：0
CVE-2022-24902

TkVideoplayer is a simple library to play video files in tkinter. Uncontrolled memory consumption in versions of TKVideoplayer prior to 2.0.0 can theoretically lead to performance degradation. There a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：16 | 回复：0
CVE-2022-24903

Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some oth ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：16 | 回复：0
CVE-2022-29161

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The XWiki Crypto API will generate X509 certificates signed by default using SHA1 with RSA, whi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：17 | 回复：0
CVE-2022-29164

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. In affected versions an attacker can create a workflow which produces a HTML artifact c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：17 | 回复：0
CVE-2022-29171

Sourcegraph is a fast and featureful code search and navigation engine. Versions before 3.38.0 are vulnerable to Remote Code Execution in the gitserver service. The Gitolite code host integration with ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：15 | 回复：0
CVE-2021-25745

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules.http.paths.path field of an Ingress object (in the networking.k8s.io or e ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：16 | 回复：0
CVE-2021-25746

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API g ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：16 | 回复：0
CVE-2022-24877

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious `kustomization.yaml` allows an attacker to expose sensitive data ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：15 | 回复：0