CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-24878

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious `kustomization.yaml` allows an attacker to cause a Denial of Serv ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：14 | 回复：0
CVE-2022-30293

In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：14 | 回复：0
CVE-2022-30294

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-30293. Reason: This candidate is a duplicate of CVE-2022-30293. Notes: All CVE users should reference CVE-2022-30293 instead of this ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：16 | 回复：0
CVE-2022-30295

uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning. This is related to a reset of a value to 0x2.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：16 | 回复：0
CVE-2022-24823

Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：15 | 回复：0
CVE-2020-19212

SQL Injection vulnerability in admin/group_list.php in piwigo v2.9.5, via the group parameter to delete.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：14 | 回复：0
CVE-2020-19213

SQL Injection vulnerability in cat_move.php in piwigo v2.9.5, via the selection parameter to move_categories.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：17 | 回复：0
CVE-2020-19215

SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=user_perm.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：16 | 回复：0
CVE-2020-19216

SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=group_perm.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：17 | 回复：0
CVE-2020-19217

SQL Injection vulnerability in admin/batch_manager.php in piwigo v2.9.5, via the filter_category parameter to admin.php?page=batch_manager.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：19 | 回复：0
CVE-2022-28969

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGusetBasic. This vulnerability allows attackers to cause a Denial of Service (D ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：21 | 回复：0
CVE-2022-28970

Tenda AX1806 v1.0.0.1 was discovered to contain a heap overflow via the mac parameter in the function GetParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS).……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：17 | 回复：0
CVE-2022-28971

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function fromSetIpMacBind. This vulnerability allows attackers to cause a Denial of Service (DoS).……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：23 | 回复：0
CVE-2022-28972

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the timeZone parameter in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：22 | 回复：0
CVE-2022-28973

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the wanMTU parameter in the function fromAdvSetMacMtuWan. This vulnerability allows attackers to cause a Denial of Service (DoS).……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：20 | 回复：0
CVE-2022-28005

An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the serve ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：23 | 回复：0
CVE-2021-39023

IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information co ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：19 | 回复：0
CVE-2021-39027

IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. A ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：22 | 回复：0
CVE-2022-21934

Under certain circumstances an authenticated user could lock other users out of the system or take over their accounts in Metasys ADS/ADX/OAS server 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：26 | 回复：0
CVE-2022-28163

In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an attacker to run arbitrary SQL commands.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：22 | 回复：0
CVE-2022-28164

Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passw ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：22 | 回复：0
CVE-2021-26253

A potential vulnerability in Splunk Enterprise's implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions before 8.1.6. The potential vulnerability impacts ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：22 | 回复：0
CVE-2021-31559

A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability imp ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：21 | 回复：0
CVE-2021-33845

The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress ve ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：20 | 回复：0
CVE-2021-36912

Stored Cross-Site Scripting (XSS) vulnerability in Andrea Pernici News Sitemap for Google plugin = 1.0.16 on WordPress, attackers must have contributor or higher user role.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：19 | 回复：0
CVE-2021-42743

A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：21 | 回复：0
CVE-2022-1053

Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating the integrity quote. This allows ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：21 | 回复：0
CVE-2022-26070

When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. The vulnerability impact ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：19 | 回复：0
CVE-2022-26889

In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：17 | 回复：0
CVE-2022-27183

The Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query parameter in Splunk Enterprise versions before 8.1.4. The Monitoring Console app is a bundled app includ ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：18 | 回复：0
CVE-2022-28165

A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources that they should not be able ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：15 | 回复：0
CVE-2022-28507

Dragon Path Technologies Bharti Airtel Routers Hardware BDT-121 version 1.0 is vulnerable to Cross Site Scripting (XSS) via Dragon path router admin page.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：20 | 回复：0
CVE-2022-28545

FUDforum 3.1.1 is vulnerable to Stored XSS.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：19 | 回复：0
CVE-2022-29420

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Adam Skaat's Countdown Clock plugin = 2.3.2 at WordPress via ycd-circle-countdown-before-countdown and ycd-circle-countdo ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：19 | 回复：0
CVE-2022-29421

Reflected Cross-Site Scripting (XSS) vulnerability in Adam Skaat's Countdown Clock plugin on WordPress via ycd_type vulnerable parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：19 | 回复：0
CVE-2019-12254

In multiple Tecson Tankspion and GOKs SmartBox 4 products the affected application doesn't properly restrict access to an endpoint that is responsible for saving settings, to a unauthenticated use ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：16 | 回复：0
CVE-2021-27751

HCL Commerce is affected by an Insufficient Session Expiration vulnerability. After the session expires, in some circumstances, parts of the application are still accessible.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：29 | 回复：0
CVE-2021-27758

There is a security vulnerability in login form related to Cross-site Request Forgery which prevents user to login after attacker spam to login and system blocked victim's account.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：20 | 回复：0
CVE-2021-27759

This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally. An attacker can cause a victim's brows ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：25 | 回复：0
CVE-2021-27760

An issue was discovered in the Sametime chat feature in the Notes 11.0 - 11.0.1 FP4 clients. An authenticated Sametime chat user could cause Remote Code Execution on another chat client by sending a s ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:33 | 阅读：25 | 回复：0