CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-23061

In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin (although this cannot happen according to the documentation) via Insecure Direct Object Reference (IDOR) vulnerab ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:31 | 阅读：106 | 回复：0
CVE-2021-45025

ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to Cleartext Storage of Sensitive Information in a Cookie.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：27 | 回复：0
CVE-2021-45026

ASG technologies ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to Cross Site Scripting (XSS).……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：24 | 回复：0
CVE-2022-2111

Unrestricted Upload of File with Dangerous Type in GitHub repository inventree/inventree prior to 0.7.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：23 | 回复：0
CVE-2022-2112

Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：26 | 回复：0
CVE-2022-2113

Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inventree prior to 0.7.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：25 | 回复：0
CVE-2022-31296

Online Discussion Forum Site 1 was discovered to contain a blind SQL injection vulnerability via the component /odfs/posts/view_post.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：27 | 回复：0
CVE-2022-31784

A vulnerability in the management interface of MiVoice Business through 9.3 PR1 and MiVoice Business Express through 8.0 SP3 PR3 could allow an unauthenticated attacker (that has network access to the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：34 | 回复：0
CVE-2022-32276

** DISPUTED ** Grafana 8.4.3 allows unauthenticated access via (for example) a /dashboard/snapshot/*?orgId=0 URI. NOTE: the vendor considers this a UI bug, not a vulnerability.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：36 | 回复：0
CVE-2022-33912

A permission issue affects users that deployed the shipped version of the Checkmk Debian package. Packages created by the agent bakery (enterprise editions only) were not affected. Using the shipped v ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：37 | 回复：0
CVE-2022-33915

Versions of the Amazon AWS Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3.5 are affected by a race condition that could lead to a local privilege escalation. This Hotpatch pack ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：31 | 回复：0
CVE-2021-40903

A vulnerability in Antminer Monitor 0.50.0 exists because of backdoor or misconfiguration inside a settings file in flask server. Settings file has a predefined secret string, which would be randomly ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：44 | 回复：0
CVE-2022-31246

paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment request (e.g., within QR code data). On Windows, this can lead to capture of credentials over SMB. On Li ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：58 | 回复：0
CVE-2022-31355

Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/index.php?q=categorysearch=.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：50 | 回复：0
CVE-2022-31356

Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/store/index.php?view=editid=.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：53 | 回复：0
CVE-2022-31357

Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/inventory/index.php?view=editid=.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：80 | 回复：0
CVE-2022-22485

In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator's invalid sign-on count to be incremented on ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：158 | 回复：0
CVE-2022-30607

IBM Robotic Process Automation 20.10.0, 20.12.5, 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow a user to obtain sensitive information due to information properly masked in the c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：96 | 回复：0
CVE-2022-32442

u5cms version 8.3.5 is vulnerable to Cross Site Scripting (XSS). When a user accesses the default home page if the parameter passed in is http://127.0.0.1/? Onmouseover=%27tzgl (96502)%27bad=, it can ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：83 | 回复：0
CVE-2022-32444

An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：55 | 回复：0
CVE-2022-30422

Proietti Tech srl Planet Time Enterprise 4.2.0.1,4.2.0.0,4.1.0.0,4.0.0.0,3.3.1.0,3.3.0.0 is vulnerable to Remote code execution via the Viewstate parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：51 | 回复：0
CVE-2022-21184

An information disclosure vulnerability exists in the License registration functionality of Bachmann Visutec GmbH Atvise 3.5.4, 3.6 and 3.7. A plaintext HTTP request can lead to a disclosure of login ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：40 | 回复：0
CVE-2022-21806

A use-after-free vulnerability exists in the mips_collector appsrv_server functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted set of network packets can lead to remote code execution. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：40 | 回复：0
CVE-2022-29496

A stack-based buffer overflow vulnerability exists in the BlynkConsole.h runCommand functionality of Blynk -Library v1.0.1. A specially-crafted network request can lead to command execution. An attack ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：32 | 回复：0
CVE-2022-31083

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 4.10.11 and 5.2.2, the certificate in the Parse Server Apple Game Center auth ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：32 | 回复：0
CVE-2022-31941

Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via \rdms\admin?page=user\manage_userid=.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：25 | 回复：0
CVE-2022-21213

This affects all versions of package mout. The deepFillIn function can be used to 'fill missing properties recursively', while the deepMixIn mixes objects into the target object, recursively m ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：27 | 回复：0
CVE-2022-22138

All versions of package fast-string-search are vulnerable to Denial of Service (DoS) when computations are incorrect for non-string inputs. One can cause the V8 to attempt reading from non-permitted l ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：23 | 回复：0
CVE-2022-25345

All versions of package @discordjs/opus are vulnerable to Denial of Service (DoS) when trying to encode using an encoder with zero channels, or a non-initialized buffer. This leads to a hard crash.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：27 | 回复：0
CVE-2022-25852

All versions of package pg-native; all versions of package libpq are vulnerable to Denial of Service (DoS) when the addons attempt to cast the second argument to an array and fail. This happens for ev ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：32 | 回复：0
CVE-2022-25856

The package github.com/argoproj/argo-events/sensors/artifacts before 1.7.1 are vulnerable to Directory Traversal in the (g *GitArtifactReader).Read() API in git.go. This could allow arbitrary file rea ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：28 | 回复：0
CVE-2022-25871

All versions of package querymen are vulnerable to Prototype Pollution if the parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. Note: This vu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：28 | 回复：0
CVE-2022-25872

All versions of package fast-string-search are vulnerable to Out-of-bounds Read due to incorrect memory freeing and length calculation for any non-string input as the source. This allows the attacker ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：30 | 回复：0
CVE-2022-31873

Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an XSS vulnerability via the prefix parameter in /admin/general.cgi.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：27 | 回复：0
CVE-2022-31874

ASUS RT-N53 3.0.0.4.376.3754 has a command injection vulnerability in the SystemCmd parameter of the apply.cgi interface.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：27 | 回复：0
CVE-2022-31875

Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an xss vulnerability via the proname parameter in /admin/scheprofile.cgi……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：25 | 回复：0
CVE-2022-31876

netgear wnap320 router WNAP320_V2.0.3_firmware is vulnerable to Incorrect Access Control via /recreate.php, which can leak all users cookies.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：31 | 回复：0
CVE-2022-21503

Vulnerability in the Oracle Cloud Infrastructure product of Oracle Cloud Services. Easily exploitable vulnerability allows high privileged attacker with network access to compromise Oracle Cloud Infra ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：43 | 回复：0
CVE-2014-125002

A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function dnxhd_init_rc of the file libavcodec/dnxhdenc.c. The manipulation leads to memory corruption. I ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：29 | 回复：0
CVE-2014-125003

A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function get_siz of the file libavcodec/jpeg2000dec.c. The manipulation leads to memory corruption. The at ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：41 | 回复：0