CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-31374

An arbitrary file upload vulnerability /images/background/1.php in of SolarView Compact 6.0 allows attackers to execute arbitrary code via a crafted php file.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：158 | 回复：0
CVE-2022-32414

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_vmcode_interpreter at src/njs_vmcode.c.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：143 | 回复：0
CVE-2022-33119

NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via login.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：121 | 回复：0
CVE-2022-33139

A vulnerability has been identified in SIMATIC WinCC OA V3.16 (All versions in default configuration), SIMATIC WinCC OA V3.17 (All versions in non-default configuration), SIMATIC WinCC OA V3.18 (All v ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：156 | 回复：0
CVE-2022-23342

The Hyland Onbase Application Server releases prior to 20.3.58.1000 and OnBase releases 21.1.1.1000 through 21.1.15.1000 are vulnerable to a username enumeration vulnerability. An attacker can obtain ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：154 | 回复：0
CVE-2022-25585

Unioncms v1.0.13 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Default settings.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：149 | 回复：0
CVE-2022-29774

iSpyConnect iSpy v7.2.2.0 is vulnerable to path traversal.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：117 | 回复：0
CVE-2022-29775

iSpyConnect iSpy v7.2.2.0 allows attackers to bypass authentication via a crafted URL.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：160 | 回复：0
CVE-2022-31478

The UserTakeOver plugin before 4.0.1 for ILIAS allows an attacker to list all users via the search function.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：192 | 回复：0
CVE-2022-33048

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/reservations/view_details.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：173 | 回复：0
CVE-2022-33049

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/?page=user/manage_user.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：146 | 回复：0
CVE-2022-33055

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/trains/manage_train.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：325 | 回复：0
CVE-2022-33056

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/schedules/manage_schedule.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：128 | 回复：0
CVE-2021-41924

Webkul krayin crm before 1.2.2 is vulnerable to Cross Site Scripting (XSS).……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：112 | 回复：0
CVE-2022-1596

Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：174 | 回复：0
CVE-2022-1665

A set of pre-production kernel packages of Red Hat Enterprise Linux for IBM Power architecture can be booted by the grub in Secure Boot mode even though it shouldn't. These kernel builds don't ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：160 | 回复：0
CVE-2022-1833

A flaw was found in AMQ Broker Operator 7.9.4 installed via UI using OperatorHub where a low-privilege user that has access to the namespace where the AMQ Operator is deployed has access to clusterwid ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：150 | 回复：0
CVE-2022-22979

In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the cachin ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：167 | 回复：0
CVE-2022-23171

AtlasVPN - Privilege Escalation Lack of proper security controls on named pipe messages can allow an attacker with low privileges to send a malicious payload and gain SYSTEM permissions on a windows c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：201 | 回复：0
CVE-2022-26147

The Quectel RG502Q-EA modem before 2022-02-23 allow OS Command Injection.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：191 | 回复：0
CVE-2022-27867

A maliciously crafted JT file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：174 | 回复：0
CVE-2022-27868

A maliciously crafted CAT file in Autodesk AutoCAD 2023 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：181 | 回复：0
CVE-2022-27869

A maliciously crafted TIFF file in Autodesk AutoCAD 2023 can be forced to read and write beyond allocated boundaries when parsing the TIFF file. This vulnerability can be exploited to execute arbitrar ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：165 | 回复：0
CVE-2022-27870

A maliciously crafted TGA file in Autodesk AutoCAD 2023 may be used to write beyond the allocated buffer while parsing TGA file. This vulnerability may be exploited to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：177 | 回复：0
CVE-2022-27871

Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulner ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：181 | 回复：0
CVE-2022-27872

A maliciously crafted PDF file may be used to dereference a pointer for read or write operation while parsing PDF files in Autodesk Navisworks 2022. The vulnerability exists because the application fa ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：233 | 回复：0
CVE-2022-2068

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command inje ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：513 | 回复：0
CVE-2022-30874

There is a Cross Site Scripting Stored (XSS) vulnerability in NukeViet CMS before 4.5.02.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：258 | 回复：0
CVE-2022-31786

IdeaLMS 2022 allows reflected Cross Site Scripting (XSS) via the IdeaLMS/Class/Assessment/ PATH_INFO.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：202 | 回复：0
CVE-2022-32973

An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：302 | 回复：0
CVE-2022-32974

An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：249 | 回复：0
CVE-2022-33995

A path traversal issue in entry attachments in Devolutions Remote Desktop Manager before 2022.2 allows attackers to create or overwrite files in an arbitrary location.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：263 | 回复：0
CVE-2022-34008

Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privilege escalation. To escalate privilege, a low-privileged attacker can use an NTFS directory junction to restore a malicious DLL from ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：258 | 回复：0
CVE-2021-39006

IBM QRadar WinCollect Agent 10.0 and 10.0.1 could allow an attacker to obtain sensitive information due to missing best practices. IBM X-Force ID: 213549.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：280 | 回复：0
CVE-2021-36761

The GeoAnalytics feature in Qlik Sense April 2020 patch 4 allows SSRF.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：235 | 回复：0
CVE-2021-40510

XML eXternal Entity (XXE) in OBDA systems’ Mastro 1.0 allows remote attackers to read system files via custom DTDs.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：228 | 回复：0
CVE-2021-40511

OBDA systems’ Mastro 1.0 is vulnerable to XML Entity Expansion (aka “billion laughs”) attack allowing denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：223 | 回复：0
CVE-2022-31095

discourse-chat is a chat plugin for the Discourse application. Versions prior to 0.4 are vulnerable to an exposure of sensitive information, where an attacker who knows the message ID for a channel th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：305 | 回复：0
CVE-2017-20082

A vulnerability, which was classified as problematic, has been found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832. This issue affects some unknown processing. The manipulation leads to backdoor. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：291 | 回复：0
CVE-2017-20083

A vulnerability, which was classified as critical, was found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832. Affected is an unknown function of the component SSH Server. The manipulation leads to b ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：274 | 回复：0