CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-31913

Online Discussion Forum Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /odfs/classes/Master.php?f=save_category, name.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：25 | 回复：0
CVE-2022-22953

VMware HCX update addresses an information disclosure vulnerability. A malicious actor with network user access to the VMware HCX appliance may be able to gain access to sensitive information.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：24 | 回复：0
CVE-2022-27531

A maliciously crafted TIF file can be forced to read beyond allocated boundaries in Autodesk 3ds Max 2022, and 2021 when parsing the TIF files. This vulnerability in conjunction with other vulnerabili ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：40 | 回复：0
CVE-2022-27532

A maliciously crafted TIF file in Autodesk 3ds Max 2022 and 2021 can be used to write beyond the allocated buffer while parsing TIF files. This vulnerability in conjunction with other vulnerabilities ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：40 | 回复：0
CVE-2022-31291

An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allows attackers to cause a double free via crafted TCP packets.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：30 | 回复：0
CVE-2022-31914

Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via zms/admin/public_html/save_animal?an_id=24.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：45 | 回复：0
CVE-2021-3675

Improper Input Validation vulnerability in synaTEE.signed.dll of Synaptics Fingerprint Driver allows a local authorized attacker to overwrite a heap tag, with potential loss of confidentiality. This i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：34 | 回复：0
CVE-2021-41420

A stored XSS vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker for arbitrary JavaScript code execution in the context of authenticated and unauthenticated users through the MaianA ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：38 | 回复：0
CVE-2021-41421

A PHP code injection vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker to gain RCE through the MaianAffiliate admin panel.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：237 | 回复：0
CVE-2022-1642

A program using swift-corelibs-foundation is vulnerable to a denial of service attack caused by a potentially malicious source producing a JSON document containing a type mismatch. This vulnerability ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：38 | 回复：0
CVE-2022-29862

An infinite loop in OPC UA .NET Standard Stack 1.04.368 allows a remote attackers to cause the application to hang via a crafted message.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：38 | 回复：0
CVE-2022-29865

OPC UA .NET Standard Stack allows a remote attacker to bypass the application authentication check via crafted fake credentials.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：31 | 回复：0
CVE-2022-30658

Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the cur ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：47 | 回复：0
CVE-2022-30659

Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current u ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：43 | 回复：0
CVE-2022-30660

Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current u ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：46 | 回复：0
CVE-2022-30661

Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the cur ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：51 | 回复：0
CVE-2022-30662

Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current u ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：68 | 回复：0
CVE-2022-30663

Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current u ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：79 | 回复：0
CVE-2022-30665

Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current u ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：75 | 回复：0
CVE-2022-30670

RoboHelp Server earlier versions than RHS 11 Update 3 are affected by an Improper Authorization vulnerability which could lead to privilege escalation. An authenticated attacker could leverage this vu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：99 | 回复：0
CVE-2022-31298

A cross-site scripting vulnerability in the ads comment section of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：204 | 回复：0
CVE-2022-31382

Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter in search-dirctory.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：96 | 回复：0
CVE-2022-31383

Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in view-directory.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：67 | 回复：0
CVE-2022-31384

Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the fullname parameter in add-directory.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：56 | 回复：0
CVE-2021-36827

Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Saturday Drive's Ninja Forms Contact Form plugin = 3.6.9 at WordPress via label.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：42 | 回复：0
CVE-2021-41487

NOKIA VitalSuite SPM 2020 is affected by SQL injection through UserName'.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：45 | 回复：0
CVE-2022-29863

OPC UA .NET Standard Stack 1.04.368 allows remote attacker to cause a crash via a crafted message that triggers excessive memory allocation.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：34 | 回复：0
CVE-2022-29864

OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to cause a server to crash via a large number of messages that trigger Uncontrolled Resource Consumption.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：41 | 回复：0
CVE-2022-29866

OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to exhaust the memory resources of a server via a crafted request that triggers Uncontrolled Resource Consumption.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：38 | 回复：0
CVE-2022-2085

A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When allocating a buffer device, it relies on an init_device_p ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：40 | 回复：0
CVE-2022-30650

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：92 | 回复：0
CVE-2022-30651

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an alloc ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：33 | 回复：0
CVE-2022-30652

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：79 | 回复：0
CVE-2022-30653

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：52 | 回复：0
CVE-2022-30654

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：48 | 回复：0
CVE-2022-30655

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Explo ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：37 | 回复：0
CVE-2022-30656

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：40 | 回复：0
CVE-2022-30657

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Explo ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：42 | 回复：0
CVE-2022-30664

Adobe Animate version 22.0.5 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this is ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：42 | 回复：0
CVE-2022-31294

An issue in the save_users() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily create or update user accounts.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：49 | 回复：0