CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-32365

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/fields/manage_field.php?id=.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：43 | 回复：0
CVE-2022-32366

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/fields/view_field.php?id=.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：63 | 回复：0
CVE-2022-32367

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=inquiries/view_inquiryid=.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：38 | 回复：0
CVE-2022-29614

SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：27 | 回复：0
CVE-2022-29615

SAP NetWeaver Developer Studio (NWDS) - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x. The application's confidentiality and integrity could have a l ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：17 | 回复：0
CVE-2022-29618

Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：14 | 回复：0
CVE-2022-31589

Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction, wh ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：15 | 回复：0
CVE-2022-31590

SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program f ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：13 | 回复：0
CVE-2022-31594

A highly privileged user can exploit SUID-root program to escalate his privileges to root on a local Unix system.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：12 | 回复：0
CVE-2022-31595

SAP Financial Consolidation - version 1010,?does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：15 | 回复：0
CVE-2022-32235

When a user opens manipulated AutoCAD (.dwg, TeighaTranslator.exe) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：13 | 回复：0
CVE-2022-31059

Discourse Calendar is a calendar plugin for Discourse, an open-source messaging app. Prior to version 1.0.1, parsing and rendering of Event names can be susceptible to cross-site scripting (XSS) attac ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：15 | 回复：0
CVE-2022-32236

When a user opens manipulated Windows Bitmap (.bmp, 2d.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：14 | 回复：0
CVE-2022-32237

When a user opens manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily u ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：11 | 回复：0
CVE-2022-32238

When a user opens manipulated Encapsulated Post Script (.eps, ai.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavaila ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：12 | 回复：0
CVE-2022-32239

When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the us ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：13 | 回复：0
CVE-2022-29241

Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter Notebook. Prior to version 1.17.1, if notebook server is started with a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：12 | 回复：0
CVE-2022-31046

TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：13 | 回复：0
CVE-2022-31047

TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) ca ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：13 | 回复：0
CVE-2022-31048

TYPO3 is an open source web content management system. Prior to versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the Form Designer backend module of the Form Framework is vulnerable to cross-s ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：13 | 回复：0
CVE-2022-31049

TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, user submitted content was used without being properly encoded in HTML emails sent to users. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：13 | 回复：0
CVE-2022-31050

TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, Admin Tool sessions initiated via the TYPO3 backend user interface had not been revoked even ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：13 | 回复：0
CVE-2022-31060

Discourse is an open-source discussion platform. Prior to version 2.8.4 in the `stable` branch and version `2.9.0.beta5` in the `beta` and `tests-passed` branches, banner topic data is exposed on logi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：12 | 回复：0
CVE-2022-32353

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/manage_field_order.php?id=.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：13 | 回复：0
CVE-2022-32354

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=user/manage_userid=.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：13 | 回复：0
CVE-2022-32355

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=products/view_productid=.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：12 | 回复：0
CVE-2022-32358

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_inquiry.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：12 | 回复：0
CVE-2022-32359

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_category.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：11 | 回复：0
CVE-2022-32362

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/manage_category.php?id=.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：11 | 回复：0
CVE-2022-32363

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/view_category.php?id=.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：11 | 回复：0
CVE-2022-31066

EdgeX Foundry is an open source project for building a common open framework for Internet of Things edge computing. Prior to version 2.1.1, the /api/v2/config endpoint exposes message bus credentials ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：11 | 回复：0
CVE-2022-32230

Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a nam ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：13 | 回复：0
CVE-2022-32240

When a user opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavaila ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：11 | 回复：0
CVE-2022-32241

When a user opens manipulated Portable Document Format (.pdf, PDFView.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily una ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：11 | 回复：0
CVE-2022-32242

When a user opens manipulated Radiance Picture (.hdr, hdr.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：10 | 回复：0
CVE-2022-32243

When a user opens manipulated Scalable Vector Graphics (.svg, svg.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavail ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：10 | 回复：0
CVE-2022-1958

A vulnerability classified as critical has been found in FileCloud. Affected is the NTFS handler which leads to improper access controls. It is possible to launch the attack remotely but it demands so ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：9 | 回复：0
CVE-2021-40212

An exploitable out-of-bounds write vulnerability in PotPlayer 1.7.21523 build 210729 may lead to code execution, information disclosure, and denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：9 | 回复：0
CVE-2021-41413

ok-file-formats master 2021-9-12 is affected by a buffer overflow in ok_jpg_convert_data_unit_grayscale and ok_jpg_convert_YCbCr_to_RGB.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：9 | 回复：0
CVE-2021-39691

In WindowManager, there is a possible tapjacking attack due to an incorrect window flag when processing user input. This could lead to local escalation of privilege with no additional execution privil ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：10 | 回复：0