CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-30875

Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Error Page.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：14 | 回复：0
CVE-2021-40589

ZAngband zangband-data 2.7.5 is affected by an integer underflow vulnerability in src/tk/plat.c through the variable fileheader.bfOffBits.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：14 | 回复：0
CVE-2021-40592

GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (version v1.0.1 onwards) contains loop with unreachable exit condition ('infinite loop') vulnerability in ISOBMFF reader fil ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：12 | 回复：0
CVE-2022-30877

The keep for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：10 | 回复：0
CVE-2022-30882

pyanxdns package in PyPI version 0.2 is vulnerable to code execution backdoor. The impact is: execute arbitrary code (remote). When installing the pyanxdns package of version 0.2, the request package ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：11 | 回复：0
CVE-2022-31313

api-res-py package in PyPI 0.1 is vulnerable to a code execution backdoor in the request package.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：14 | 回复：0
CVE-2022-29013

A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：12 | 回复：0
CVE-2022-29014

A local file inclusion vulnerability in Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to read arbitrary files.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：14 | 回复：0
CVE-2022-31496

LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_site_files.php access.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：11 | 回复：0
CVE-2022-24840

django-s3file is a lightweight file upload input for Django and Amazon S3 . In versions prior to 5.5.1 it was possible to traverse the entire AWS S3 bucket and in most cases to access or delete files. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：12 | 回复：0
CVE-2022-25804

An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. Insecure permissions for the serverconfig registry key (under JavaSoft\Prefs\de\igel\rm\config in HKEY_LOCAL_MACHINE\SOFT ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：8 | 回复：0
CVE-2022-25805

An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. The transmission of cleartext LDAP bind credentials by the cmd_mgt_load_mgt_tree command allows an attacker (who can inte ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：15 | 回复：0
CVE-2022-25806

An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES key in the PrefDBCredentials class allows an attacker, who has discovered encrypted superuser credentials ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：17 | 回复：0
CVE-2022-25807

An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES key in the LDAPDesPWEncrypter class allows an attacker, who has discovered encrypted LDAP bind credential ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：23 | 回复：0
CVE-2022-30075

In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：18 | 回复：0
CVE-2022-31649

ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：15 | 回复：0
CVE-2022-32195

Open edX platform before 2022-06-06 allows XSS via the next parameter in the logout URL.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：15 | 回复：0
CVE-2022-24896

Tuleap is a Free Open Source Suite to manage software developments and collaboration. In versions prior to 13.7.99.239 Tuleap does not properly verify authorizations when displaying the content of tr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：12 | 回复：0
CVE-2022-29254

silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library. For a subset of Omnipay gateways (those that use intermediary states like `isNotification()` or `isRedirect()`), i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：18 | 回复：0
CVE-2022-29255

Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions prior to 0.3.4 when a calling an external contract with no return value, the contract address (including side ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：16 | 回复：0
CVE-2021-40610

Emlog Pro v 1.0.4 cross-site scripting (XSS) in Emlog Pro background management.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：21 | 回复：0
CVE-2021-40668

The Android application HTTP File Server (Version 1.4.1) by 'slowscript' is affected by a path traversal vulnerability that permits arbitrary directory listing, file read, and file write. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：18 | 回复：0
CVE-2022-31019

Vapor is a server-side Swift HTTP web framework. When using automatic content decoding an attacker can craft a request body that can make the server crash with the following request: `curl -d array$(f ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：13 | 回复：0
CVE-2022-31026

Trilogy is a client library for MySQL. When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：13 | 回复：0
CVE-2022-31027

OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is pr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：13 | 回复：0
CVE-2022-31030

containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without b ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：17 | 回复：0
CVE-2022-31386

A Server-Side Request Forgery (SSRF) in the getFileBinary function of nbnbk cms 3 allows attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the URL para ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：14 | 回复：0
CVE-2022-31390

Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：15 | 回复：0
CVE-2022-31393

Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：11 | 回复：0
CVE-2022-31827

MonstaFTP v2.10.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the function performFetchRequest at HTTPFetcher.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：10 | 回复：0
CVE-2022-31830

Kity Minder v1.3.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the init function at ImageCapture.class.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：11 | 回复：0
CVE-2021-40961

CMS Made Simple =2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL langu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：14 | 回复：0
CVE-2022-1998

A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this f ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：14 | 回复：0
CVE-2022-23138

ZTE's MF297D product has cryptographic issues vulnerability. Due to the use of weak random values, the security of the device is reduced, and it may face the risk of attack.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：16 | 回复：0
CVE-2022-2035

A reflected cross-site scripting (XSS) vulnerability exists in the playerConfUrl parameter in the /defaultui/player/modern.html file for SCORM Engine versions 20.1.45.914, 21.1.x 21.1.7.219. The iss ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：15 | 回复：0
CVE-2022-32272

OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and MetaDefender Email Gateway Security before 5.6.1 have incorrect access control, resulting in privilege escalation.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：14 | 回复：0
CVE-2022-0823

An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could allow a local attacker to guess the password by using a timing side-channel attack.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：8 | 回复：0
CVE-2022-24969

bypass CVE-2021-25640 In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：13 | 回复：0
CVE-2022-2000

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：10 | 回复：0
CVE-2022-2016

Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.1.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：11 | 回复：0