CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-31201

SoftGuard Web (SGW) before 5.1.5 allows HTML injection.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：537 | 回复：0
CVE-2022-31202

The export function in SoftGuard Web (SGW) before 5.1.5 allows directory traversal to read an arbitrary local file via export or man.tcl.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：603 | 回复：0
CVE-2022-31208

An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The webserver contains an endpoint that can execute arbitrary commands by manipulating the cmd_string URL parameter.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：661 | 回复：0
CVE-2022-31209

An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The firmware contains a potential buffer overflow by calling strcpy() without checking the string length beforehand.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：570 | 回复：0
CVE-2022-31210

An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file /usr/local/sbin/webproject/set_param.cgi contains hardcoded credentials to the web application. Because these accounts cannot be d ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：616 | 回复：0
CVE-2022-31211

An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank root password for TELNET by default.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：683 | 回复：0
CVE-2022-31212

An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec line i ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：575 | 回复：0
CVE-2022-31213

An issue was discovered in dbus-broker before 31. Multiple NULL pointer dereferences can be found when supplying a malformed XML config file.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：795 | 回复：0
CVE-2022-32985

libnx_apl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.02 implements a Backdoor Account for SSH logins on port 50200 or 50201.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：650 | 回复：0
CVE-2022-33903

Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：548 | 回复：0
CVE-2020-16093

In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LD ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：508 | 回复：0
CVE-2020-23561

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000005722.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：489 | 回复：0
CVE-2020-23562

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x000000000000aefe.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：910 | 回复：0
CVE-2020-23563

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000002cba.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：537 | 回复：0
CVE-2021-40874

An issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13. When using the RESTServer plug-in to operate a REST password validation service (for another LemonLDAP::NG instance, for example) an ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：892 | 回复：0
CVE-2021-41419

QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：951 | 回复：0
CVE-2021-42923

ShowMyPC 3606 on Windows suffers from a DLL hijack vulnerability. If an attacker overwrites the file %temp%\ShowMyPC\-ShowMyPC3606\wodVPN.dll, it will run any malicious code contained in that file. Th ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：523 | 回复：0
CVE-2021-44954

In QVIS NVR DVR before 2021-12-13, an attacker can escalate privileges from a qvisdvr user to the root user by abusing a Sudo misconfiguration.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：568 | 回复：0
CVE-2022-27434

UNIT4 TETA Mobile Edition (ME) before 29.5.HF17 was discovered to contain a SQL injection vulnerability via the ProfileName parameter in the errorReporting page.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：1276 | 回复：0
CVE-2022-33891

The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or mo ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：1350 | 回复：0
CVE-2016-15003

A vulnerability has been found in FileZilla Client 3.17.0.0 and classified as problematic. This vulnerability affects unknown code of the file C:\Program Files\FileZilla FTP Client\uninstall.exe of th ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：990 | 回复：0
CVE-2022-36127

A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：659 | 回复：0
CVE-2022-24688

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The Touch settings allow unrestricted file upload (and consequently Remote Code Execution) via PDF upload with PHP content and a .php e ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：767 | 回复：0
CVE-2022-24689

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. It mishandles access control. This allows a remote attacker to access account information pages (including personal data) without being ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：542 | 回复：0
CVE-2022-24690

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A PresAbs.php SQL Injection vulnerability allows unauthenticated users to taint database data and extract sensitive information via cra ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：734 | 回复：0
CVE-2022-24691

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A SQL Injection vulnerability allows authenticated users to taint database data and extract sensitive information via crafted HTTP requ ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：1078 | 回复：0
CVE-2022-24692

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The new menu option within the general Parameters page is vulnerable to stored XSS. The attacker can create a menu option, make it visi ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：535 | 回复：0
CVE-2022-30620

On Cellinx Camera with guest enabled, attacker with web access can elevate privileges to administrative: 1 to 0 privileges by changing the following cookie values from is_admin, showConfig. Administra ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：512 | 回复：0
CVE-2022-30621

Allows a remote user to read files on the camera's OS GetFileContent.cgi. Reading arbitrary files on the camera's OS as root user.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：1654 | 回复：0
CVE-2022-30623

The server checks the user's cookie in a non-standard way, and a value is entered in the cookie value name of the status and its value is set to true to bypass the identification with the system u ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：605 | 回复：0
CVE-2022-30624

Browsing the admin.html page allows the user to reset the admin password. Also appears in the JS code for the password.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：623 | 回复：0
CVE-2022-30625

Directory listing is a web server function that displays the directory contents when there is no index file in a specific website directory. A directory listing provides an attacker with the complete ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：525 | 回复：0
CVE-2022-30626

Browsing the path: http://ip/wifi_ap_pata_get.cmd, will show in the name of the existing access point on the component, and a password in clear text.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：1039 | 回复：0
CVE-2022-30627

This vulnerability affects all of the company's products that also include the FW versions: update_i90_cv2.021_b20210104, update_i50_v1.0.55_b20200509, update_x6_v2.1.2_b202001127, update_b5_v2.0. ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：556 | 回复：0
CVE-2022-32450

AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user can write to their own %APPDATA% folder (used for ad.trace and chat) but the product runs as SYSTEM whe ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：715 | 回复：0
CVE-2022-35404

ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：1517 | 回复：0
CVE-2021-33655

When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：587 | 回复：0
CVE-2021-33656

When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：584 | 回复：0
CVE-2022-23142

ZXEN CG200 has a DoS vulnerability. An attacker could construct and send a large number of HTTP GET requests in a short time, which can make the product management websites not accessible.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：530 | 回复：0
CVE-2022-2400

External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:16 | 阅读：803 | 回复：0