CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-34876

SQL Injection vulnerability in admin interface (/vicidial/admin.php) of VICIdial via modify_email_accounts, access_recordings, and agentcall_email parameters allows attacker to spoof identity, tamper ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：88 | 回复：0
CVE-2022-34877

SQL Injection vulnerability in AST Agent Time Sheet interface ((/vicidial/AST_agent_time_sheet.php) of VICIdial via the agent parameter allows attacker to spoof identity, tamper with existing data, al ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：101 | 回复：0
CVE-2022-34878

SQL Injection vulnerability in User Stats interface (/vicidial/user_stats.php) of VICIdial via the file_download parameter allows attacker to spoof identity, tamper with existing data, allow the compl ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：94 | 回复：0
CVE-2022-34879

Reflected Cross Site Scripting (XSS) vulnerabilities in AST Agent Time Sheet interface (/vicidial/AST_agent_time_sheet.php) of VICIdial via agent, and search_archived_data parameters. This issue affec ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：122 | 回复：0
CVE-2021-44915

Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：98 | 回复：0
CVE-2022-31014

Nextcloud server is an open source personal cloud server. Affected versions were found to be vulnerable to SMTP command injection. The impact varies based on which commands are supported by the backen ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：160 | 回复：0
CVE-2022-31116

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped su ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：102 | 回复：0
CVE-2022-31117

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause th ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：100 | 回复：0
CVE-2022-33075

A stored cross-site scripting (XSS) vulnerability in the Add Classification function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：86 | 回复：0
CVE-2022-2321

Improper Restriction of Excessive Authentication Attempts in GitHub repository heroiclabs/nakama prior to 3.13.0. This results in login brute-force attacks.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：101 | 回复：0
CVE-2022-31856

Newsletter Module v3.x was discovered to contain a SQL injection vulnerability via the zemez_newsletter_email parameter at /index.php.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：108 | 回复：0
CVE-2022-32310

An access control issue in Ingredient Stock Management System v1.0 allows attackers to take over user accounts via a crafted POST request to /isms/classes/Users.php.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：102 | 回复：0
CVE-2022-32311

Ingredient Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /isms/admin/stocks/view_stock.php.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：94 | 回复：0
CVE-2022-32413

An arbitrary file upload vulnerability in Dice v4.2.0 allows attackers to execute arbitrary code via a crafted file.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：87 | 回复：0
CVE-2022-34972

So Filter Shop v3.x was discovered to contain multiple blind SQL injection vulnerabilities via the att_value_id , manu_value_id , opt_value_id , and subcate_value_id parameters at /index.php?route=ext ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：93 | 回复：0
CVE-2022-22681

Session fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allows remote attackers to bypass security constraint via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：93 | 回复：0
CVE-2021-23163

JFrog Artifactory prior to version 7.33.6 and 6.23.38, is vulnerable to CSRF ( Cross-Site Request Forgery) for specific endpoints. This issue affects: JFrog JFrog Artifactory JFrog Artifactory version ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：106 | 回复：0
CVE-2021-45721

JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting (XSS) through one of the XHR parameters in Users REST API endpoint. This issue affects: JFrog JFro ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：125 | 回复：0
CVE-2021-46687

JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API. This issue affects: JFrog JFrog Artifactory JFrog Artifactor ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：115 | 回复：0
CVE-2022-32533

** UNSUPPORTED WHEN ASSIGNED ** Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configurati ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：105 | 回复：0
CVE-2022-35229

An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users. The payload can be executed only with a known CSRF token value of th ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：110 | 回复：0
CVE-2022-35230

An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the v ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：110 | 回复：0
CVE-2022-30591

** DISPUTED ** quic-go through 0.27.0 allows remote attackers to cause a denial of service (CPU consumption) via a Slowloris variant in which incomplete QUIC or HTTP/3 requests are sent. This occurs b ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：104 | 回复：0
CVE-2022-32290

The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. It listens on a random, unprivileged TCP port and exposes an HTTP proxy to facilitate API calls from additional ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：117 | 回复：0
CVE-2022-32383

Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via the AdvSetMacMtuWan function.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：117 | 回复：0
CVE-2022-32385

Tenda AC23 v16.03.07.44 is vulnerable to Stack Overflow that will allow for the execution of arbitrary code (remote).……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：122 | 回复：0
CVE-2022-32386

Tenda AC23 v16.03.07.44 was discovered to contain a buffer overflow via fromAdvSetMacMtuWan.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：139 | 回复：0
CVE-2021-31676

A reflected XSS was discovered in PESCMS-V2.3.3. When combined with CSRF in the same file, they can cause bigger destruction.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：134 | 回复：0
CVE-2021-31677

An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can modify admin and other members' passwords.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：157 | 回复：0
CVE-2021-31678

An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can delete import information about a user's company.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：141 | 回复：0
CVE-2021-31679

An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that allows attackers to delete admin and other members' account numbers.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：129 | 回复：0
CVE-2021-37839

Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：109 | 回复：0
CVE-2022-24138

IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has rwx permissions for unprivileged users. Low p ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：123 | 回复：0
CVE-2022-24139

In IOBit Advanced System Care (AscService.exe) 15, an attacker with SEImpersonatePrivilege can create a named pipe with the same name as one of ASCService's named pipes. ASCService first tries to ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：112 | 回复：0
CVE-2022-24140

IOBit Advanced System Care 15, iTop Screen Recorder 2.1, iTop VPN 3.2, Driver Booster 9, and iTop Screenshot sends HTTP requests in their update procedure in order to download a config file. After dow ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：110 | 回复：0
CVE-2022-24141

The iTopVPNmini.exe component of iTop VPN 3.2 will try to connect to datastate_iTopVPN_Pipe_Server on a loop. An attacker that opened a named pipe with the same name can use it to gain the token of an ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：110 | 回复：0
CVE-2022-28935

Totolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20200504, Totolink A950RG V4.1.2cu.5161_B20200903, Totolink A800R V4.1.2cu.5137_B20200730, Totolink A3000RU V5.9c.5185_B20201128, To ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：112 | 回复：0
CVE-2022-33980

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is ${prefix:name}, where prefix is use ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：121 | 回复：0
CVE-2022-20082

In GPU, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：115 | 回复：0
CVE-2022-20083

In Modem 2G/3G CC, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution when decoding combined FACILITY with no additional execution privileg ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：130 | 回复：0