CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-34597

Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability via the function WanParameterSetting.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：161 | 回复：0
CVE-2022-34598

The udpserver in H3C Magic R100 V200R004 and V100R005 has the 9034 port opened, allowing attackers to execute arbitrary commands.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：256 | 回复：0
CVE-2022-31111

Frontier is Substrate's Ethereum compatibility layer. In affected versions the truncation done when converting between EVM balance type and Substrate balance type was incorrectly implemented. This ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：156 | 回复：0
CVE-2022-31124

openssh_key_parser is an open source Python package providing utilities to parse and pack OpenSSH private and public key files. In versions prior to 0.0.6 if a field of a key is shorter than it is dec ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：192 | 回复：0
CVE-2022-31125

Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to bypass authentication and ac ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：217 | 回复：0
CVE-2022-31126

Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to code execution by sending a ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：387 | 回复：0
CVE-2022-31127

NextAuth.js is a complete open source authentication solution for Next.js applications. An attacker can pass a compromised input to the e-mail (https://next-auth.js.org/getting-started/rest-api#post-a ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：441 | 回复：0
CVE-2022-31129

moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using stri ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：2455 | 回复：0
CVE-2022-31131

Nextcloud mail is a Mail app for the Nextcloud home server product. Versions of Nextcloud mail prior to 1.12.2 were found to be missing user account ownership checks when performing tasks related to m ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：376 | 回复：0
CVE-2022-2316

HTML injection vulnerability in secure messages of Devolutions Server before 2022.2 allows attackers to alter the rendering of the page or redirect a user to another site.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：508 | 回复：0
CVE-2022-2318

There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：332 | 回复：0
CVE-2022-33047

OTFCC v0.10.4 was discovered to contain a heap buffer overflow after free via otfccbuild.c.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：368 | 回复：0
CVE-2014-8164

A insecure configuration for certificate verification (http.verify_mode = OpenSSL::SSL::VERIFY_NONE) may lead to verification bypass in Red Hat CloudForms 5.x.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：327 | 回复：0
CVE-2015-3172

EidoGo is susceptible to Cross-Site Scripting (XSS) attacks via maliciously crafted SGF input.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：339 | 回复：0
CVE-2015-3173

custom-content-type-manager Wordpress plugin can be used by an administrator to achieve arbitrary PHP remote code execution.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：345 | 回复：0
CVE-2021-4234

OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting i ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：539 | 回复：0
CVE-2022-20752

A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauth ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：379 | 回复：0
CVE-2022-20768

A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：370 | 回复：0
CVE-2022-20791

A vulnerability in the database user privileges of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unifie ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：434 | 回复：0
CVE-2022-20800

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unif ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：373 | 回复：0
CVE-2022-20808

A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerabili ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：548 | 回复：0
CVE-2022-20812

Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwr ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：433 | 回复：0
CVE-2022-20813

Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwr ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：386 | 回复：0
CVE-2022-20815

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communicatio ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：373 | 回复：0
CVE-2022-20859

A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM amp; Presence Service (Unified CM IMamp;P), and Cisco U ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：449 | 回复：0
CVE-2022-20862

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could al ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：398 | 回复：0
CVE-2022-27548

HCL Launch stores user credentials in plain clear text which can be read by a local user.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：370 | 回复：0
CVE-2022-27549

HCL Launch may store certain data for recurring activities in a plain text format.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：374 | 回复：0
CVE-2022-2339

With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the server and read it's contents. This attack can lead to leak of sensitive information.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：334 | 回复：0
CVE-2022-2342

Cross-site Scripting (XSS) - Stored in GitHub repository outline/outline prior to v0.64.4.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：375 | 回复：0
CVE-2022-32567

The Appfire Jira Misc Custom Fields (JMCF) app 2.4.6 for Atlassian Jira allows XSS via a crafted project name to the Add Auto Indexing Rule function.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：387 | 回复：0
CVE-2022-25046

A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows attackers to execute arbitrary code via a crafted POST request.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：368 | 回复：0
CVE-2022-25047

The password reset token in CWP v0.9.8.1126 is generated using known or predictable values.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：381 | 回复：0
CVE-2022-25048

Command injection vulnerability in CWP v0.9.8.1126 that allows normal users to run commands as the root user.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：346 | 回复：0
CVE-2022-33996

Incorrect permission management in Devolutions Server before 2022.2 allows a new user with a preexisting username to inherit the permissions of that previous user.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：483 | 回复：0
CVE-2022-34007

EQS Integrity Line through 2022-07-01 allows a stored XSS via a crafted whistleblower entry.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：405 | 回复：0
CVE-2015-1784

In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the applicatio ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：367 | 回复：0
CVE-2015-1785

In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the applicatio ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：378 | 回复：0
CVE-2015-3207

In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：348 | 回复：0
CVE-2022-31854

Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin panel.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：417 | 回复：0