CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-1999

An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the REST API an unprivil ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：151 | 回复：0
CVE-2022-2228

Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker with the appropriate access tokens to obtain CI v ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：158 | 回复：0
CVE-2022-2229

An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an unprotec ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：157 | 回复：0
CVE-2022-2270

An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab wa ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：153 | 回复：0
CVE-2022-31113

Canarytokens is an open source tool which helps track activity and actions on your network. A Cross-Site Scripting vulnerability was identified in the history page of triggered Canarytokens. This perm ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：152 | 回复：0
CVE-2021-37524

Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web script or HTML via an unsanitized path parameter in resources/login.php.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：139 | 回复：0
CVE-2022-0167

An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：132 | 回复：0
CVE-2022-1954

A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to make a Git ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：133 | 回复：0
CVE-2022-22366

IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 22106.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：114 | 回复：0
CVE-2022-22367

IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. IBM X-Force ID: 221008.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：119 | 回复：0
CVE-2022-22373

An improper validation vulnerability in IBM InfoSphere Information Server 11.7 Pack for SAP Apps and BW Packs may lead to creation of directories and files on the server file system that may contain n ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：108 | 回复：0
CVE-2022-31604

NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI implementation module, where The CA credentials are transported via pickle and no safe deserialization. The deserialization of Unt ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：112 | 回复：0
CVE-2022-31605

NVFLARE, versions prior to 2.1.2, contains a vulnerability in its utils module, where YAML files are loaded via yaml.load() instead of yaml.safe_load(). The deserialization of Untrusted Data, may allo ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：110 | 回复：0
CVE-2022-32030

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetQosBand.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：107 | 回复：0
CVE-2022-32031

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function fromSetRouteStatic.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：99 | 回复：0
CVE-2022-32032

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the deviceList parameter in the function formAddMacfilterRule.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：115 | 回复：0
CVE-2022-32033

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the function formSetVirtualSer.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：122 | 回复：0
CVE-2022-32034

Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the items parameter in the function formdelMasteraclist.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:04 | 阅读：136 | 回复：0
CVE-2022-2274

The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:03 | 阅读：708 | 回复：0
CVE-2022-2279

NULL Pointer Dereference in GitHub repository bfabiszewski/libmobi prior to 0.11.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:03 | 阅读：771 | 回复：0
CVE-2022-2280

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:03 | 阅读：537 | 回复：0
CVE-2022-34894

In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services……

作者：菜鸟教程小白 | 时间：2022-7-8 08:03 | 阅读：675 | 回复：0
CVE-2022-2274

The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:03 | 阅读：610 | 回复：0
CVE-2022-2279

NULL Pointer Dereference in GitHub repository bfabiszewski/libmobi prior to 0.11.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:03 | 阅读：429 | 回复：0
CVE-2022-2280

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:03 | 阅读：365 | 回复：0
CVE-2022-34894

In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services……

作者：菜鸟教程小白 | 时间：2022-7-8 08:03 | 阅读：323 | 回复：0
CVE-2022-31115

opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ruby `YAML.load` function was used instead of `YAML.safe_load`. As a result opensearch-rub ...……

作者：菜鸟教程小白 | 时间：2022-7-7 09:16 | 阅读：524 | 回复：0
CVE-2022-33082

An issue in the AST parser (ast/compile.go) of Open Policy Agent v0.10.2 allows attackers to cause a Denial of Service (DoS) via a crafted input.……

作者：菜鸟教程小白 | 时间：2022-7-7 09:16 | 阅读：547 | 回复：0
CVE-2022-33085

ESPCMS P8 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the fetch_filename function at \espcms_public\espcms_templates\ESPCMS_Templates.……

作者：菜鸟教程小白 | 时间：2022-7-7 09:16 | 阅读：569 | 回复：0
CVE-2022-33087

A stack overflow in the function DM_ In fillobjbystr() of TP-Link Archer C50A5(US)_V5_200407 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.……

作者：菜鸟教程小白 | 时间：2022-7-7 09:16 | 阅读：514 | 回复：0
CVE-2021-32428

SQL Injection vulnerability in viaviwebtech Android EBook App (Books App, PDF, ePub, Online Book Reading, Download Books) 10 via the author_id parameter to api.php.……

作者：菜鸟教程小白 | 时间：2022-7-7 09:16 | 阅读：540 | 回复：0
CVE-2022-27904

The Automox Agent installation package before 37 on macOS allows an unprivileged user to obtain root access because of incorrect access control on a file used within the PostInstall script.……

作者：菜鸟教程小白 | 时间：2022-7-7 09:16 | 阅读：566 | 回复：0
CVE-2022-32295

On Ampere Altra and AltraMax devices before SRP 1.09, the the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component.……

作者：菜鸟教程小白 | 时间：2022-7-7 09:16 | 阅读：561 | 回复：0
CVE-2022-32988

Cross Site Scripting (XSS) vulnerability in router Asus DSL-N14U-B1 1.1.2.3_805 via the *list parameters (e.g. filter_lwlist, keyword_rulelist, etc) in every .asp page containing a list of stored stri ...……

作者：菜鸟教程小白 | 时间：2022-7-7 09:16 | 阅读：601 | 回复：0
CVE-2013-6423

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-7 09:15 | 阅读：502 | 回复：0
CVE-2013-6464

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-7 09:15 | 阅读：512 | 回复：0
CVE-2013-6471

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-7 09:15 | 阅读：495 | 回复：0
CVE-2013-6498

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-7 09:15 | 阅读：465 | 回复：0
CVE-2013-7253

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-7 09:15 | 阅读：516 | 回复：0
CVE-2014-0068

It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log/watchman.ouput with world writable permission.……

作者：菜鸟教程小白 | 时间：2022-7-7 09:15 | 阅读：508 | 回复：0