CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-2058

Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f ...……

作者：菜鸟教程小白 | 时间：2022-7-7 09:04 | 阅读：294 | 回复：0
CVE-2021-38941

IBM CloudPak for Multicloud Monitoring 2.0 and 2.3 has a few containers running in privileged mode which is vulnerable to host information leakage or destruction if unauthorized access to these contai ...……

作者：菜鸟教程小白 | 时间：2022-7-7 09:04 | 阅读：341 | 回复：0
CVE-2021-38954

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could disclose sensitive version information that could aid in future attacks against the system. IBM X ...……

作者：菜鸟教程小白 | 时间：2022-7-7 09:04 | 阅读：350 | 回复：0
CVE-2022-22472

IBM Spectrum Protect Plus Container Backup and Restore (10.1.5 through 10.1.10.2 for Kubernetes and 10.1.7 through 10.1.10.2 for Red Hat OpenShift) could allow a remote attacker to bypass IBM Spectrum ...……

作者：菜鸟教程小白 | 时间：2022-7-7 09:04 | 阅读：364 | 回复：0
CVE-2022-22474

IBM Spectrum Protect 8.1.0.0 through 8.1.14.0 dsmcad, dsmc, and dsmcsvc processes incorrectly handle certain read operations on TCP/IP sockets. This can result in a denial of service for IBM Spectrum ...……

作者：菜鸟教程小白 | 时间：2022-7-7 09:04 | 阅读：410 | 回复：0
CVE-2022-2078

A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial o ...……

作者：菜鸟教程小白 | 时间：2022-7-7 09:03 | 阅读：105 | 回复：0
CVE-2022-33043

A cross-site scripting (XSS) vulnerability in the batch add function of Urtracker Premium v4.0.1.1477 allows attackers to execute arbitrary web scripts or HTML via a crafted excel file.……

作者：菜鸟教程小白 | 时间：2022-7-7 09:03 | 阅读：122 | 回复：0
CVE-2021-37770

Nucleus CMS v3.71 is affected by a file upload vulnerability. In this vulnerability, we can use upload to change the upload path to the path without the Htaccess file. Upload an Htaccess file and writ ...……

作者：菜鸟教程小白 | 时间：2022-7-7 09:03 | 阅读：123 | 回复：0
CVE-2021-37778

There is a buffer overflow in gps-sdr-sim v1.0 when parsing long command line parameters, which can lead to DoS or code execution.……

作者：菜鸟教程小白 | 时间：2022-7-7 09:03 | 阅读：102 | 回复：0
CVE-2013-4309

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA.……

作者：菜鸟教程小白 | 时间：2022-7-7 09:03 | 阅读：120 | 回复：0
CVE-2021-37791

MyAdmin v1.0 is affected by an incorrect access control vulnerability in viewing personal center in /api/user/userData?userCode=admin.……

作者：菜鸟教程小白 | 时间：2022-7-7 09:03 | 阅读：154 | 回复：0
CVE-2022-1955

Session 1.13.0 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate securi ...……

作者：菜鸟教程小白 | 时间：2022-7-7 09:03 | 阅读：182 | 回复：0
CVE-2017-20125

A vulnerability classified as critical was found in Online Hotel Booking System Pro 1.2. Affected by this vulnerability is an unknown functionality of the file /roomtype-details.php. The manipulation ...……

作者：菜鸟教程小白 | 时间：2022-7-7 09:02 | 阅读：99 | 回复：0
CVE-2022-26135

A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request fo ...……

作者：菜鸟教程小白 | 时间：2022-7-7 09:02 | 阅读：117 | 回复：0
CVE-2021-40643

EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location of the sendmail application in the cacti configuration page (by defaul ...……

作者：菜鸟教程小白 | 时间：2022-7-7 09:02 | 阅读：95 | 回复：0
CVE-2021-40663

deep.assign npm package 0.0.0-alpha.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution').……

作者：菜鸟教程小白 | 时间：2022-7-7 09:02 | 阅读：95 | 回复：0
CVE-2013-4146

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3414. Reason: This candidate is a duplicate of CVE-2012-3414. Notes: All CVE users should reference CVE-2012-3414 instead of this ca ...……

作者：菜鸟教程小白 | 时间：2022-7-7 09:02 | 阅读：116 | 回复：0
CVE-2013-4170

In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the `tagName` property of an `Ember.View` was inserted into suc ...……

作者：菜鸟教程小白 | 时间：2022-7-7 09:02 | 阅读：102 | 回复：0
CVE-2021-41506

Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, HI3518_50H10L_S39 V4.02.R11.7601.Nat.Onvif.20170420, V4.02.R11.Nat.Onvif.20160422, V4 ...……

作者：菜鸟教程小白 | 时间：2022-7-7 09:02 | 阅读：112 | 回复：0
CVE-2022-1852

A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing a ...……

作者：菜鸟教程小白 | 时间：2022-7-7 09:02 | 阅读：93 | 回复：0
CVE-2022-30467

Joy ebike Wolf Manufacturing year 2022 is vulnerable to Denial of service, which allows remote attackers to jam the key fob request via RF.……

作者：菜鸟教程小白 | 时间：2022-7-7 09:01 | 阅读：85 | 回复：0
CVE-2022-34835

In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the i2c md command enables the corruption of the return address pointer of the do_i2c_md fun ...……

作者：菜鸟教程小白 | 时间：2022-7-7 09:01 | 阅读：99 | 回复：0
CVE-2017-20121

A vulnerability was found in Teradici Management Console 2.2.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Database Management. The m ...……

作者：菜鸟教程小白 | 时间：2022-7-7 09:01 | 阅读：85 | 回复：0
CVE-2017-20122

A vulnerability classified as problematic was found in Bitrix Site Manager 12.06.2015. Affected by this vulnerability is an unknown functionality of the component Contact Form. The manipulation of the ...……

作者：菜鸟教程小白 | 时间：2022-7-7 09:01 | 阅读：87 | 回复：0
CVE-2017-20123

A vulnerability was found in Viscosity 1.6.7. It has been classified as critical. This affects an unknown part of the component DLL Handler. The manipulation leads to untrusted search path. It is poss ...……

作者：菜鸟教程小白 | 时间：2022-7-7 09:01 | 阅读：127 | 回复：0
CVE-2017-20124

A vulnerability classified as critical has been found in Online Hotel Booking System Pro Plugin 1.0. Affected is an unknown function of the file /front/roomtype-details.php. The manipulation of the ar ...……

作者：菜鸟教程小白 | 时间：2022-7-7 09:01 | 阅读：119 | 回复：0
CVE-2013-4126

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-7 09:00 | 阅读：65 | 回复：0
CVE-2022-2073

Code Injection in GitHub repository getgrav/grav prior to 1.7.34.……

作者：菜鸟教程小白 | 时间：2022-7-7 09:00 | 阅读：72 | 回复：0
CVE-2022-33057

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_reservation.……

作者：菜鸟教程小白 | 时间：2022-7-7 09:00 | 阅读：65 | 回复：0
CVE-2022-33058

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_message.……

作者：菜鸟教程小白 | 时间：2022-7-7 09:00 | 阅读：67 | 回复：0
CVE-2022-33059

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_train.……

作者：菜鸟教程小白 | 时间：2022-7-7 09:00 | 阅读：79 | 回复：0
CVE-2022-33060

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_schedule.……

作者：菜鸟教程小白 | 时间：2022-7-7 09:00 | 阅读：74 | 回复：0
CVE-2022-33061

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_service.……

作者：菜鸟教程小白 | 时间：2022-7-7 09:00 | 阅读：76 | 回复：0
CVE-2021-40597

The firmware of EDIMAX IC-3140W Version 3.11 is hardcoded with Administrator username and password.……

作者：菜鸟教程小白 | 时间：2022-7-7 09:00 | 阅读：75 | 回复：0
CVE-2022-33638

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33639.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:59 | 阅读：64 | 回复：0
CVE-2022-33639

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33638.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:59 | 阅读：68 | 回复：0
CVE-2022-31032

Tuleap is a Free Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.58 authorizations are not properly verified when creating projects or ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:59 | 阅读：72 | 回复：0
CVE-2022-31058

Tuleap is a Free Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.95 Tuleap does not sanitize properly user inputs when constructing th ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:59 | 阅读：63 | 回复：0
CVE-2022-31063

Tuleap is a Free Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.111 the title of a document is not properly escaped in the search res ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:59 | 阅读：66 | 回复：0
CVE-2022-31110

RSSHub is an open source, extensible RSS feed generator. In commits prior to 5c4177441417 passing some special values to the `filter` and `filterout` parameters can cause an abnormally high CPU. This ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:59 | 阅读：67 | 回复：0