CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-1055

A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：80 | 回复：0
CVE-2021-43701

CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnerability in the endpoint /admin/export/getcsv/article_db, via the fieldS and orderby parameters.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：59 | 回复：0
CVE-2021-44081

A buffer overflow vulnerability exists in the AMF of open5gs 2.1.4. When the length of MSIN in Supi exceeds 24 characters, it leads to AMF denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：74 | 回复：0
CVE-2022-0343

A local attacker, as a different local user, may be able to send a HTTP request to 127.0.0.1:10000 after the user (typically a developer) manually invoked the ./tools/run-dev-server script. It is reco ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：80 | 回复：0
CVE-2022-0923

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialog_KID.ashx. This allows an attacker to inject arbitrary SQL queries, ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：196 | 回复：0
CVE-2022-1050

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potential ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：84 | 回复：0
CVE-2022-22934

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：83 | 回复：0
CVE-2022-22935

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonat ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：55 | 回复：0
CVE-2022-22936

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：63 | 回复：0
CVE-2022-22941

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisher_acl, if a user configured in the publisher_acl targets any ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：59 | 回复：0
CVE-2022-25347

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：83 | 回复：0
CVE-2022-25880

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerTag_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：79 | 回复：0
CVE-2022-25980

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerCommon.ashx. This allows an attacker to inject arbitrary SQL queries, retr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：72 | 回复：0
CVE-2022-26013

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_dmdsetHandler.ashx. This allows an attacker to inject arbitrary SQL queries, ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：71 | 回复：0
CVE-2022-26059

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetQueryData. This allows an attacker to inject arbitrary SQL queries, retrieve a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：61 | 回复：0
CVE-2022-26065

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in GetLatestDemandNode. This allows an attacker to inject arbitrary SQL queries, retrieve ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：59 | 回复：0
CVE-2022-26069

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerPage_KID.ashx. This allows an attacker to inject arbitrary SQL queries, re ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：66 | 回复：0
CVE-2022-26338

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerPageP_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrie ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：65 | 回复：0
CVE-2022-26349

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_eccoefficientHandler.ashx. This allows an attacker to inject arbitrary SQL q ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：45 | 回复：0
CVE-2022-26514

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_tagHandler.ashx. This allows an attacker to inject arbitrary SQL queries, re ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：55 | 回复：0
CVE-2022-26666

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerECC.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：62 | 回复：0
CVE-2022-26667

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetDemandAnalysisData. This allows an attacker to inject arbitrary SQL queries, r ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：53 | 回复：0
CVE-2022-26836

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerExport.ashx/Calendar. This allows an attacker to inject arbitrary SQL quer ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：43 | 回复：0
CVE-2022-26839

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files (such as ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：61 | 回复：0
CVE-2022-26887

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_loopmapHandler.ashx. This allows an attacker to inject arbitrary SQL queries, ret ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：48 | 回复：0
CVE-2022-27175

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetCalcTagList. This allows an attacker to inject arbitrary SQL queries, retrieve ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：42 | 回复：0
CVE-2021-42970

Cross Site Scripting (XSS) vulnerability exists in cxuucms v3 via the imgurl of /feedback/post/ content parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：37 | 回复：0
CVE-2021-43109

An SQL Injection vulnerability exits in PuneethReddyHC online-shopping-system as of 11/01/2021 via the p parameter in product.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：46 | 回复：0
CVE-2021-43110

An Access Conrol vulnerability exists in PuneethReddyHC online-shopping-system as of 11/01/2021 in add_products.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：44 | 回复：0
CVE-2022-1122

A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：46 | 回复：0
CVE-2022-22948

The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：48 | 回复：0
CVE-2021-42911

A Format String vulnerability exists in DrayTek Vigor 2960 = 1.5.1.3, DrayTek Vigor 3900 = 1.5.1.3, and DrayTek Vigor 300B = 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message containing ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：44 | 回复：0
CVE-2021-43118

A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900 1.5.1.3, and DrayTek Vigor 300B 1.5.1.3 via a crafted HTTP message containing malformed QUERY STRING i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：41 | 回复：0
CVE-2022-21821

NVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in cuobjdump.To exploit this vulnerability, a remote attacker would require a local user to download a specially crafted, corrupted f ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：35 | 回复：0
CVE-2022-26871

An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：39 | 回复：0
CVE-2021-44082

textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshel ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：57 | 回复：0
CVE-2015-3298

Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first powered up, a signature will be issued even though the PIN has not been validated.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：49 | 回复：0
CVE-2021-41594

In RSA Archer 6.9.SP1 P3, if some application functions are precluded by the Administrator, this can be bypassed by intercepting the API request at the /api/V2/internal/TaskPermissions/CheckTaskAccess ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：45 | 回复：0
CVE-2022-26244

A stored cross-site scripting (XSS) vulnerability in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the sp ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：43 | 回复：0
CVE-2022-26947

Archer 6.x through 6.9 SP3 (6.9.3.0) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：47 | 回复：0