CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-26291

lrzip v0.641 was discovered to contain a multiple concurrency use-after-free between the functions zpaq_decompress_buf() and clear_rulist(). This vulnerability allows attackers to cause a Denial of Se ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：46 | 回复：0
CVE-2021-43105

A vulnerability in the bailiwick checking function in Technitium DNS Server = v7.0 exists that allows specific malicious users to inject `NS` records of any domain (even TLDs) into the cache and condu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：38 | 回复：0
CVE-2022-26296

BOOM: The Berkeley Out-of-Order RISC-V Processor commit d77c2c3 was discovered to allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：31 | 回复：0
CVE-2022-26639

TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the DNSServers parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：45 | 回复：0
CVE-2022-26640

TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the minAddress parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：54 | 回复：0
CVE-2022-26641

TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the httpRemotePort parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：57 | 回复：0
CVE-2022-26642

TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the X_TP_ClonedMACAddress parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：51 | 回复：0
CVE-2021-44581

An SQL Injection vulnerabilty exists in Kreado Kreasfero 1.5 via the id parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：58 | 回复：0
CVE-2021-45865

A File Upload vulnerability exists in Sourcecodester Student Attendance Manageent System 1.0 via the file upload functionality.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：66 | 回复：0
CVE-2021-45866

A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Student Attendance Management System 1.0 via the couse filed in index.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：56 | 回复：0
CVE-2022-26555

A stored cross-site scripting (XSS) vulnerability in the Add a Button function of Eova v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the button n ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：50 | 回复：0
CVE-2022-25481

ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：40 | 回复：0
CVE-2022-25505

Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \include\Model\Category.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：45 | 回复：0
CVE-2021-36100

Specially crafted string in OTRS system configuration can allow the execution of any system command.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：38 | 回复：0
CVE-2022-0475

Malicious translator is able to inject JavaScript code in few translatable strings (where HTML is allowed). The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x ve ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：35 | 回复：0
CVE-2022-1004

Accounted time is shown in the Ticket Detail View (External Interface), even if ExternalFrontend::TicketDetailView###AccountedTimeDisplay is disabled.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：30 | 回复：0
CVE-2021-45876

Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by unauthenticated command injection. The url parameter of the function module downloadAndUpdate is vulnerable to an command Injection. Unfil ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：29 | 回复：0
CVE-2021-45877

Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by hard coded credentials. A hardcoded credential exist in /etc/tomcat8/tomcat-user.xml, which allows attackers to gain authorized access and ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：42 | 回复：0
CVE-2021-45878

Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by incorrect access control. Lack of access control on the web manger pages allows any user to view and modify information.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：38 | 回复：0
CVE-2022-0415

Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：34 | 回复：0
CVE-2022-24656

HexoEditor 1.1.8 is affected by Cross Site Scripting (XSS). By putting a common XSS payload in a markdown file, if opened with the app, will execute several times.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：43 | 回复：0
CVE-2022-1035

Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpac prior to 2.1.0-DEV.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：53 | 回复：0
CVE-2022-25570

In Click Studios (SA) Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has writ ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：41 | 回复：0
CVE-2020-24772

In Dreamacro Clash for Windows v0.11.4, an attacker could embed a malicious iframe in a website with a crafted URL that would launch the Clash Windows client and force it to open a remote SMB share. W ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：40 | 回复：0
CVE-2021-45117

The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not handle all error cases. This can lead to a NULL pointer dereference.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：29 | 回复：0
CVE-2022-26494

An XSS was identified in the Admin Web interface of PrimeKey SignServer before 5.8.1. JavaScript code must be used in a worker name before a Generate CSR request. Only an administrator can update a wo ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：30 | 回复：0
CVE-2022-22394

The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrictions, caused by improper enforcement of access controls. By signing in, an attacker could exploit th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：44 | 回复：0
CVE-2022-26960

connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：32 | 回复：0
CVE-2022-24235

A Cross-Site Request Forgery (CSRF) in the management portal of Snapt Aria v12.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：33 | 回复：0
CVE-2022-24236

An insecure permissions vulnerability in Snapt Aria v12.8 allows unauthenticated attackers to send e-mails from spoofed users' accounts.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：35 | 回复：0
CVE-2022-24237

The snaptPowered2 component of Snapt Aria v12.8 was discovered to contain a command injection vulnerability. This vulnerability allows authenticated attackers to execute arbitrary commands.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：37 | 回复：0
CVE-2022-25766

The package ungit before 1.5.20 are vulnerable to Remote Code Execution (RCE) via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values (remote and ref) are ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：32 | 回复：0
CVE-2021-24905

The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action, and does not validate the file to be deleted, ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：31 | 回复：0
CVE-2021-25019

The SEO Plugin by Squirrly SEO WordPress plugin before 11.1.12 does not escape the type parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scriptin ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：37 | 回复：0
CVE-2022-0229

The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passe ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：40 | 回复：0
CVE-2022-0364

The Modern Events Calendar Lite WordPress plugin before 6.4.0 does not sanitize and escape some of the Hourly Schedule parameters which could allow users with a role as low as contributor to perform S ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：42 | 回复：0
CVE-2022-0423

The 3D FlipBook WordPress plugin before 1.12.1 does not have authorisation and CSRF checks when updating its settings, and does not have any sanitisation/escaping, allowing any authenticated users, su ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：44 | 回复：0
CVE-2022-0514

Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：46 | 回复：0
CVE-2022-0515

Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：37 | 回复：0
CVE-2022-0590

The BulletProof Security WordPress plugin before 5.8 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unf ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：68 | 回复：0