漏洞 - 第121页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-44673

A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：94 | 回复：0
CVE漏洞

CVE-2022-26847

SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：89 | 回复：0
CVE漏洞

CVE-2022-26846

SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：98 | 回复：0
CVE漏洞

CVE-2022-26778

Veritas System Recovery (VSR) 18 and 21 stores a network destination password in the Windows registry during configuration of the backup configuration. This could allow a Windows user (who has suffici ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：111 | 回复：0
CVE漏洞

CVE-2022-26662

An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (C ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：129 | 回复：0
CVE漏洞

CVE-2022-26661

An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (pro ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：111 | 回复：0
CVE漏洞

CVE-2022-26652

NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：139 | 回复：0
CVE漏洞

CVE-2022-26521

Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the CatalogMedia ManagerImages settings can be changed by an admi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：125 | 回复：0
CVE漏洞

CVE-2022-26520

** DISPUTED ** In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：106 | 回复：0
CVE漏洞

CVE-2022-26488

In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the sy ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：112 | 回复：0
CVE漏洞

CVE-2022-26355

Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module (TPM ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：79 | 回复：0
CVE漏洞

CVE-2022-26333

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：108 | 回复：0
CVE漏洞

CVE-2022-26311

Couchbase Operator 2.2.x before 2.2.3 exposes Sensitive Information to an Unauthorized Actor. Secrets are not redacted in logs collected from Kubernetes environments.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：278 | 回复：0
CVE漏洞

CVE-2022-26143

The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：144 | 回复：0
CVE漏洞

CVE-2022-26131

Power Line Communications PLC4TRUCKS J2497 trailer receivers are susceptible to remote RF induced signals.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：124 | 回复：0
CVE漏洞

CVE-2022-26104

SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system message.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：140 | 回复：0
CVE漏洞

CVE-2022-26103

Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50, allows an attacker to access information which could lead to information gathering for further exploits and atta ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：100 | 回复：0
CVE漏洞

CVE-2022-26102

Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：84 | 回复：0
CVE漏洞

CVE-2022-26101

Fiori launchpad - versions 754, 755, 756, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：127 | 回复：0
CVE漏洞

CVE-2022-26100

SAPCAR - version 7.22, does not contain sufficient input validation on the SAPCAR archive. As a result, the SAPCAR process may crash, and the attacker may obtain privileged access to the system.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：88 | 回复：0
CVE漏洞

CVE-2022-25922

Power Line Communications PLC4TRUCKS J2497 trailer brake controllers implement diagnostic functions which can be invoked by replaying J2497 messages. There is no authentication or authorization for th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：127 | 回复：0
CVE漏洞

CVE-2022-25830

Information Exposure vulnerability in Galaxy Watch3 Plugin prior to version 2.2.09.22012751 allows attacker to access password information of connected WiFiAp in the log……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：83 | 回复：0
CVE漏洞

CVE-2022-25829

Information Exposure vulnerability in Watch Active2 Plugin prior to version 2.2.08.22012751 allows attacker to access password information of connected WiFiAp in the log……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：74 | 回复：0
CVE漏洞

CVE-2022-25828

Information Exposure vulnerability in Watch Active Plugin prior to version 2.2.07.22012751 allows attacker to access password information of connected WiFiAp in the log……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：73 | 回复：0
CVE漏洞

CVE-2022-25827

Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.22012751 allows attacker to access password information of connected WiFiAp in the log……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：66 | 回复：0
CVE漏洞

CVE-2022-25826

Information Exposure vulnerability in Galaxy S3 Plugin prior to version 2.2.03.22012751 allows attacker to access password information of connected WiFiAp in the log……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：59 | 回复：0
CVE漏洞

CVE-2022-25825

Improper access control vulnerability in Samsung Account prior to version 13.1.0.1 allows attackers to access to the authcode for sign-in.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：57 | 回复：0
CVE漏洞

CVE-2022-25824

Improper access control vulnerability in BixbyTouch prior to version 2.2.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：51 | 回复：0
CVE漏洞

CVE-2022-25823

Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.220126741 allows attackers to access user information in log.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：46 | 回复：0
CVE漏洞

CVE-2022-25822

An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：52 | 回复：0
CVE漏洞

CVE-2022-25821

Improper use of SMS buffer pointer in Shannon baseband prior to SMR Mar-2022 Release 1 allows OOB read.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：48 | 回复：0
CVE漏洞

CVE-2022-25820

A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physical attackers to perform brute force attack on screen lock password.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：51 | 回复：0
CVE漏洞

CVE-2022-25819

OOB read vulnerability in hdcp2 device node prior to SMR Mar-2022 Release 1 allow an attacker to view Kernel stack memory.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：43 | 回复：0
CVE漏洞

CVE-2022-25818

Improper boundary check in UWB stack prior to SMR Mar-2022 Release 1 allows arbitrary code execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：39 | 回复：0
CVE漏洞

CVE-2022-25817

Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to generate pinned-shortcut without user consent.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：63 | 回复：0
CVE漏洞

CVE-2022-25816

Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows attacker to change enable/disable without authentication……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：71 | 回复：0
CVE漏洞

CVE-2022-25815

PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：51 | 回复：0
CVE漏洞

CVE-2022-25814

PendingIntent hijacking vulnerability in Wearable Manager Installer prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIn ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：33 | 回复：0
CVE漏洞

CVE-2022-25566

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：49 | 回复：0
CVE漏洞

CVE-2022-25561

Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_42DE00. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：57 | 回复：0