漏洞 - 第170页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-23449

A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions V7.3 Update 1), SIMATIC Energy Manager PRO (All versions V7.3 Update 1). A DLL Hijacking vulnerability could allow a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：32 | 回复：0
CVE漏洞

CVE-2022-23448

A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions V7.3 Update 1), SIMATIC Energy Manager PRO (All versions V7.3 Update 1). Affected applications improperly assign per ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-42029

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions V17 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-40368

A vulnerability has been identified in SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions V6.0.10), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATI ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：31 | 回复：0
CVE漏洞

CVE-2022-1302

In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthenticated attacker can craft a goose message, which may result in a denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：21 | 回复：0
CVE漏洞

CVE-2022-29080

The npm-dependency-versions package through 0.3.0 for Node.js allows command injection if an attacker is able to call dependencyVersions with a JSON object in which pkgs is a key, and there are shell ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：21 | 回复：0
CVE漏洞

CVE-2022-28347

A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：24 | 回复：0
CVE漏洞

CVE-2022-28346

An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：22 | 回复：0
CVE漏洞

CVE-2022-24839

org.cyberneko.html is an html parser written in Java. The fork of `org.cyberneko.html` used by Nokogiri (Rubygem) raises a `java.lang.OutOfMemoryError` exception when parsing ill-formed HTML markup. U ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：23 | 回复：0
CVE漏洞

CVE-2022-24836

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri ` v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encodin ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：28 | 回复：0
CVE漏洞

CVE-2022-24838

Nextcloud Calendar is a calendar application for the nextcloud framework. SMTP Command Injection in Appointment Emails via Newlines: as newlines and special characters are not sanitized in the email v ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：43 | 回复：0
CVE漏洞

CVE-2022-24837

HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor. Images uploaded with HedgeDoc version 1.9.1 and later have an enumerable filename after the upload, resulting in pote ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：27 | 回复：0
CVE漏洞

CVE-2022-24833

PrivateBin is minimalist, open source online pastebin clone where the server has zero knowledge of pasted data. In PrivateBin v1.4.0 a cross-site scripting (XSS) vulnerability was found. The vulnerab ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：26 | 回复：0
CVE漏洞

CVE-2022-24832

GoCD is an open source a continuous delivery server. The bundled gocd-ldap-authentication-plugin included with the GoCD Server fails to correctly escape special characters when using the username to c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：26 | 回复：0
CVE漏洞

CVE-2022-24827

Elide is a Java library that lets you stand up a GraphQL/JSON-API web service with minimal effort. When leveraging the following together: Elide Aggregation Data Store for Analytic Queries, Parameteri ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：25 | 回复：0
CVE漏洞

CVE-2022-28779

Uncontrolled search path element vulnerability in Samsung Android USB Driver windows installer program prior to version 1.7.50 allows attacker to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：20 | 回复：0
CVE漏洞

CVE-2022-28778

Improper access control vulnerability in Samsung Security Supporter prior to version 1.2.40.0 allows attacker to set the arbitrary folder as Secret Folder without Samsung Security Supporter permission……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：24 | 回复：0
CVE漏洞

CVE-2022-28777

Improper access control vulnerability in Samsung Members prior to version 13.6.08.5 allows local attacker to execute call function without CALL_PHONE permission.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：34 | 回复：0
CVE漏洞

CVE-2022-28776

Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user interactions.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：35 | 回复：0
CVE漏洞

CVE-2022-28775

Improper access control vulnerability in Samsung Flow prior to version 4.8.06.5 allows attacker to write the file without Samsung Flow permission.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：35 | 回复：0
CVE漏洞

CVE-2022-28544

Path traversal vulnerability in unzip method of InstallAgentCommonHelper in Galaxy store prior to version 4.5.40.5 allows attacker to access the file of Galaxy store.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：31 | 回复：0
CVE漏洞

CVE-2022-28543

Path traversal vulnerability in Samsung Flow prior to version 4.8.07.4 allows local attackers to read arbitrary files as Samsung Flow permission.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：80 | 回复：0
CVE漏洞

CVE-2022-28542

Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5 allows local attackers to access privileged content providers as Galaxy Store permission.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：32 | 回复：0
CVE漏洞

CVE-2022-28541

Uncontrolled search path element vulnerability in Samsung Update prior to version 3.0.77.0 allows attackers to execute arbitrary code as Samsung Update permission.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：28 | 回复：0
CVE漏洞

CVE-2022-27845

Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) in PlausibleHQ Plausible Analytics (WordPress plugin) = 1.2.2……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：27 | 回复：0
CVE漏洞

CVE-2022-27844

Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, Staging – WPvivid (WordPress plugin) versions = 0.9.70……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：26 | 回复：0
CVE漏洞

CVE-2022-27843

DLL hijacking vulnerability in Kies prior to version 2.6.4.22014_2 allows attacker to execute abitrary code.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：27 | 回复：0
CVE漏洞

CVE-2022-27842

DLL hijacking vulnerability in Smart Switch PC prior to version 4.2.22022_4 allows attacker to execute abitrary code.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：30 | 回复：0
CVE漏洞

CVE-2022-27841

Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：34 | 回复：0
CVE漏洞

CVE-2022-27840

Improper access control vulnerability in SamsungRecovery prior to version 8.1.43.0 allows local attckers to delete arbitrary files as SamsungRecovery permission.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：50 | 回复：0
CVE漏洞

CVE-2022-27839

Improper authentication vulnerability in SecretMode in Samsung Internet prior to version 16.2.1 allows attackers to access bookmark tab without proper credentials.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：32 | 回复：0
CVE漏洞

CVE-2022-27838

Improper access control vulnerability in FactoryCamera prior to version 2.1.96 allows attacker to access the file with system privilege.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：30 | 回复：0
CVE漏洞

CVE-2022-27837

A vulnerability using PendingIntent in Accessibility prior to version 12.5.3.2 in Android R(11.0) and 13.0.1.1 in Android S(12.0) allows attacker to access the file with system privilege.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：31 | 回复：0
CVE漏洞

CVE-2022-27836

Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Service prior to SMR Apr-2022 Release 1 allow local attackers to access arbitrary system files without a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：33 | 回复：0
CVE漏洞

CVE-2022-27835

Improper boundary check in UWB firmware prior to SMR Apr-2022 Release 1 allows arbitrary memory write.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：31 | 回复：0
CVE漏洞

CVE-2022-27834

Use after free vulnerability in dsp_context_unload_graph function of DSP driver prior to SMR Apr-2022 Release 1 allows attackers to perform malicious actions.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：30 | 回复：0
CVE漏洞

CVE-2022-27833

Improper input validation in DSP driver prior to SMR Apr-2022 Release 1 allows out-of-bounds write by integer overflow.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：31 | 回复：0
CVE漏洞

CVE-2022-27832

Improper boundary check in media.extractor library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via a crafted media file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：36 | 回复：0
CVE漏洞

CVE-2022-27831

Improper boundary check in sflvd_rdbuf_bits of libsflvextractor prior to SMR Apr-2022 Release 1 allows attackers to read out of bounds memory.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：38 | 回复：0
CVE漏洞

CVE-2022-27830

Improper validation vulnerability in SemBlurInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：41 | 回复：0