漏洞 - 第236页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-20089

In aee driver, there is a possible memory corruption due to active debug code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：218 | 回复：0
CVE漏洞

CVE-2022-20088

In aee driver, there is a possible reference count mistake due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：130 | 回复：0
CVE漏洞

CVE-2022-20087

In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：121 | 回复：0
CVE漏洞

CVE-2022-20085

In netdiag, there is a possible symbolic link following due to an improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：96 | 回复：0
CVE漏洞

CVE-2022-20084

In telephony, there is a possible way to disable receiving emergency broadcasts due to a missing permission check. This could lead to local escalation of privilege with no additional execution privile ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：89 | 回复：0
CVE漏洞

CVE-2022-22368

IBM Spectrum Scale 5.1.0 through 5.1.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 221012.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：91 | 回复：0
CVE漏洞

CVE-2022-1331

In four instances DMARS (All versions prior to v2.1.10.24) does not properly restrict references of XML external entities while processing specific project files, which may allow unauthorized informat ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：83 | 回复：0
CVE漏洞

CVE-2021-29854

IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remot ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：91 | 回复：0
CVE漏洞

CVE-2022-29001

In SpringBootMovie =1.2, the uploaded file suffix parameter is not filtered, resulting in arbitrary file upload vulnerability……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：105 | 回复：0
CVE漏洞

CVE-2022-28599

A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 that allows an authenticated user to upload a malicious .pdf file which acts as a stored XSS payload. If this stored XSS payl ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：89 | 回复：0
CVE漏洞

CVE-2022-28588

In SpringBootMovie =1.2 when adding movie names, malicious code can be stored because there are no filtering parameters, resulting in stored XSS.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：119 | 回复：0
CVE漏洞

CVE-2022-28585

EmpireCMS 7.5 has a SQL injection vulnerability in AdClass.php……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：104 | 回复：0
CVE漏洞

CVE-2021-46440

Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request, get the victim&#39 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：154 | 回复：0
CVE漏洞

CVE-2022-28505

Jfinal_cms 5.1.0 is vulnerable to SQL Injection via com.jflyfox.system.log.LogController.java.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：187 | 回复：0
CVE漏洞

CVE-2022-27962

Bluecms 1.6 has a SQL injection vulnerability at cooike.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：200 | 回复：0
CVE漏洞

CVE-2022-28561

There is a stack overflow vulnerability in the /goform/setMacFilterCfg function in the httpd service of Tenda ax12 22.03.01.21_cn router. An attacker can obtain a stable shell through a carefully cons ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：169 | 回复：0
CVE漏洞

CVE-2022-28560

There is a stack overflow vulnerability in the goform/fast_setting_wifi_set function in the httpd service of Tenda ac9 15.03.2.21_cn router. An attacker can obtain a stable shell through a carefully c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：157 | 回复：0
CVE漏洞

CVE-2022-23400

A stack-based buffer overflow vulnerability exists in the IGXMPXMLParser::parseDelimiter functionality of Accusoft ImageGear 19.10. A specially-crafted PSD file can overflow a stack buffer, which coul ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：124 | 回复：0
CVE漏洞

CVE-2022-22137

A memory corruption vulnerability exists in the ioca_mys_rgb_allocate functionality of Accusoft ImageGear 19.10. A specially-crafted malformed file can lead to an arbitrary free. An attacker can provi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：84 | 回复：0
CVE漏洞

CVE-2022-1473

The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificate ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：78 | 回复：0
CVE漏洞

CVE-2022-1434

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：61 | 回复：0
CVE漏洞

CVE-2022-1343

The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a succe ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：51 | 回复：0
CVE漏洞

CVE-2022-1292

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. O ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：51 | 回复：0
CVE漏洞

CVE-2022-0882

A bug exists where an attacker can read the kernel log through exposed Zircon kernel addresses without the required capability ZX_RSRC_KIND_ROOT. It is recommended to upgrade the Fuchsia kernel to 4.1 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：83 | 回复：0
CVE漏洞

CVE-2021-22573

The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：102 | 回复：0
CVE漏洞

CVE-2021-22556

The Security Team discovered an integer overflow bug that allows an attacker with code execution to issue memory cache invalidation operations on pages that they don’t own, allowing them to control k ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：92 | 回复：0
CVE漏洞

CVE-2022-28590

A Remote Code Execution (RCE) vulnerability exists in Pixelimity 1.0 via admin/admin-ajax.php?action=install_theme.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：59 | 回复：0
CVE漏洞

CVE-2022-28589

A stored cross-site scripting (XSS) vulnerability in Pixelimity 1.0 allows attackers to execute arbitrary web scripts or HTML via the Title field in admin/pages.php?action=add_new……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：54 | 回复：0
CVE漏洞

CVE-2022-0916

An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization opera ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：47 | 回复：0
CVE漏洞

CVE-2021-39390

Stored XSS in PartKeepr 1.4.0 Edit section in multiple api endpoints via name parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：52 | 回复：0
CVE漏洞

CVE-2021-42165

MitraStar GPT-2541GNAC-N1 (HGU) 100VNZ0b33 devices allow remote authenticated users to obtain root access by executing command deviceinfo show file /bin/bash because of incorrect sanitization of param ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：53 | 回复：0
CVE漏洞

CVE-2021-42218

OMPL v1.5.2 contains a memory leak in VFRRT.cpp……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：95 | 回复：0
CVE漏洞

CVE-2021-41959

JerryScript Git version 14ff5bf does not sufficiently track and release allocated memory via jerry-core/ecma/operations/ecma-regexp-object.c after RegExp, which causes a memory leak.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：156 | 回复：0
CVE漏洞

CVE-2022-23063

In Shopizer versions 2.3.0 to 3.0.1 are vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in, will stil ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：127 | 回复：0
CVE漏洞

CVE-2022-1554

Path Traversal due to `send_file` call in GitHub repository clinical-genomics/scout prior to 4.52.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：91 | 回复：0
CVE漏洞

CVE-2022-21949

A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. This can be used to gain ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：130 | 回复：0
CVE漏洞

CVE-2022-1214

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent acciden ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：169 | 回复：0
CVE漏洞

CVE-2022-20767

A vulnerability in the Snort rule evaluation function of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：100 | 回复：0
CVE漏洞

CVE-2022-20760

A vulnerability in the DNS inspection handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：76 | 回复：0
CVE漏洞

CVE-2022-20759

A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authen ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:32 | 阅读：68 | 回复：0