NETGEAR R6200v2 操作系统命令注入漏洞

The NETGEAR R6200v2 is a dual-band Gigabit wireless router from NETGEAR that complies with the IEEE 802.11ac standard. The NETGEAR R6200v2 suffers from a command injection vulnerability that originates from allowing a remotely authenticated attacker to modify values in vulnerable parameters. No...

CVE-2022-30078

NETGEAR R6200V2 firmware versions through R6200v2-V1.0.3.1210.1.11 and R6300V2 firmware versions through R6300v2-V1.0.4.5210.0.93 allow remote authenticated attackers to execute arbitrary command via shell metacharacters in the ipv6fix.cgi ipv6wanipaddr, ipv6lanipaddr, ipv6wanlength, or...

CVE-2022-34882

Information Exposure Through an Error Message vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to gain sensitive information. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows;...

CVE-2022-34882

The vulnerability CVE-2022-34882 affects Hitachi RAID Manager Storage Replication Adapter. Affected versions include 02.01.04–02.03.01 on Windows and 02.05.00 on Windows/Docker, with risk stemming from Information Exposure Through an Error Message that may disclose sensitive information to remote...

PT-2022-24797 · Blackboard · Blackboard Learn

Name of the Vulnerable Software and Affected Versions: Blackboard Learn version 1.10.1 Description: The issue allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain "webapps/bbcms/execute/" URL. The vendor disputes this,...

CVE-2022-2915

CVE-2022-2915 is a heap-based buffer overflow in SonicWall SMA100 firmware that affects 10.2.1.5-34sv and earlier. An authenticated remote attacker can cause DoS and potentially code execution. Remediation: upgrade to SMA100 10.2.1.6-37sv or later as noted by SonicWall advisories; exploitation st...

CVE-2022-38089

Stored cross-site scripting vulnerability in Exment PHP8 exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, PHP7 exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier allows a remote authenticated attacker to inject an arbitrary script...

CVE-2022-34486

Path traversal vulnerability in PukiWiki versions 1.4.5 to 1.5.3 allows a remote authenticated attacker with an administrative privilege to execute a malicious script via unspecified vectors...

CVE-2022-33311

Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors...

CVE-2022-32283

CVE-2022-32283 affects Cybozu Office (Cabinet component) from version 10.0.0 through 10.8.5. It is described as a browse restriction bypass vulnerability (CWE-284) that allows a remote authenticated attacker to obtain Cabinet data via unspecified vectors. The issue is tied to Cabinet access contr...

CVE-2022-2664

This CVE concerns the Private Cloud Management Platform. The vulnerability affects the POST Request Handler, specifically the function at /management/api/rcx_management/global_config_query, where an improper authentication issue is reported. The description states that manipulation of this endpoi...

CVE-2022-2272

This vulnerability allows remote attackers to bypass authentication on affected installations of Sante PACS Server 3.0.4. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the login endpoint. When parsing the username element,...

CVE-2022-27621

CVE-2022-27621 affects Synology USB Copy (webapi component). Versions prior to 2.2.0-1086 are vulnerable to a Path Traversal flaw that allows remote authenticated users to read or write arbitrary files via unspecified vectors. The remediation is to upgrade to 2.2.0-1086 or later.

CVE-2022-27618

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to delete arbitrary files via unspecified vectors...

CVE-2022-27620

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors...

Vinchin Backup and Recovery 信任管理问题漏洞

Vinchin Backup and Recovery is an easy-to-use, safe and reliable virtual machine data protection software from China Yunqi Technology Vinchin. It is used for backup and recovery. Vinchin Backup and Recovery version 6.5.0.17561 suffers from a trust management issue vulnerability that stems from...

PT-2022-18523 · Synology · Synology Storage Analyzer

Name of the Vulnerable Software and Affected Versions: Synology Storage Analyzer versions prior to 2.1.0-0390 Description: The issue is related to a Path Traversal vulnerability in the webapi component, allowing remote authenticated users to delete arbitrary files via unspecified vectors...

CVE-2022-22684

Improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in task management component in Synology DiskStation Manager DSM before 6.2.4-25553 allows remote authenticated users to execute arbitrary commands via unspecified vectors...

CVE-2022-27613

Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in webapi component in Synology CardDAV Server before 6.0.10-0153 allows remote authenticated users to inject SQL commands via unspecified vectors...

CVE-2022-27611

Summary: CVE-2022-27611 is a path traversal vulnerability in the Synology Audio Station webapi component. An improper limitation of a pathname to a restricted directory enables remote authenticated users to delete arbitrary files via unspecified vectors. Affected product/version: Synology Audio S...