CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-20073

In preloader (usb), there is a possible out of bounds write due to a integer underflow. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：28 | 回复：0
CVE-2022-20074

In preloader (partition), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：24 | 回复：0
CVE-2022-20075

In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：26 | 回复：0
CVE-2022-20076

In ged, there is a possible memory corruption due to an incorrect error handling. This could lead to local information disclosure with System execution privileges needed. User interaction is not neede ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：24 | 回复：0
CVE-2022-20077

In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for explo ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：29 | 回复：0
CVE-2022-20078

In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for explo ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：41 | 回复：0
CVE-2022-20079

In vow, there is a possible read of uninitialized data due to a improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：47 | 回复：0
CVE-2022-20080

In SUB2AF, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for ex ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：47 | 回复：0
CVE-2022-20081

In A-GPS, there is a possible man in the middle attack due to improper certificate validation. This could lead to remote information disclosure with no additional execution privileges needed. User int ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：40 | 回复：0
CVE-2022-22253

The DFX module has a vulnerability of improper validation of integrity check values.Successful exploitation of this vulnerability may affect system stability.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：56 | 回复：0
CVE-2022-22254

A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of this vulnerability may affect data confidentiality.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：56 | 回复：0
CVE-2022-22255

The application framework has a common DoS vulnerability.Successful exploitation of this vulnerability may affect the availability.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：50 | 回复：0
CVE-2022-22256

The DFX module has an access control vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：75 | 回复：0
CVE-2022-22257

The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：54 | 回复：0
CVE-2022-22258

The Wi-Fi module has an event notification vulnerability.Successful exploitation of this vulnerability may allow third-party applications to intercept event notifications and add information and resul ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：48 | 回复：0
CVE-2022-22571

An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Incapptic connect and affects all current versions.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：58 | 回复：0
CVE-2022-22572

A non-admin user with user management permission can escalate his privilege to admin user via password reset functionality. The vulnerability affects Incapptic Connect version 1.40.1.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：65 | 回复：0
CVE-2022-22954

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side te ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：63 | 回复：0
CVE-2022-22962

VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic link. Successful exploi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：68 | 回复：0
CVE-2022-22964

VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation that allows a user to escalate to root due to a vulnerable configuration file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：87 | 回复：0
CVE-2022-24804

Discourse is an open source platform for community discussion. In stable versions prior to 2.8.3 and beta versions prior 2.9.0.beta4 erroneously expose groups. When a group with restricted visibility ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：93 | 回复：0
CVE-2022-24815

JHipster is a development platform to quickly generate, develop, deploy modern web applications microservice architectures. SQL Injection vulnerability in entities for applications generated with th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：189 | 回复：0
CVE-2022-24829

Garden is an automation platform for Kubernetes development and testing. In versions prior to 0.12.39 multiple endpoints did not require authentication. In some operating modes this allows for an atta ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：356 | 回复：0
CVE-2022-25614

Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings Webinar (WordPress plugin) = 1.3.7 allows an attacker to Sync with Zoom Meetings.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：152 | 回复：0
CVE-2022-25615

Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings Webinar (WordPress plugin) = 1.3.8 allows cache deletion.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：93 | 回复：0
CVE-2022-25789

A maliciously crafted DWF, 3DS and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execut ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：67 | 回复：0
CVE-2022-25790

A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated boundaries when parsing the DWF files. Exploitation of ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：64 | 回复：0
CVE-2022-25791

A Memory Corruption vulnerability for DWF and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 may lead to code execution through maliciously crafted DLL files.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：44 | 回复：0
CVE-2022-25792

A maliciously crafted DXF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vuln ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：41 | 回复：0
CVE-2022-25794

An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.2 and prior may lead to code execution through maliciously crafted ActionScript Byte Code “ABC” files or information disclosure ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：32 | 回复：0
CVE-2022-25796

A Double Free vulnerability allows remote malicious actors to execute arbitrary code on DWF file in Autodesk Navisworks 2022 within affected installations. User interaction is required to exploit this ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：35 | 回复：0
CVE-2022-25831

Improper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to access secured data in certain conditions.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：32 | 回复：0
CVE-2022-25832

Improper authentication vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to use locked Myfiles app without authentication.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：37 | 回复：0
CVE-2022-25833

Improper authentication in ImsService prior to SMR Apr-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：31 | 回复：0
CVE-2022-26090

Improper access control vulnerability in SamsungContacts prior to SMR Apr-2022 Release 1 allows that attackers can access contact information without permission.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：33 | 回复：0
CVE-2022-26091

Improper access control vulnerability in Knox Manage prior to SMR Apr-2022 Release 1 allows that physical attackers can bypass Knox Manage using a function key of hardware keyboard.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：33 | 回复：0
CVE-2022-26092

Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows arbitrary code execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：30 | 回复：0
CVE-2022-26093

Null pointer dereference vulnerability in parser_irot function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：35 | 回复：0
CVE-2022-26094

Null pointer dereference vulnerability in parser_auxC function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：33 | 回复：0
CVE-2022-26095

Null pointer dereference vulnerability in parser_colr function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:13 | 阅读：30 | 回复：0