CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-0797

Out of bounds memory access in Mojo in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：22 | 回复：0
CVE-2022-0798

Use after free in MediaStream in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chro ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：21 | 回复：0
CVE-2022-0799

Insufficient policy enforcement in Installer in Google Chrome on Windows prior to 99.0.4844.51 allowed a remote attacker to perform local privilege escalation via a crafted offline installer file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：17 | 回复：0
CVE-2022-0800

Heap buffer overflow in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：25 | 回复：0
CVE-2022-0802

Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：27 | 回复：0
CVE-2022-0803

Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to tamper with the contents of the Omnibox (URL bar) via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：27 | 回复：0
CVE-2022-0804

Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：38 | 回复：0
CVE-2022-0805

Use after free in Browser Switcher in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption v ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：31 | 回复：0
CVE-2022-0806

Data leak in Canvas in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in screen sharing to potentially leak cross-origin data via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：24 | 回复：0
CVE-2022-0807

Inappropriate implementation in Autofill in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：22 | 回复：0
CVE-2022-0808

Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in a series of user interaction to potentially exploit he ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：25 | 回复：0
CVE-2022-0809

Out of bounds memory access in WebXR in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：22 | 回复：0
CVE-2022-25584

Seyeon Tech Co., Ltd FlexWATCH FW3170-PS-E Network Video System 4.23-3000_GY allows attackers to access sensitive information.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：19 | 回复：0
CVE-2022-26585

Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability via /cms/content/list.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：20 | 回复：0
CVE-2022-26619

Halo Blog CMS v1.4.17 was discovered to allow attackers to upload arbitrary files via the Attachment Upload function.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：19 | 回复：0
CVE-2021-42324

An issue was discovered on DCN (Digital China Networks) S4600-10P-SI devices before R0241.0470. Due to improper parameter validation in the console interface, it is possible for a low-privileged authe ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：19 | 回复：0
CVE-2021-43008

Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a re ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：19 | 回复：0
CVE-2021-44108

A null pointer dereference in src/amf/namf-handler.c in Open5GS 2.3.6 and earlier allows remote attackers to Denial of Service via a crafted sbi request to amf.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：18 | 回复：0
CVE-2021-44109

A buffer overflow in lib/sbi/message.c in Open5GS 2.3.6 and earlier allows remote attackers to Denial of Service via a crafted sbi request.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：16 | 回复：0
CVE-2021-45891

An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4., that allows attackers to escalate privileges within the application, since all permission checks are done client-side, not server-side.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：19 | 回复：0
CVE-2021-45892

An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is storage of Passwords in a Recoverable Format.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：17 | 回复：0
CVE-2021-45893

An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is Improper Handling of Case Sensitivity, which makes password guessing easier.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：18 | 回复：0
CVE-2022-24231

Simple Student Information System v1.0 was discovered to contain a SQL injection vulnerability via add/Student.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：18 | 回复：0
CVE-2022-25356

Alt-N MDaemon Security Gateway through 8.5.0 allows SecurityGateway.dll?view=login XML Injection.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：22 | 回复：0
CVE-2022-26281

BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：21 | 回复：0
CVE-2022-26615

A cross-site scripting (XSS) vulnerability in College Website Content Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User Prof ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：23 | 回复：0
CVE-2021-33207

The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an HTTP response with a 570 status code.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：22 | 回复：0
CVE-2021-39114

Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands b ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：24 | 回复：0
CVE-2022-1212

Use-After-Free in str_escape in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：20 | 回复：0
CVE-2022-1213

SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：21 | 回复：0
CVE-2022-23909

There is an unquoted service path in Sherpa Connector Service (SherpaConnectorService.exe) 2020.2.20328.2050. This might allow a local user to escalate privileges by creating a C:\Program Files\Sherpa ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：24 | 回复：0
CVE-2022-25154

A DLL hijacking vulnerability in Samsung portable SSD T5 PC software before 1.6.9 could allow a local attacker to escalate privileges. (An attacker must already have user privileges on Windows 7, 10, ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：23 | 回复：0
CVE-2022-1235

Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：18 | 回复：0
CVE-2022-1236

Weak Password Requirements in GitHub repository weseek/growi prior to v5.0.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：17 | 回复：0
CVE-2021-38834

easy-mock v1.5.0-v1.6.0 allows remote attackers to bypass the vm2 sandbox and execute arbitrary system commands through special js code.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：20 | 回复：0
CVE-2022-26356

Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was named HVMOP_track_dirty_vram before Xen 4.9) is racy w ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：20 | 回复：0
CVE-2022-26357

race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a physical device with a particular domain. The ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：21 | 回复：0
CVE-2022-26358

IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, RMRR) for Intel V ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：20 | 回复：0
CVE-2022-26359

IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, RMRR) for Intel V ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：20 | 回复：0
CVE-2022-26360

IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, RMRR) for Intel V ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：21 | 回复：0