CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-21779

In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：625 | 回复：0
CVE-2022-21780

In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：515 | 回复：0
CVE-2022-21781

In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：559 | 回复：0
CVE-2022-21782

In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：672 | 回复：0
CVE-2022-21783

In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：764 | 回复：0
CVE-2022-21784

In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：679 | 回复：0
CVE-2022-21785

In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：456 | 回复：0
CVE-2022-21786

In audio DSP, there is a possible memory corruption due to improper casting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed fo ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：545 | 回复：0
CVE-2022-21787

In audio DSP, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not n ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：683 | 回复：0
CVE-2022-23172

An attacker can access to Forgot my password button, as soon as he puts users is valid in the system, the system would issue a message that a password reset email had been sent to user. This way you c ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：516 | 回复：0
CVE-2022-23173

this vulnerability affect user that even not allowed to access via the web interface. First of all, the attacker needs to access the Login menu - demo site then he can see in this menu all the functio ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：472 | 回复：0
CVE-2022-23713

A cross-site-scripting (XSS) vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：998 | 回复：0
CVE-2022-23714

A local privilege escalation (LPE) issue was discovered in the ransomware canaries features of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges t ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：1104 | 回复：0
CVE-2022-30619

Editable SQL Queries behind Base64 encoding sending from the Client-Side to The Server-Side for a particular API used in legacy Work Center module. He attack is available for any authenticated user, i ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：1132 | 回复：0
CVE-2022-30929

Mini-Tmall v1.0 is vulnerable to Insecure Permissions via tomcat-embed-jasper.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：751 | 回复：0
CVE-2021-3695

A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：712 | 回复：0
CVE-2021-3696

A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：474 | 回复：0
CVE-2021-3697

A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some tri ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：689 | 回复：0
CVE-2022-33737

The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：687 | 回复：0
CVE-2022-33738

OpenVPN Access Server before 2.11 uses a weak random generator used to create user session token for the web portal……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：664 | 回复：0
CVE-2022-26078

Gallagher Controller 6000 is vulnerable to a Denial of Service attack via conflicting ARP packets with a duplicate IP address. This issue affects: Gallagher Gallagher Controller 6000 vCR8.60 versions ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：609 | 回复：0
CVE-2022-26348

Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk, an ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：633 | 回复：0
CVE-2022-34595

Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function setipv6status.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：521 | 回复：0
CVE-2022-34596

Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function WanParameterSetting.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：755 | 回复：0
CVE-2022-34597

Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability via the function WanParameterSetting.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：598 | 回复：0
CVE-2022-34598

The udpserver in H3C Magic R100 V200R004 and V100R005 has the 9034 port opened, allowing attackers to execute arbitrary commands.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：569 | 回复：0
CVE-2022-31111

Frontier is Substrate's Ethereum compatibility layer. In affected versions the truncation done when converting between EVM balance type and Substrate balance type was incorrectly implemented. This ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：531 | 回复：0
CVE-2022-31124

openssh_key_parser is an open source Python package providing utilities to parse and pack OpenSSH private and public key files. In versions prior to 0.0.6 if a field of a key is shorter than it is dec ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：942 | 回复：0
CVE-2022-31125

Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to bypass authentication and ac ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：512 | 回复：0
CVE-2022-31126

Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to code execution by sending a ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：549 | 回复：0
CVE-2022-31127

NextAuth.js is a complete open source authentication solution for Next.js applications. An attacker can pass a compromised input to the e-mail (https://next-auth.js.org/getting-started/rest-api#post-a ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：515 | 回复：0
CVE-2022-31129

moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using stri ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：615 | 回复：0
CVE-2022-31131

Nextcloud mail is a Mail app for the Nextcloud home server product. Versions of Nextcloud mail prior to 1.12.2 were found to be missing user account ownership checks when performing tasks related to m ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：541 | 回复：0
CVE-2022-2316

HTML injection vulnerability in secure messages of Devolutions Server before 2022.2 allows attackers to alter the rendering of the page or redirect a user to another site.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：1262 | 回复：0
CVE-2022-2318

There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：664 | 回复：0
CVE-2022-33047

OTFCC v0.10.4 was discovered to contain a heap buffer overflow after free via otfccbuild.c.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：512 | 回复：0
CVE-2014-8164

A insecure configuration for certificate verification (http.verify_mode = OpenSSL::SSL::VERIFY_NONE) may lead to verification bypass in Red Hat CloudForms 5.x.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：838 | 回复：0
CVE-2015-3172

EidoGo is susceptible to Cross-Site Scripting (XSS) attacks via maliciously crafted SGF input.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：521 | 回复：0
CVE-2015-3173

custom-content-type-manager Wordpress plugin can be used by an administrator to achieve arbitrary PHP remote code execution.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：728 | 回复：0
CVE-2021-4234

OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting i ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：859 | 回复：0