CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-0330

A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the sys ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：54 | 回复：0
CVE-2022-0435

A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：62 | 回复：0
CVE-2022-0494

A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMI ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：83 | 回复：0
CVE-2022-0500

A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：75 | 回复：0
CVE-2022-0759

A flaw was found in all versions of kubeclient up to (but not including) v4.9.3, the Ruby client for Kubernetes REST API, in the way it parsed kubeconfig files. When the kubeconfig file does not confi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：157 | 回复：0
CVE-2022-0897

A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the `driver-nwfilters` mutex before iterating over virNWFilterObj instances. There was no ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：342 | 回复：0
CVE-2022-0983

An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：211 | 回复：0
CVE-2022-0988

Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：112 | 回复：0
CVE-2022-0995

An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：87 | 回复：0
CVE-2022-1049

A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：69 | 回复：0
CVE-2022-25590

SurveyKing v0.2.0 was discovered to retain users' session cookies after logout, allowing attackers to login to the system and access data using the browser cache when the user exits the applicatio ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：74 | 回复：0
CVE-2022-25606

Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions = 1.68.6). Vulnerable parameters download_path, download_path_url, ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：102 | 回复：0
CVE-2022-25610

Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat = 20220115 allows an attacker to store the malicious code. However, the attack requires specific conditions, making it hard to exp ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：127 | 回复：0
CVE-2022-25611

Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planner plugin = 1.5.4 allows attackers with contributor or higher user roles to inject the malicious script by using vulnerable paramet ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：81 | 回复：0
CVE-2022-25612

Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in Simple Event Planner WordPress plugin = 1.5.4 allows user with author or higher user rights inject the malicious code vi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：66 | 回复：0
CVE-2022-26573

Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/art/data.html via the select and input parameters.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：48 | 回复：0
CVE-2022-27884

Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/plog/index.html via the wd parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：48 | 回复：0
CVE-2022-27885

Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/website/data.html via the select and input parameters.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：54 | 回复：0
CVE-2022-27886

Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/ulog/index.html via the wd parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：36 | 回复：0
CVE-2022-27887

Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/vod/data.html via the repeat parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：37 | 回复：0
CVE-2022-27906

Mendelson OFTP2 before 1.1 b43 is affected by directory traversal. To access the vulnerable code path, the attacker has to know one of the configured Odette IDs of the OFTP2 server. An attacker can up ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：36 | 回复：0
CVE-2022-27919

Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administrat ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：36 | 回复：0
CVE-2022-27920

libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggestions URL parameter. This is fixed in 10.1.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：48 | 回复：0
CVE-2021-44905

Incorrect permissions in the Bluetooth Services in the Fortessa FTBTLD Smart Lock as of 12-13-2022 allows a remote attacker to disable the lock via an unauthenticated edit to the lock name.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：39 | 回复：0
CVE-2022-24643

A stored cross-site scripting (XSS) issue was discovered in the OpenEMR Hospital Information Management System version 6.0.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：33 | 回复：0
CVE-2022-25523

TypesetterCMS v5.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which is exploited via a crafted POST request.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：30 | 回复：0
CVE-2022-26197

Joget DX 7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Datalist table.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：37 | 回复：0
CVE-2022-26659

Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：39 | 回复：0
CVE-2021-44683

The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due to mishandling of the JavaScript window.open function (used to open a secondary browser window). This could be exploited by trickin ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：38 | 回复：0
CVE-2022-24783

Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicious actor controlling the code executed in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：34 | 回复：0
CVE-2022-24784

Statamic is a Laravel and Git powered CMS. Before versions 3.2.39 and 3.3.2, it is possible to confirm a single character of a user's password hash using a specially crafted regular expression fil ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：45 | 回复：0
CVE-2021-40904

The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. As a result, remot ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：33 | 回复：0
CVE-2021-40905

The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of .mkp files, which are Extension Packages, making remote code execution ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：36 | 回复：0
CVE-2021-40906

CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. This Reflected XSS allows an attacker to open a backdo ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：38 | 回复：0
CVE-2022-22274

A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the fi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：29 | 回复：0
CVE-2022-22995

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：32 | 回复：0
CVE-2022-1071

User after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：33 | 回复：0
CVE-2022-27938

stb_image.h (aka the stb image loader) 2.19, as used in libsixel and other products, has a reachable assertion in stbi__create_png_image_raw.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：30 | 回复：0
CVE-2022-27939

tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：28 | 回复：0
CVE-2022-27940

tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：37 | 回复：0