CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-22650

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A plug-in may be able to inherit the application&#39 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：55 | 回复：0
CVE-2022-22651

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.3. A remote attacker may be able to cause unexpected system termination or corrupt ke ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：52 | 回复：0
CVE-2022-22652

The GSMA authentication panel could be presented on the lock screen. The issue was resolved by requiring device unlock to interact with the GSMA authentication panel. This issue is fixed in iOS 15.4 a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：54 | 回复：0
CVE-2022-22653

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.4 and iPadOS 15.4. A malicious website may be able to access information about the user and their devices.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：48 | 回复：0
CVE-2022-22654

A user interface issue was addressed. This issue is fixed in watchOS 8.5, Safari 15.4. Visiting a malicious website may lead to address bar spoofing.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：69 | 回复：0
CVE-2022-22656

An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A local attacker may be able ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：71 | 回复：0
CVE-2022-22657

A memory initialization issue was addressed with improved memory handling. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：59 | 回复：0
CVE-2022-22659

A logic issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4. An attacker in a privileged network position may be able to leak sensitive user information ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：49 | 回复：0
CVE-2022-22660

This issue was addressed with a new entitlement. This issue is fixed in macOS Monterey 12.3. An app may be able to spoof system notifications and UI.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：54 | 回复：0
CVE-2022-22661

A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to ex ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：68 | 回复：0
CVE-2022-22664

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexp ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：68 | 回复：0
CVE-2022-22665

A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：66 | 回复：0
CVE-2022-22666

A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. Processing a maliciously crafted image may lead to heap corru ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：96 | 回复：0
CVE-2022-22667

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：70 | 回复：0
CVE-2022-22669

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：63 | 回复：0
CVE-2022-22670

An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. A malicious application may be able to identify what other app ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：82 | 回复：0
CVE-2022-22671

An authentication issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access to an iOS device may be able to access photos from ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：79 | 回复：0
CVE-2022-24091

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：127 | 回复：0
CVE-2022-24092

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：246 | 回复：0
CVE-2022-25602

Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin (versions = 4.1.7).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：121 | 回复：0
CVE-2022-25603

Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in MaxGalleria WordPress plugin (versions 6.2.5).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：102 | 回复：0
CVE-2022-25604

Authenticated (contributor of higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Price Table plugin (versions = 0.2.2).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：99 | 回复：0
CVE-2022-25605

Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions = 1.68.6). Vvulnerable parameters download_path, download_path_url, ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：109 | 回复：0
CVE-2022-25607

Authenticated (author or higher user role) SQL Injection (SQLi) vulnerability discovered in FV Flowplayer Video Player WordPress plugin (versions = 7.5.15.727).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：67 | 回复：0
CVE-2022-27243

An issue was discovered in MISP before 2.4.156. app/View/Users/terms.ctp allows Local File Inclusion via the custom terms file setting.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：63 | 回复：0
CVE-2022-27244

An issue was discovered in MISP before 2.4.156. A malicious site administrator could store an XSS payload in the custom auth name. This would be executed each time the administrator modifies a user.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：70 | 回复：0
CVE-2022-27245

An issue was discovered in MISP before 2.4.156. app/Model/Server.php does not restrict generateServerSettings to the CLI. This could lead to SSRF.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：68 | 回复：0
CVE-2022-27246

An issue was discovered in MISP before 2.4.156. An SVG org logo (which may contain JavaScript) is not forbidden by default.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：51 | 回复：0
CVE-2022-26502

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：47 | 回复：0
CVE-2022-25427

Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the schedendtime parameter in the openSchedWifi function.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：58 | 回复：0
CVE-2022-25428

Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the deviceId parameter in the saveparentcontrolinfo function.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：43 | 回复：0
CVE-2022-25429

Tenda AC9 v15.03.2.21 was discovered to contain a buffer overflow via the time parameter in the saveparentcontrolinfo function.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：42 | 回复：0
CVE-2022-25431

Tenda AC9 v15.03.2.21 was discovered to contain multiple stack overflows via the NPTR, V12, V10 and V11 parameter in the Formsetqosband function.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：43 | 回复：0
CVE-2022-25433

Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the urls parameter in the saveparentcontrolinfo function.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：36 | 回复：0
CVE-2022-25434

Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the firewallen parameter in the SetFirewallCfg function.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：47 | 回复：0
CVE-2022-25435

Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetStaticRoutecfg function.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：51 | 回复：0
CVE-2022-25437

Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetVirtualServerCfg function.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：75 | 回复：0
CVE-2022-25438

Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the SetIPTVCfg function.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：110 | 回复：0
CVE-2022-25439

Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：64 | 回复：0
CVE-2022-25440

Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：61 | 回复：0