CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2016-4991

Input passed to the Pdf() function is shell escaped and passed to child_process.exec() during PDF rendering. However, the shell escape does not properly encode all special characters, namely, semicolo ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1241 | 回复：0
CVE-2016-5413

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1419 | 回复：0
CVE-2016-5415

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1198 | 回复：0
CVE-2016-5428

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1399 | 回复：0
CVE-2016-6314

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1147 | 回复：0
CVE-2016-6315

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1271 | 回复：0
CVE-2016-6324

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1220 | 回复：0
CVE-2016-6326

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：2116 | 回复：0
CVE-2016-7029

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1195 | 回复：0
CVE-2016-7049

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1150 | 回复：0
CVE-2022-2564

Prototype Pollution in GitHub repository automattic/mongoose prior to 6.4.6.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1315 | 回复：0
CVE-2022-34578

Open Source Point of Sale v3.3.7 was discovered to contain an arbitrary file upload vulnerability via the Update Branding Settings page.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1452 | 回复：0
CVE-2022-34593

DPTech VPN v8.1.28.0 was discovered to contain an arbitrary file read vulnerability.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1370 | 回复：0
CVE-2021-41556

sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. If a victim executes an attacker-controlled squirrel s ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1637 | 回复：0
CVE-2022-29360

The Email Viewer in RainLoop through 1.6.0 allows XSS via a crafted email message.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1356 | 回复：0
CVE-2022-29558

Realtek rtl819x-SDK before v3.6.1 allows command injection over the web interface.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1323 | 回复：0
CVE-2022-2399

Use after free in WebGPU in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1213 | 回复：0
CVE-2022-30287

Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP object ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1618 | 回复：0
CVE-2022-34568

SDL v1.2 was discovered to contain a use-after-free via the XFree function at /src/video/x11/SDL_x11yuv.c.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1192 | 回复：0
CVE-2022-34580

Advanced School Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the address parameter at ip/school/index.php.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1258 | 回复：0
CVE-2021-39088

IBM QRadar SIEM 7.3, 7.4, and 7.5 is vulnerable to local privilege escalation if this could be combined with other unknown vulnerabilities then privilege escalation could be performed. IBM X-Force ID: ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1778 | 回复：0
CVE-2022-34555

TP-LINK TL-R473G 2.0.1 Build 220529 Rel.65574n was discovered to contain a remote code execution vulnerability which is exploited via a crafted packet.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1316 | 回复：0
CVE-2022-34556

PicoC v3.2.2 was discovered to contain a NULL pointer dereference at variable.c.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1393 | 回复：0
CVE-2022-34557

Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /pages/permit/permit.php.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1315 | 回复：0
CVE-2022-34558

WMAgent v1.3.3rc2 and 1.3.3rc1, reqmgr 2 1.4.1rc5 and 1.4.0rc2, reqmon 1.4.1rc5, and global-workqueue 1.4.1rc5 allows attackers to execute arbitrary code via a crafted dbs-client package.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1257 | 回复：0
CVE-2022-36234

SimpleNetwork TCP Server commit 29bc615f0d9910eb2f59aa8dff1f54f0e3af4496 was discovered to contain a double free vulnerability which is exploited via crafted TCP packets.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1245 | 回复：0
CVE-2022-36752

png2webp v1.0.4 was discovered to contain an out-of-bounds write via the function w2p. This vulnerability is exploitable via a crafted png file.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1174 | 回复：0
CVE-2022-1311

Use after free in shell in Google Chrome on ChromeOS prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：751 | 回复：0
CVE-2022-1312

Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：983 | 回复：0
CVE-2022-1313

Use after free in tab groups in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：863 | 回复：0
CVE-2022-1314

Type confusion in V8 in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：1265 | 回复：0
CVE-2022-21802

The package grapesjs before 0.19.5 are vulnerable to Cross-site Scripting (XSS) due to an improper sanitization of the class name in Selector Manager.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：819 | 回复：0
CVE-2022-2514

The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：828 | 回复：0
CVE-2022-2522

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0060.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：888 | 回复：0
CVE-2022-2523

Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.2.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：952 | 回复：0
CVE-2021-40335

A vulnerability exists in the HTTP web interface where the web interface does not sufficiently verify if a well-formed, valid, consistent request was intentionally provided by the user who submitted t ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：757 | 回复：0
CVE-2021-40336

A vulnerability exists in the http web interface where the web interface does not validate data in an HTTP header. This causes a possible HTTP response splitting, which if exploited could lead an atta ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：1200 | 回复：0
CVE-2022-26305

An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted author was done by only matching the serial number and issuer string of the ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：748 | 回复：0
CVE-2022-26306

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in Lib ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：738 | 回复：0
CVE-2022-26307

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in Lib ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：1134 | 回复：0