CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-44628

A Buffer Overflow vulnerabiltiy exists in TP-LINK WR-886N 20190826 2.3.8 in thee /cloud_config/router_post/login feature, which allows malicious users to execute arbitrary code on the system via a cra ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：75 | 回复：0
CVE-2021-44629

A Buffer Overflow vulnerabilitiy exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/register feature, which allows malicious users to execute arbitrary code on the system via a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：85 | 回复：0
CVE-2021-44630

A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/modify_account_pwd feature, which allows malicious users to execute arbitrary code on the syst ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：87 | 回复：0
CVE-2021-44631

A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/reset_cloud_pwd feature, which allows malicous users to execute arbitrary code on the system v ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：105 | 回复：0
CVE-2021-44632

A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/upgrade_info feature, which allows malicious users to execute arbitrary code on the system via ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：99 | 回复：0
CVE-2021-44750

An arbitrary code execution vulnerability was found in the F-Secure Support Tool. A standard user can craft a special configuration file, which when run by administrator can execute any commands.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：126 | 回复：0
CVE-2021-46408

Tenda AX12 v22.03.01.21 was discovered to contain a stack buffer overflow in the function sub_422CE4. This vulnerability allows attackers to cause a Denial of Service (DoS) via the strcpy parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：111 | 回复：0
CVE-2021-4023

A flaw was found in the io-workqueue implementation in the Linux kernel versions prior to 5.15-rc1. The kernel can panic when an improper cancellation operation triggers the submission of new io-uring ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：99 | 回复：0
CVE-2021-4045

TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：107 | 回复：0
CVE-2021-4095

A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to ca ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：108 | 回复：0
CVE-2022-0204

A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：181 | 回复：0
CVE-2022-0433

A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the map_get_next_key function of the BPF bloom filter. This flaw allows a local user to cra ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：114 | 回复：0
CVE-2022-0507

Found a potential security vulnerability inside the Pandora API. Affected Pandora FMS version range: all versions of NG version, up to OUM 759. This vulnerability could allow an attacker with authenti ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：107 | 回复：0
CVE-2022-0516

A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obta ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：85 | 回复：0
CVE-2022-0618

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This vulnerability is caused by a logical error when par ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：79 | 回复：0
CVE-2022-0725

A flaw was found in KeePass. The vulnerability occurs due to logging the plain text passwords in the system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to inte ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：112 | 回复：0
CVE-2022-0813

PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：83 | 回复：0
CVE-2022-0847

A flaw was found in the way the flags member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus con ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：82 | 回复：0
CVE-2022-0856

libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of Service……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：75 | 回复：0
CVE-2022-0865

Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e18 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：70 | 回复：0
CVE-2022-0891

A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：70 | 回复：0
CVE-2022-0903

A call stack overflow bug in the SAML login feature in Mattermost server in versions up to and including 6.3.2 allows an attacker to crash the server via submitting a maliciously crafted POST body.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：76 | 回复：0
CVE-2022-0904

A stack overflow bug in the document extractor in Mattermost Server in versions up to and including 6.3.2 allows an attacker to crash the server via submitting a maliciously crafted Apple Pages docume ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：67 | 回复：0
CVE-2022-20047

In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interacti ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：79 | 回复：0
CVE-2022-20048

In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interacti ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：87 | 回复：0
CVE-2022-20049

In vpu, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：97 | 回复：0
CVE-2022-20050

In connsyslogger, there is a possible symbolic link following due to improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interactio ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：136 | 回复：0
CVE-2022-20051

In ims service, there is a possible unexpected application behavior due to incorrect privilege assignment. This could lead to local denial of service with no additional execution privileges needed. Us ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：233 | 回复：0
CVE-2022-20053

In ims service, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User int ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：130 | 回复：0
CVE-2022-20054

In ims service, there is a possible AT command injection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User intera ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：86 | 回复：0
CVE-2022-20055

In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：88 | 回复：0
CVE-2022-20056

In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：71 | 回复：0
CVE-2022-20057

In btif, there is a possible memory corruption due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：82 | 回复：0
CVE-2022-20058

In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：79 | 回复：0
CVE-2022-20059

In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：56 | 回复：0
CVE-2022-20060

In preloader (usb), there is a possible permission bypass due to a missing proper image authentication. This could lead to local escalation of privilege, for an attacker who has physical access to the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：63 | 回复：0
CVE-2022-21124

Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by hav ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：70 | 回复：0
CVE-2022-21132

Directory traversal vulnerability in pfSense-pkg-WireGuard pfSense-pkg-WireGuard 0.1.5 versions prior to 0.1.5_4 and pfSense-pkg-WireGuard 0.1.6 versions prior to 0.1.6_1 allows a remote authenticated ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：61 | 回复：0
CVE-2022-21146

Persistent cross-site scripting in the web interface of ipDIO allows an unauthenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into a specific parameter. The XSS ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：78 | 回复：0
CVE-2022-21158

A stored cross-site scripting vulnerability in marktext versions prior to v0.17.0 due to improper handling of the link (with javascript: scheme) inside the document may allow an attacker to execute an ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:51 | 阅读：88 | 回复：0