CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-33466

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_smacro() in modules/preprocs/nasm/nasm-pp.c.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：759 | 回复：0
CVE-2021-33467

An issue was discovered in yasm version 1.3.0. There is a use-after-free in pp_getline() in modules/preprocs/nasm/nasm-pp.c.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：670 | 回复：0
CVE-2021-33468

An issue was discovered in yasm version 1.3.0. There is a use-after-free in error() in modules/preprocs/nasm/nasm-pp.c.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：597 | 回复：0
CVE-2022-31879

Online Fire Reporting System 1.0 is vulnerable to SQL Injection via the date parameter.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：1190 | 回复：0
CVE-2022-33745

insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, c ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：1419 | 回复：0
CVE-2022-34067

Warehouse Management System v1.0 was discovered to contain a SQL injection vulnerability via the cari parameter.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：722 | 回复：0
CVE-2022-34988

Inout Blockchain AltExchanger v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/js.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：656 | 回复：0
CVE-2022-34989

Fruits Bazar v1.0 was discovered to contain a SQL injection vulnerability via the recover_email parameter at user_password_recover.php.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：569 | 回复：0
CVE-2022-34991

Paymoney v3.3 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the first_name and last_name parameters.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：529 | 回复：0
CVE-2022-36161

Orange Station 1.0 was discovered to contain a SQL injection vulnerability via the username parameter.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：853 | 回复：0
CVE-2022-36412

In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests are vulnerable to authentication bypass. (An API request may, in effect, be executed with the credentials of a user who authentica ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：688 | 回复：0
CVE-2022-1648

Pandora FMS v7.0NG.760 and below allows a relative path traversal in File Manager where a privileged user could upload a .php file outside the intended images directory which is restricted to execute ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：578 | 回复：0
CVE-2022-22412

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user with access to the local host (client machine) to obtain a login access token. IBM X-Force ID: 223019.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：555 | 回复：0
CVE-2022-35286

IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the we ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：834 | 回复：0
CVE-2022-35639

IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud 22.2 do not limit the length of a connection which could cause the server to become unresponsive. IBM X-Force ID: 230932.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：1123 | 回复：0
CVE-2022-1651

A memory leak flaw was found in the Linux kernel in acrn_dev_ioctl in the drivers/virt/acrn/hsm.c function in how the ACRN Device Model emulates virtual NICs in VM. This flaw allows a local privileged ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：630 | 回复：0
CVE-2022-1671

A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/server_key.c in the Linux kernel. This flaw allows a local attacker to crash the system or leak internal kernel information.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：657 | 回复：0
CVE-2022-1364

Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：909 | 回复：0
CVE-2022-1477

Use after free in Vulkan in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：618 | 回复：0
CVE-2022-1478

Use after free in SwiftShader in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：689 | 回复：0
CVE-2022-1479

Use after free in ANGLE in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：630 | 回复：0
CVE-2022-1481

Use after free in Sharing in Google Chrome on Mac prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption vi ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：667 | 回复：0
CVE-2022-1482

Inappropriate implementation in WebGL in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：605 | 回复：0
CVE-2022-1483

Heap buffer overflow in WebGPU in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：844 | 回复：0
CVE-2022-1484

Heap buffer overflow in Web UI Settings in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：835 | 回复：0
CVE-2022-1485

Use after free in File System API in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：620 | 回复：0
CVE-2022-1486

Type confusion in V8 in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：761 | 回复：0
CVE-2022-1487

Use after free in Ozone in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via running a Wayland test.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：595 | 回复：0
CVE-2022-1488

Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：654 | 回复：0
CVE-2022-1489

Out of bounds memory access in UI Shelf in Google Chrome on Chrome OS, Lacros prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific user interactions.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：944 | 回复：0
CVE-2022-1490

Use after free in Browser Switcher in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：658 | 回复：0
CVE-2022-1491

Use after free in Bookmarks in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：1089 | 回复：0
CVE-2022-1492

Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to inject arbitrary scripts or HTML via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：714 | 回复：0
CVE-2022-1493

Use after free in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：1107 | 回复：0
CVE-2022-1494

Insufficient data validation in Trusted Types in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass trusted types policy via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：707 | 回复：0
CVE-2022-1495

Incorrect security UI in Downloads in Google Chrome on Android prior to 101.0.4951.41 allowed a remote attacker to spoof the APK downloads dialog via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：592 | 回复：0
CVE-2022-1496

Use after free in File Manager in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：672 | 回复：0
CVE-2022-1497

Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to spoof the contents of cross-origin websites via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：647 | 回复：0
CVE-2022-1498

Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：570 | 回复：0
CVE-2022-1499

Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：745 | 回复：0