CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-23193

Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could levera ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2022-23194

Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could levera ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2022-23195

Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could levera ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2022-23196

Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could levera ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2022-23197

Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could levera ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2022-23198

Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2022-23199

Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2022-23200

Adobe After Effects versions 22.1.1 (and earlier) and 18.4.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the curr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2022-23202

Adobe Creative Cloud Desktop version 2.7.0.13 (and earlier) is affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2022-23203

Adobe Photoshop versions 22.5.4 (and earlier) and 23.1 (and earlier) are affected by a buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2022-23204

Adobe Premiere Rush versions 2.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to byp ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2022-23803

A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadXYCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-cr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2022-23804

A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadIJCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-cr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2022-24086

Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not re ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2022-24663

PHP Everywhere = 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress shortcodes, which can be used by any authenticated user.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2022-24664

PHP Everywhere = 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress metaboxes, which could be used by any user able to edit posts.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2022-24665

PHP Everywhere = 2.0.3 included functionality that allowed execution of PHP Code Snippets via a WordPress gutenberg block by any user able to edit posts.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2022-22853

A stored cross-site scripting (XSS) vulnerability in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Na ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2021-3560

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivilege ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2021-3578

A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated struc ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2021-3752

A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2021-3753

A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_io ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2021-3760

A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2021-3773

A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2021-3781

A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2022-23644

BookWyrm is a decentralized social network for tracking reading habits and reviewing books. The functionality to load a cover via url is vulnerable to a server-side request forgery attack. Any BookWyr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2022-25255

In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2021-3242

DuxCMS v3.1.3 was discovered to contain a SQL injection vulnerability via the component s/tools/SendTpl/index?keyword=.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2022-25258

An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2021-43299

Stack overflow in PJSUA API when calling pjsua_player_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2021-43300

Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2021-43301

Stack overflow in PJSUA API when calling pjsua_playlist_create. An attacker-controlled 'file_names' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2021-43302

Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause an out-of-bounds read when the filename is shorter than 4 characters. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2021-43303

Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker-controlled 'buffer' argument may cause a buffer overflow, since supplying an output buffer smaller than 128 characters ma ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2022-25265

In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execut ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2022-22880

Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /jeecg-boot/sys/user/queryUserByDepId.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2022-22881

Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2022-22885

Hutool v5.7.18's HttpRequest was discovered to ignore all TLS/SSL certificate validation.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2022-23636

Wasmtime is an open source runtime for WebAssembly WASI. Prior to versions 0.34.1 and 0.33.1, there exists a bug in the pooling instance allocator in Wasmtime's runtime where a failure to instant ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0
CVE-2022-24981

A reflected cross-site scripting (XSS) vulnerability in forms generated by JQueryForm.com before 2022-02-05 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:30 | 阅读：4 | 回复：0