CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-0297

Use after free in Vulkan in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：14 | 回复：0
CVE-2022-0298

Use after free in Scheduling in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：11 | 回复：0
CVE-2022-0300

Use after free in Text Input Method Editor in Google Chrome on Android prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially explo ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：12 | 回复：0
CVE-2022-0301

Heap buffer overflow in DevTools in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted H ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：15 | 回复：0
CVE-2022-0302

Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted H ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：15 | 回复：0
CVE-2022-0304

Use after free in Bookmarks in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：15 | 回复：0
CVE-2022-0305

Inappropriate implementation in Service Worker API in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：18 | 回复：0
CVE-2022-0306

Heap buffer overflow in PDFium in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：16 | 回复：0
CVE-2022-0307

Use after free in Optimization Guide in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：14 | 回复：0
CVE-2022-0308

Use after free in Data Transfer in Google Chrome on Chrome OS prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap co ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：15 | 回复：0
CVE-2022-0309

Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：20 | 回复：0
CVE-2022-0310

Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via specific user interactions.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：20 | 回复：0
CVE-2022-0311

Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：20 | 回复：0
CVE-2022-22765

BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected he ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：22 | 回复：0
CVE-2021-24446

The Remove Footer Credit WordPress plugin before 1.0.6 does not have CSRF check in place when saving its settings, which could allow attacker to make logged in admins change them and lead to Stored XS ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：21 | 回复：0
CVE-2021-24874

The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.31 does not escape the lang and pid parameter before outputting them back in attributes, leading to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：18 | 回复：0
CVE-2021-24904

The Mortgage Calculators WP WordPress plugin before 1.56 does not implement any sanitisation on the color setting of the background of a calculator, which could allow high privilege users to perform S ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：22 | 回复：0
CVE-2021-25014

The Ibtana WordPress plugin before 1.1.4.9 does not have authorisation and CSRF checks in the ive_save_general_settings AJAX action, allowing any authenticated users, such as subscriber to call it and ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：43 | 回复：0
CVE-2021-25018

The PPOM for WooCommerce WordPress plugin before 24.0 does not have authorisation and CSRF checks in the ppom_settings_panel_action AJAX action, allowing any authenticated to call it and set arbitrary ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：39 | 回复：0
CVE-2021-25033

The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issue……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：54 | 回复：0
CVE-2021-25050

The Remove Footer Credit WordPress plugin before 1.0.11 does properly sanitise its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disa ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：66 | 回复：0
CVE-2021-25107

The Form Store to DB WordPress plugin before 1.1.1 does not sanitise and escape parameter keys before outputting it back in the created entry, allowing unauthenticated attacker to perform Cross-Site S ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：73 | 回复：0
CVE-2021-25109

The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL Injection vulnerability that could be used by high privilege users to extract data from the database as well as used to perform Cro ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：68 | 回复：0
CVE-2021-25110

The Futurio Extra WordPress plugin before 1.6.3 allows any logged in user, such as subscriber, to extract any other user's email address.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：73 | 回复：0
CVE-2021-25115

The WP Photo Album Plus WordPress plugin before 8.0.10 was vulnerable to Stored Cross-Site Scripting (XSS). Error log content was handled improperly, therefore any user, even unauthenticated, could ca ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：116 | 回复：0
CVE-2021-44879

In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：154 | 回复：0
CVE-2021-45444

In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansio ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：107 | 回复：0
CVE-2022-0176

The PowerPack Lite for Beaver Builder WordPress plugin before 1.2.9.3 does not sanitise and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scrip ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：92 | 回复：0
CVE-2022-0188

The CMP WordPress plugin before 4.0.19 allows any user, even not logged in, to arbitrarily change the coming soon page layout.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：47 | 回复：0
CVE-2022-0190

The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.6 is affected by a SQL Injection in the id parameter of the delete action.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：35 | 回复：0
CVE-2022-0193

The Complianz WordPress plugin before 6.0.0 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：41 | 回复：0
CVE-2022-0200

Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise and escape the num_of_pages parameter before outputting it back the response of the themify_create_popup_page_pagination AJAX act ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：35 | 回复：0
CVE-2022-0201

The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin before 2.2.15 do not sanitise and escape query parameters before outputting them back in the debug ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：30 | 回复：0
CVE-2022-0206

The NewStatPress WordPress plugin before 1.3.6 does not properly escape the whatX parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：27 | 回复：0
CVE-2022-0208

The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise and escape the mapid parameter before outputting it back in the Bad mapid error message, leading to a Reflected Cross-Site Script ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：24 | 回复：0
CVE-2022-0212

The SpiderCalendar WordPress plugin through 1.5.65 does not sanitise and escape the callback parameter before outputting it back in the page via the window AJAX action (available to both unauthenticat ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：23 | 回复：0
CVE-2022-0214

The Popup | Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：21 | 回复：0
CVE-2022-0565

Exposure of Sensitive Information to an Unauthorized Actor in Packagist pimcore/pimcore prior to 10.3.1.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：23 | 回复：0
CVE-2022-0569

Exposure of Sensitive Information to an Unauthorized Actor in Packagist snipe/snipe-it prior to v5.3.9.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：21 | 回复：0
CVE-2022-0570

Heap-based Buffer Overflow in Homebrew mruby prior to 3.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：19 | 回复：0