漏洞 - 第3页-OStack程序员社区-中国程序员成长平台

OStack程序员社区-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-1354

A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:48 | 阅读：1402 | 回复：0
CVE漏洞

CVE-2022-1319

A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failur ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:48 | 阅读：1446 | 回复：0
CVE漏洞

CVE-2022-1263

A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, caus ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:47 | 阅读：1421 | 回复：0
CVE漏洞

CVE-2022-1259

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an inc ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:47 | 阅读：1521 | 回复：0
CVE漏洞

CVE-2022-1247

An issue found in linux-kernel that leads to a race condition in rose_connect(). The rose driver uses rose_neigh-use to represent how many objects are using the rose_neigh. When a user wants to delete ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:47 | 阅读：1532 | 回复：0
CVE漏洞

CVE-2022-1205

A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the sys ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:47 | 阅读：1426 | 回复：0
CVE漏洞

CVE-2020-35538

A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:47 | 阅读：1200 | 回复：0
CVE漏洞

CVE-2020-35537

In gcc, a crafted input source file could cause g++ to crash during compilation when provided certain optimization flags. The problem resides in the ipcp_store_vr_results function in gcc/ipa-cp.c.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:47 | 阅读：1214 | 回复：0
CVE漏洞

CVE-2020-35536

In gcc, an internal compiler error in match_reload function at lra-constraints.c may cause a crash through a crafted input file.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:47 | 阅读：1185 | 回复：0
CVE漏洞

CVE-2022-36045

NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. It utilizes web sockets for instant interactions and real-time notifications. `utils.generateU ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:46 | 阅读：1314 | 回复：0
CVE漏洞

CVE-2022-36035

Flux is a tool for keeping Kubernetes clusters in sync with sources of configuration (like Git repositories), and automating updates to configuration when there is new code to deploy. Flux CLI allows ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:46 | 阅读：1375 | 回复：0
CVE漏洞

CVE-2022-27911

An issue was discovered in Joomla! 4.2.0. Multiple Full Path Disclosures because of missing '_JEXEC or die check' caused by the PSR12 changes.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:46 | 阅读：1287 | 回复：0
CVE漏洞

CVE-2022-37023

Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data flaw when using REST API on Java 8 or Java 11. Any user wishing to protect against deserialization attacks i ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:46 | 阅读：1976 | 回复：0
CVE漏洞

CVE-2022-37022

Apache Geode versions up to 1.12.2 and 1.13.2 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 11. Any user wishing to protect against deserialization attacks ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:46 | 阅读：1494 | 回复：0
CVE漏洞

CVE-2022-37021

Apache Geode versions up to 1.12.5, 1.13.4 and 1.14.0 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 8. Any user still on Java 8 who wishes to protect again ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:46 | 阅读：1918 | 回复：0
CVE漏洞

CVE-2022-39047

Freeciv before 2.6.7 and before 3.0.3 is prone to a buffer overflow vulnerability in the Modpack Installer utility's handling of the modpack URL.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:46 | 阅读：1309 | 回复：0
CVE漏洞

CVE-2022-39046

An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it t ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:45 | 阅读：1632 | 回复：0
CVE漏洞

CVE-2022-36749

RPi-Jukebox-RFID v2.3.0 was discovered to contain a command injection vulnerability via the component /htdocs/utils/Files.php. This vulnerability is exploited via a crafted payload injected into the f ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:45 | 阅读：1351 | 回复：0
CVE漏洞

CVE-2022-36748

PicUploader v2.6.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /master/index.php.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:45 | 阅读：1581 | 回复：0
CVE漏洞

CVE-2022-36747

Razor v0.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the function uploadchannel().……

作者：菜鸟教程小白 | 时间：2022-9-18 10:45 | 阅读：897 | 回复：0
CVE漏洞

CVE-2022-36746

LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component oxidized-cfg-check.inc.php.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:45 | 阅读：834 | 回复：0
CVE漏洞

CVE-2022-36745

LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component print-customoid.php.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:45 | 阅读：805 | 回复：0
CVE漏洞

CVE-2022-27563

An unauthenticated user can overload a part of HCL VersionVault Express and cause a denial of service.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:45 | 阅读：931 | 回复：0
CVE漏洞

CVE-2022-27560

HCL VersionVault Express exposes administrator credentials.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:44 | 阅读：775 | 回复：0
CVE漏洞

CVE-2022-3037

Use After Free in GitHub repository vim/vim prior to 9.0.0322.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:44 | 阅读：1282 | 回复：0
CVE漏洞

CVE-2022-37173

An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:\Program.exe.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:44 | 阅读：874 | 回复：0
CVE漏洞

CVE-2022-37172

Incorrect access control in the install directory (C:\msys64) of Msys2 v20220603 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:44 | 阅读：1294 | 回复：0
CVE漏洞

CVE-2022-36735

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /admin/delete.php.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:44 | 阅读：1071 | 回复：0
CVE漏洞

CVE-2022-36733

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at /admin/del.php.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:44 | 阅读：811 | 回复：0
CVE漏洞

CVE-2022-36732

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /librarian/dele.php.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:44 | 阅读：891 | 回复：0
CVE漏洞

CVE-2022-36734

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /admin/delstu.php.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:44 | 阅读：1038 | 回复：0
CVE漏洞

CVE-2022-36731

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /librarian/delstu.php.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:43 | 阅读：810 | 回复：0
CVE漏洞

CVE-2022-36730

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /librarian/delete.php.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:43 | 阅读：786 | 回复：0
CVE漏洞

CVE-2022-36657

Library Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /librarian/edit_book_details.php.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:43 | 阅读：795 | 回复：0
CVE漏洞

CVE-2022-36565

Incorrect access control in the install directory (C:\Wamp64) of Wamp v3.2.6 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:43 | 阅读：963 | 回复：0
CVE漏洞

CVE-2022-36564

Incorrect access control in the install directory (C:\Strawberry) of StrawberryPerl v5.32.1.1 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:43 | 阅读：849 | 回复：0
CVE漏洞

CVE-2022-36563

Incorrect access control in the install directory (C:\RailsInstaller) of Rubyinstaller2 v3.1.2 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in th ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:43 | 阅读：870 | 回复：0
CVE漏洞

CVE-2022-36562

Incorrect access control in the install directory (C:\Ruby31-x64) of Rubyinstaller2 v3.1.2 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the di ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:43 | 阅读：3314 | 回复：0
CVE漏洞

CVE-2022-36561

XPDF v4.0.4 was discovered to contain a segmentation violation via the component /xpdf/AcroForm.cc:538.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:43 | 阅读：882 | 回复：0
CVE漏洞

CVE-2022-34375

Dell Container Storage Modules 1.2 contains a path traversal vulnerability in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:42 | 阅读：839 | 回复：0