漏洞 - 第8页-OStack程序员社区-中国程序员成长平台

OStack程序员社区-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-23001

When compressing or decompressing elliptic curve points using the Sweet B library, an incorrect choice of sign bit is used. An attacker with user level privileges and no other user's assistance ca ...……

作者：菜鸟教程小白 | 时间：2022-8-12 22:21 | 阅读：1382 | 回复：0
CVE漏洞

CVE-2022-35632

The Velociraptor GUI contains an editor suggestion feature that can display the description field of a VQL function, plugin or artifact. This field was not properly sanitized and can lead to cross-sit ...……

作者：菜鸟教程小白 | 时间：2022-8-12 22:21 | 阅读：1804 | 回复：0
CVE漏洞

CVE-2022-35631

On MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable file name with a symlink to another file and have the Velociraptor client overwrite the other file. Thi ...……

作者：菜鸟教程小白 | 时间：2022-8-12 22:21 | 阅读：1430 | 回复：0
CVE漏洞

CVE-2022-35630

A cross-site scripting (XSS) issue in generating a collection report made it possible for malicious clients to inject JavaScript code into the static HTML file. This issue was resolved in Velociraptor ...……

作者：菜鸟教程小白 | 时间：2022-8-12 22:21 | 阅读：1399 | 回复：0
CVE漏洞

CVE-2022-35629

Due to a bug in the handling of the communication between the client and server, it was possible for one client, already registered with their own client ID, to send messages to the server claiming to ...……

作者：菜鸟教程小白 | 时间：2022-8-12 22:21 | 阅读：1540 | 回复：0
CVE漏洞

CVE-2022-33881

Parsing a maliciously crafted PRT file can force Autodesk AutoCAD 2023 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in ...……

作者：菜鸟教程小白 | 时间：2022-8-12 22:21 | 阅读：1211 | 回复：0
CVE漏洞

CVE-2022-2579

A vulnerability, which was classified as problematic, was found in SourceCodester Garage Management System 1.0. Affected is an unknown function of the file /php_action/createUser.php. The manipulation ...……

作者：菜鸟教程小白 | 时间：2022-8-12 22:21 | 阅读：1321 | 回复：0
CVE漏洞

CVE-2022-2578

A vulnerability, which was classified as critical, has been found in SourceCodester Garage Management System 1.0. This issue affects some unknown processing of the file /php_action/createUser.php. The ...……

作者：菜鸟教程小白 | 时间：2022-8-12 22:21 | 阅读：1079 | 回复：0
CVE漏洞

CVE-2022-2577

A vulnerability classified as critical was found in SourceCodester Garage Management System 1.0. This vulnerability affects unknown code of the file /edituser.php. The manipulation of the argument id ...……

作者：菜鸟教程小白 | 时间：2022-8-12 22:21 | 阅读：989 | 回复：0
CVE漏洞

CVE-2022-27873

An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. The vulnerability exists in th ...……

作者：菜鸟教程小白 | 时间：2022-8-12 22:21 | 阅读：1530 | 回复：0
CVE漏洞

CVE-2016-4981

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-4982. Reason: This candidate is a duplicate of CVE-2016-4982. Notes: All CVE users should reference CVE-2016-4982 instead of this ca ...……

作者：菜鸟教程小白 | 时间：2022-8-12 22:21 | 阅读：1097 | 回复：0
CVE漏洞

CVE-2022-36123

The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges.……

作者：菜鸟教程小白 | 时间：2022-8-12 22:21 | 阅读：1156 | 回复：0
CVE漏洞

CVE-2022-35643

IBM PowerVM VIOS 3.1 could allow a remote attacker to tamper with system configuration or cause a denial of service. IBM X-Force ID: 230956.……

作者：菜鸟教程小白 | 时间：2022-8-12 22:21 | 阅读：1177 | 回复：0
CVE漏洞

CVE-2022-2576

In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if ...……

作者：菜鸟教程小白 | 时间：2022-8-12 22:21 | 阅读：1021 | 回复：0
CVE漏洞

CVE-2022-1277

Inavitas Solar Log product has an unauthenticated SQL Injection vulnerability.……

作者：菜鸟教程小白 | 时间：2022-8-12 22:21 | 阅读：1283 | 回复：0
CVE漏洞

CVE-2022-24912

The package github.com/runatlantis/atlantis/server/controllers/events before 0.19.7 are vulnerable to Timing Attack in the webhook event validator code, which does not use a constant-time comparison f ...……

作者：菜鸟教程小白 | 时间：2022-8-12 22:21 | 阅读：1523 | 回复：0
CVE漏洞

CVE-2022-1799

Incorrect signature trust exists within Google Play services SDK play-services-basement. A debug version of Google Play services is trusted by the SDK for devices that are non-GMS. We recommend upgrad ...……

作者：菜鸟教程小白 | 时间：2022-8-12 22:21 | 阅读：1490 | 回复：0
CVE漏洞

CVE-2021-3601

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. OpenSSL does not class this issue as a security vulnerability. The trusted CA store sh ...……

作者：菜鸟教程小白 | 时间：2022-8-12 22:21 | 阅读：1822 | 回复：0
CVE漏洞

CVE-2015-5598

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-29 18:15 | 阅读：1127 | 回复：0
CVE漏洞

CVE-2022-36752

png2webp v1.0.4 was discovered to contain an out-of-bounds write via the function w2p. This vulnerability is exploitable via a crafted png file.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1174 | 回复：0
CVE漏洞

CVE-2022-36234

SimpleNetwork TCP Server commit 29bc615f0d9910eb2f59aa8dff1f54f0e3af4496 was discovered to contain a double free vulnerability which is exploited via crafted TCP packets.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1244 | 回复：0
CVE漏洞

CVE-2022-34558

WMAgent v1.3.3rc2 and 1.3.3rc1, reqmgr 2 1.4.1rc5 and 1.4.0rc2, reqmon 1.4.1rc5, and global-workqueue 1.4.1rc5 allows attackers to execute arbitrary code via a crafted dbs-client package.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1255 | 回复：0
CVE漏洞

CVE-2022-34557

Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /pages/permit/permit.php.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1314 | 回复：0
CVE漏洞

CVE-2022-34556

PicoC v3.2.2 was discovered to contain a NULL pointer dereference at variable.c.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1391 | 回复：0
CVE漏洞

CVE-2022-34555

TP-LINK TL-R473G 2.0.1 Build 220529 Rel.65574n was discovered to contain a remote code execution vulnerability which is exploited via a crafted packet.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1316 | 回复：0
CVE漏洞

CVE-2021-39088

IBM QRadar SIEM 7.3, 7.4, and 7.5 is vulnerable to local privilege escalation if this could be combined with other unknown vulnerabilities then privilege escalation could be performed. IBM X-Force ID: ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1776 | 回复：0
CVE漏洞

CVE-2022-34580

Advanced School Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the address parameter at ip/school/index.php.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1257 | 回复：0
CVE漏洞

CVE-2022-34568

SDL v1.2 was discovered to contain a use-after-free via the XFree function at /src/video/x11/SDL_x11yuv.c.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1192 | 回复：0
CVE漏洞

CVE-2022-30287

Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP object ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1618 | 回复：0
CVE漏洞

CVE-2022-2399

Use after free in WebGPU in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1213 | 回复：0
CVE漏洞

CVE-2022-29558

Realtek rtl819x-SDK before v3.6.1 allows command injection over the web interface.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1321 | 回复：0
CVE漏洞

CVE-2022-29360

The Email Viewer in RainLoop through 1.6.0 allows XSS via a crafted email message.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1355 | 回复：0
CVE漏洞

CVE-2021-41556

sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. If a victim executes an attacker-controlled squirrel s ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1631 | 回复：0
CVE漏洞

CVE-2022-34593

DPTech VPN v8.1.28.0 was discovered to contain an arbitrary file read vulnerability.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1370 | 回复：0
CVE漏洞

CVE-2022-34578

Open Source Point of Sale v3.3.7 was discovered to contain an arbitrary file upload vulnerability via the Update Branding Settings page.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1450 | 回复：0
CVE漏洞

CVE-2022-2564

Prototype Pollution in GitHub repository automattic/mongoose prior to 6.4.6.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1314 | 回复：0
CVE漏洞

CVE-2016-7049

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1149 | 回复：0
CVE漏洞

CVE-2016-7029

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1192 | 回复：0
CVE漏洞

CVE-2016-6326

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：2110 | 回复：0
CVE漏洞

CVE-2016-6324

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:20 | 阅读：1220 | 回复：0