CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-3028

A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a loca ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:53 | 阅读：1458 | 回复：0
CVE-2022-38152

An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. This occurs in ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:53 | 阅读：1921 | 回复：0
CVE-2022-36566

Rengine v1.3.0 was discovered to contain a command injection vulnerability via the scan engine function.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:53 | 阅读：1326 | 回复：0
CVE-2022-37183

Piwigo 12.3.0 is vulnerable to Cross Site Scripting (XSS) via /search/1940/created-monthly-list.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:53 | 阅读：1389 | 回复：0
CVE-2022-38153

An issue was discovered in wolfSSL before 5.5.0 (when --enable-session-ticket is used); however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:53 | 阅读：1981 | 回复：0
CVE-2022-38812

AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:53 | 阅读：2250 | 回复：0
CVE-2022-2520

A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:52 | 阅读：1403 | 回复：0
CVE-2022-2521

It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:52 | 阅读：1746 | 回复：0
CVE-2022-2590

A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only shared memory mappings. This flaw allows an unprivileged, lo ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:52 | 阅读：1366 | 回复：0
CVE-2022-2758

All versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric PLCs and XG5000 PLC programming software are affected where passwords are not adequately encrypted during the communication process bet ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:52 | 阅读：1326 | 回复：0
CVE-2022-2759

Delta Electronics Delta Robot Automation Studio (DRAS) versions prior to 1.13.20 are affected by improper restrictions where the software processes an XML document that can contain XML entities with U ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:52 | 阅读：1231 | 回复：0
CVE-2022-2866

FATEK FvDesigner version 1.5.103 and prior is vulnerable to an out-of-bounds write while processing project files. If a valid user is tricked into using maliciously crafted project files, an attacker ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:52 | 阅读：1400 | 回复：0
CVE-2022-30317

Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0055, there is a Honeywell Experion LX Control Data Access (CDA) EpicMo protocol wit ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:52 | 阅读：1972 | 回复：0
CVE-2022-30318

Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056, there is a Honeywell ControlEdge hardcoded credentials issue. The affected components are characterized a ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:52 | 阅读：1330 | 回复：0
CVE-2022-2132

A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:51 | 阅读：1271 | 回复：0
CVE-2022-2220

OpenShift doesn't properly verify subdomain ownership, which allows route takeover. Once a custom route is created, the user must update the DNS provider by creating a canonical name (CNAME) recor ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:51 | 阅读：1281 | 回复：0
CVE-2022-2466

It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:51 | 阅读：1831 | 回复：0
CVE-2022-2043

MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that can cause the device to become unresponsive.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:51 | 阅读：1575 | 回复：0
CVE-2022-2044

MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that may allow an attacker to overwrite values in memory, causing a denial-of-service condition or potentially bricking ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:51 | 阅读：1227 | 回复：0
CVE-2022-2153

A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. Th ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:51 | 阅读：1402 | 回复：0
CVE-2022-2485

Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may result in the device responding with its password in the communication packets.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:51 | 阅读：1509 | 回复：0
CVE-2022-2519

There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1……

作者：菜鸟教程小白 | 时间：2022-9-18 10:51 | 阅读：1716 | 回复：0
CVE-2022-28625

A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:50 | 阅读：1247 | 回复：0
CVE-2022-2003

AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU serial port that will cause the PLC to respond with the PLC password in cleartext. This could allow an at ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:50 | 阅读：1179 | 回复：0
CVE-2022-2006

AutomationDirect DirectLOGIC has a DLL vulnerability in the install directory that may allow an attacker to execute code during the installation process. This issue affects: AutomationDirect C-more EA ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:50 | 阅读：1350 | 回复：0
CVE-2022-26330

Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:50 | 阅读：1462 | 回复：0
CVE-2022-2004

AutomationDirect DirectLOGIC is vulnerable to a a specially crafted packet can be sent continuously to the PLC to prevent access from DirectSoft and other devices, causing a denial-of-service conditio ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:50 | 阅读：1447 | 回复：0
CVE-2022-2005

AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials from client to web server, which may allow an attacker to obtain the login credentials and login as a val ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:50 | 阅读：1337 | 回复：0
CVE-2022-1552

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REF ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:49 | 阅读：1353 | 回复：0
CVE-2022-1888

Alpha7 PC Loader (All versions) is vulnerable to a stack-based buffer overflow while processing a specifically crafted project file, which may allow an attacker to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:49 | 阅读：1718 | 回复：0
CVE-2022-1976

A flaw was found in the Linux kernel’s implementation of IO-URING. This flaw allows an attacker with local executable permission to create a string of requests that can cause a use-after-free flaw wi ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:49 | 阅读：2592 | 回复：0
CVE-2022-1508

An out-of-bounds read flaw was found in the Linux kernel’s io_uring module in the way a user triggers the io_read() function with some special parameters. This flaw allows a local user to read some m ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:49 | 阅读：1128 | 回复：0
CVE-2022-1974

A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_AD ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:49 | 阅读：1290 | 回复：0
CVE-2022-1975

There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:49 | 阅读：1529 | 回复：0
CVE-2022-21941

All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root access to the system.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:49 | 阅读：2041 | 回复：0
CVE-2022-1319

A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failur ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:48 | 阅读：1195 | 回复：0
CVE-2022-1354

A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:48 | 阅读：1177 | 回复：0
CVE-2022-1355

A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow iss ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:48 | 阅读：1253 | 回复：0
CVE-2022-1404

Delta Electronics CNCSoft (All versions prior to 1.01.32) does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition.……

作者：菜鸟教程小白 | 时间：2022-9-18 10:48 | 阅读：1332 | 回复：0
CVE-2022-1271

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an ...……

作者：菜鸟教程小白 | 时间：2022-9-18 10:48 | 阅读：1210 | 回复：0