CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-1096

Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：551 | 回复：0
CVE-2022-1125

Use after free in Portals in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：503 | 回复：0
CVE-2022-1127

Use after free in QR Code Generator in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：479 | 回复：0
CVE-2022-1128

Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed an attacker on the local network segment to leak cross-origin data via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：478 | 回复：0
CVE-2022-1129

Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：454 | 回复：0
CVE-2022-1130

Insufficient validation of trust input in WebOTP in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to send arbitrary intents from any app via a malicious app.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：618 | 回复：0
CVE-2022-1131

Use after free in Cast UI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：694 | 回复：0
CVE-2022-1132

Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS prior to 100.0.4896.60 allowed a local attacker to bypass navigation restrictions via physical access to the device.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：591 | 回复：0
CVE-2022-1133

Use after free in WebRTC Perf in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：588 | 回复：0
CVE-2022-1134

Type confusion in V8 in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：560 | 回复：0
CVE-2022-1135

Use after free in Shopping Cart in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via standard feature user interaction.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：485 | 回复：0
CVE-2022-1136

Use after free in Tab Strip in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific set of ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：515 | 回复：0
CVE-2022-1137

Inappropriate implementation in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to leak potentially sensitive information v ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：1294 | 回复：0
CVE-2022-1138

Inappropriate implementation in Web Cursor in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who had compromised the renderer process to obscure the contents of the Omnibox (URL bar) v ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：522 | 回复：0
CVE-2022-1139

Inappropriate implementation in Background Fetch API in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：527 | 回复：0
CVE-2022-1141

Use after free in File Manager in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：934 | 回复：0
CVE-2022-1142

Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via s ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：566 | 回复：0
CVE-2022-1143

Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via s ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：495 | 回复：0
CVE-2022-1144

Use after free in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specifi ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：521 | 回复：0
CVE-2022-1145

Use after free in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific user ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：578 | 回复：0
CVE-2022-1146

Inappropriate implementation in Resource Timing in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：716 | 回复：0
CVE-2018-25045

Django REST framework (aka django-rest-framework) before 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：544 | 回复：0
CVE-2022-36414

There is an elevation of privilege breakout vulnerability in the Windows EXE installer in Scooter Beyond Compare 4.2.0 through 4.4.2 before 4.4.3. Affected versions allow a logged-in user to run appli ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：572 | 回复：0
CVE-2022-36415

A DLL hijacking vulnerability exists in the uninstaller in Scooter Beyond Compare 1.8a through 4.4.2 before 4.4.3 when installed via the EXE installer. The uninstaller attempts to load DLLs out of a W ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：750 | 回复：0
CVE-2016-15004

A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to injection. ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：855 | 回复：0
CVE-2022-24294

A regular expression used in Apache MXNet (incubating) is vulnerable to a potential denial-of-service by excessive resource consumption. The bug could be exploited when loading a model in Apache MXNet ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：585 | 回复：0
CVE-2021-46829

GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflo ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：606 | 回复：0
CVE-2017-20144

A vulnerability has been found in Anvsoft PDFMate PDF Converter Pro 1.7.5.0 and classified as critical. The manipulation leads to memory corruption. The attack can be launched remotely. The exploit ha ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：498 | 回复：0
CVE-2017-20145

A vulnerability was found in Tecrail Responsive Filemanger up to 9.10.x and classified as critical. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：546 | 回复：0
CVE-2022-36444

An issue was discovered in Atos Unify OpenScape SBC 9 and 10 before 10R2.2.1, Atos Unify OpenScape Branch 9 and 10 before version 10R2.1.1, and Atos Unify OpenScape BCF 10 before 10R9.12.1. A remote c ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：699 | 回复：0
CVE-2022-36446

software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：484 | 回复：0
CVE-2022-36450

Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-get-address remote code execution because window.open is used without checking the URL.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：431 | 回复：0
CVE-2022-29709

CommuniLink Internet Limited CLink Office v2.0 was discovered to contain multiple SQL injection vulnerabilities via the username and password parameters.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：374 | 回复：0
CVE-2022-0594

The Professional Social Sharing Buttons, Icons Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v 9.7. ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：392 | 回复：0
CVE-2022-0899

The Header Footer Code Manager WordPress plugin before 1.1.24 does not escape generated URLs before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：694 | 回复：0
CVE-2022-1539

The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when generating the CSV to export, which could lead to a CSV injection, by the use of Microsoft Excel DDE func ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：686 | 回复：0
CVE-2022-1551

The SP Project Document Manager WordPress plugin through 4.57 uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：844 | 回复：0
CVE-2022-2071

The Name Directory WordPress plugin before 1.25.4 does not have CSRF check when importing names, and is also lacking sanitisation as well as escaping in some of the imported data, which could allow at ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：434 | 回复：0
CVE-2022-2072

The Name Directory WordPress plugin before 1.25.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Furthermore, as the paylo ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：2148 | 回复：0
CVE-2022-2115

The Popup Anything WordPress plugin before 2.1.7 does not sanitise and escape a parameter before outputting it back in a frontend page, leading to a Reflected Cross-Site Scripting……

作者：菜鸟教程小白 | 时间：2022-7-29 17:18 | 阅读：694 | 回复：0