CVE HUB 👾
792 subscribers
19.3K links
Github Red team resource push
Github 红队资源推送
Cve/Rce/Exploit/Redteam/漏洞利用/红队

Channel push 24/7 (real time)
频道全天候推送(实时)
Download Telegram
Channel created
👋🏻
Channel push 24/7 (real time)
频道全天候推送(实时)

This channel will be used to push CVE and red team resources.
该频道将用于推送CVE和红队资源。

Chat https://t.me/+J9NOoJzZF9tiZGZl
3👍1
Done
The server has been updated
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-26134
Github: https://github.com/keven1z/CVE-2022-26134
Describe:
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-34918
Github: https://github.com/merlinepedra/CVE-2022-34918-LPE-PoC
Describe:
An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-33891
Github: https://github.com/llraudseppll/cve-2022-33891
Describe:
The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1.
Done
The server has been updated