🚨 CVE-2019-13764
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
🎖@cveNotify
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
🎖@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 79 to the stable channel for Windows, Mac and Linux. This will roll out ove...
🚨 CVE-2019-13745
Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
🎖@cveNotify
Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
🎖@cveNotify
🚨 CVE-2022-21844
HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21926, CVE-2022-21927.
🎖@cveNotify
HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21926, CVE-2022-21927.
🎖@cveNotify
🚨 CVE-2022-21927
HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21844, CVE-2022-21926.
🎖@cveNotify
HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21844, CVE-2022-21926.
🎖@cveNotify
🚨 CVE-2019-12921
In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG.
🎖@cveNotify
In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG.
🎖@cveNotify
www.graphicsmagick.org
GraphicsMagick Image Processing System
GraphicsMagick is a robust collection of tools and libraries to read, write, and manipulate an image in any of the more popular image formats including GIF, JPEG, JPEG-2000, PNG, PDF, and WebP. With GraphicsMagick you can create GIFs dynamically making it…
🚨 CVE-2021-27430
GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials. Additionally, a user with physical access to the UR IED can interrupt the boot sequence by rebooting the UR.
🎖@cveNotify
GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials. Additionally, a user with physical access to the UR IED can interrupt the boot sequence by rebooting the UR.
🎖@cveNotify
🚨 CVE-2022-1064
SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1.
🎖@cveNotify
SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1.
🎖@cveNotify
GitHub
Prevent sql injection through the ids of the blog comments · forkcms/forkcms@6aca30e
Fork is an easy to use open source CMS using Symfony Components. - Prevent sql injection through the ids of the blog comments · forkcms/forkcms@6aca30e
🚨 CVE-2022-1052
Heap Buffer Overflow in iterate_chained_fixups in GitHub repository radareorg/radare2 prior to 5.6.6.
🎖@cveNotify
Heap Buffer Overflow in iterate_chained_fixups in GitHub repository radareorg/radare2 prior to 5.6.6.
🎖@cveNotify
huntr.dev
Heap-based Buffer Overflow in radare2
15.46K developers have been protected by securing radare2. Read this report, and explore others to learn how you can also protect the world by earning cash and CVEs.
🚨 CVE-2022-22952
VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains a file upload vulnerability. A malicious actor with administrative access to the VMware App Control administration interface may be able to execute code on the Windows instance where AppC Server is installed by uploading a specially crafted file.
🎖@cveNotify
VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains a file upload vulnerability. A malicious actor with administrative access to the VMware App Control administration interface may be able to execute code on the Windows instance where AppC Server is installed by uploading a specially crafted file.
🎖@cveNotify
VMware
VMSA-2022-0008
VMware Carbon Black App Control update addresses multiple vulnerabilities (CVE-2022-22951, CVE-2022-22952)
🚨 CVE-2022-27820
OWASP Zed Attack Proxy (ZAP) through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server.
🎖@cveNotify
OWASP Zed Attack Proxy (ZAP) through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server.
🎖@cveNotify
🚨 CVE-2022-1061
Heap Buffer Overflow in parseDragons in GitHub repository radareorg/radare2 prior to 5.6.8.
🎖@cveNotify
Heap Buffer Overflow in parseDragons in GitHub repository radareorg/radare2 prior to 5.6.8.
🎖@cveNotify
GitHub
Fix oobread in symbols header parsing ##bin · radareorg/radare2@d4ce40b
UNIX-like reverse engineering framework and command-line toolset - Fix oobread in symbols header parsing ##bin · radareorg/radare2@d4ce40b
🚨 CVE-2022-0315
Insecure Temporary File in GitHub repository horovod/horovod prior to 0.24.0.
🎖@cveNotify
Insecure Temporary File in GitHub repository horovod/horovod prior to 0.24.0.
🎖@cveNotify
🚨 CVE-2021-43707
Cross Site Scripting (XSS) vulnerability exists in Maccms v10 via link_Name parameter.
🎖@cveNotify
Cross Site Scripting (XSS) vulnerability exists in Maccms v10 via link_Name parameter.
🎖@cveNotify
GitHub
XSS · Issue #18 · maccmspro/maccms10
进入后台,点击基础-->友链管理-->添加,在名称处link_name[]插入payload:test”><img/src=1 onerror=alert(1)> 点击保存,成功触发XSS,此外,该处也存在CSRF漏洞,可以结合CSRF漏洞进行利用
🚨 CVE-2021-43479
A Remote Code Execution (RCE) vulnerability exists in The-Secretary 2.5 via install.php.
🎖@cveNotify
A Remote Code Execution (RCE) vulnerability exists in The-Secretary 2.5 via install.php.
🎖@cveNotify
GitHub
install rce · Issue #10 · mikaelstaer/The-Secretary
my env: Version 2.5 php 5.3.29 windows At /install.php:90,user input was saved to /system/assistants/config.inc.php causing RCE Create a new database named test";phpinfo();# and then visit /in...
🚨 CVE-2022-27254
The remote keyless system on Honda Civic 2018 vehicles sends the same RF signal for each door-open request, which allows for a replay attack, a related issue to CVE-2019-20626.
🎖@cveNotify
The remote keyless system on Honda Civic 2018 vehicles sends the same RF signal for each door-open request, which allows for a replay attack, a related issue to CVE-2019-20626.
🎖@cveNotify
🚨 CVE-2022-26546
Hospital Management System v1.0 was discovered to lack an authorization component, allowing attackers to access sensitive information and obtain the admin password.
🎖@cveNotify
Hospital Management System v1.0 was discovered to lack an authorization component, allowing attackers to access sensitive information and obtain the admin password.
🎖@cveNotify
GitHub
No authorization in application leads admin password disclosure to unauthenticated users · Discussion #12 · kabirkhyrul/hms
No authorization in application leads admin password disclosure to unauthenticated users While analyzing the application and its functionalities, it is observed that the authorization is missing in...
🚨 CVE-2021-43722
D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnap_main function in the cgibin handler uses sprintf to format the soapaction header onto the stack and has no limit on the size.
🎖@cveNotify
D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnap_main function in the cgibin handler uses sprintf to format the soapaction header onto the stack and has no limit on the size.
🎖@cveNotify
D-Link
Security Bulletin
🚨 CVE-2021-46439
The WinSEGAV AutoConfig service in EG Free Antivirus v2020 suffers from a local privilege escalation vulnerability, due to unquoted paths in the service's executable path.
🎖@cveNotify
The WinSEGAV AutoConfig service in EG Free Antivirus v2020 suffers from a local privilege escalation vulnerability, due to unquoted paths in the service's executable path.
🎖@cveNotify
🚨 CVE-2022-0778
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).
🎖@cveNotify
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).
🎖@cveNotify
🚨 CVE-2022-27966
Xshell v7.0.0099 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.
🎖@cveNotify
Xshell v7.0.0099 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.
🎖@cveNotify
GitHub
Vuln/NetSarang-CreateProcessW-Misuse-Binary-Hijack/Xshell-CreateProcessW-Misuse-Binary-Hijack at main · ycdxsb/Vuln
Contribute to ycdxsb/Vuln development by creating an account on GitHub.