渗透/安全推送中心
4.55K subscribers
14.3K links
第一时间推送github安全相关项目。安全情报 @BlackHatCN
Download Telegram
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:The package smoothie from 1.31.0 and before 1.36.1 are vulnerable to Cross-site Scripting (XSS) due to improper user input sanitization in strokeStyle and tooltipLabel properties. Exploiting this vulnerability is possible when the user can control these properties. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-25929

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-25895

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:In launchConfigNewNetworkFragment of NetworkProviderSettings.java, there is a possible way for the guest user to add a new WiFi network due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Prod CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-20556

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:In MessageQueueBase of MessageQueueBase.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-247092734 CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-20557

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:A vulnerability, which was classified as problematic, was found in Opencaching Deutschland oc-server3. Affected is an unknown function of the file htdocs/lang/de/ocstyle/varset.inc.php. The manipulation of the argument varvalue leads to cross site scripting. It is possible to launch the attack remotely. The exploit has CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-4514

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:A vulnerability in the label-based access control of Grafana Labs Grafana Enterprise Metrics allows an attacker more access than intended. If an access policy which has label selector restrictions also has been granted access to all tenants in the system, the label selector restrictions will not be applied when using t CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-44643

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:A vulnerability was found in WSO2 carbon-registry up to 4.8.11. It has been rated as problematic. Affected by this issue is some unknown functionality of the file components/registry/org.wso2.carbon.registry.search.ui/src/main/resources/web/search/advancedSearchForm-ajaxprocessor.jsp of the component Advanced Search. T CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-4520

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:In authToken2AidlVec of KeyMintUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242702451 CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-20549

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:The Corner Ad plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.56. This is due to missing or incorrect nonce validation on its corner_ad_settings_page function. This makes it possible for unauthenticated attackers to trigger the deletion of ads via forged request gr CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-3427

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:In onOptionsItemSelected of ManageApplications.java, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Andr CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-20544

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:In multiple locations, there is a possible display crash loop due to improper input validation. This could lead to local denial of service with system execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238178261 CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-20543

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:In phNxpNciHal_ioctl of phNxpNciHal.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238083126 CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-20541

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:In SurfaceFlinger::doDump of SurfaceFlinger.cpp, there is possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-23729150 CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-20540

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:In parameterToHal of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the audio server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-23729142 CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-20539

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-23741

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without authentication. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-31702

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:An issue was discovered in the Linux kernel through 5.16-rc6. free_charger_irq() in drivers/power/supply/wm8350_power.c lacks free of WM8350_IRQ_CHG_FAST_RDY, which is registered in wm8350_init_charger(). CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-3111

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the instance. This vulnerability was fixed in versions 3.3.17, 3.4.1 CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-46256

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:An issue was discovered in the Linux kernel through 5.16-rc6. amvdec_set_canvases in drivers/staging/media/meson/vdec/vdec_helpers.c lacks check of the return value of kzalloc() and will cause the null pointer dereference. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-3112

#CVE_2022