渗透/安全推送中心
4.54K subscribers
14.3K links
第一时间推送github安全相关项目。安全情报 @BlackHatCN
Download Telegram
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-2627

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-2190

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-37428

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-40188

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-2405

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:The WP Popup Builder WordPress plugin before 1.2.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-2404

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of another user in that Gr CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-31107

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:Streamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive informati CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-35918

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:In Tenda ax1803 v1.0.0.1, the http requests handled by the fromAdvSetMacMtuWan functions, wanSpeed, cloneType, mac, can cause a stack overflow and enable remote code execution (RCE). CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-40876

#rce
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files. It was fixed in PDFTron earlier than 9.0.7 version in Autodesk Navisworks 2022, and 2020. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-27527

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physi CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-29855

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, versions 1.8 (1.8.0.12) and earlier, could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow acces CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-29854

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthor CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-1462

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:In ERPNext, versions v11.0.0-beta through v13.0.2 are vulnerable to Missing Authorization, in the chat rooms functionality. A low privileged attacker can send a direct message or a group message to any member or group, impersonating themselves as the administrator. The attacker can also read chat messages of groups tha CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-23055

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:The Security Team noticed that the termination condition of the for loop in the readExternal method is a controllable variable, which, if tampered with, may lead to CPU exhaustion. As a fix, we added an upper bound and termination condition in the read and write logic. We classify it as a "low-priority but useful impro CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-26477

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:A remote file download issue can occur in some capabilities of Esri ArcGIS Server web services that may in some edge cases allow a remote, unauthenticated attacker to induce an unsuspecting victim to launch a process in the victim's PATH environment. Current browsers provide users with warnings against running unsigned CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-38199

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the `is_static` parameter to determine if the call is executed in a static context (via `STATICCALL`), and thus decide if stateful operations should be done. Prior to version 0.36.0, the passed `is_sta CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-39354

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:Winter is a free, open-source content management system based on the Laravel PHP framework. The Snowboard framework in versions 1.1.8, 1.1.9, and 1.2.0 is vulnerable to prototype pollution in the main Snowboard class as well as its plugin loader. The 1.0 branch of Winter is not affected, as it does not contain the Snow CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-39357

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:Discourse Patreon enables syncronization between Discourse Groups and Patreon rewards. On sites with Patreon login enabled, an improper authentication vulnerability could be used to take control of a victim's forum account. This vulnerability is patched in commit number 846d012151514b35ce42a1636c7d70f6dcee879e of the d CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-39355

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Kardia App version 5.17.1-754993421 and prior on Android allows an unauthenticated attacker with physical access to the Android device containing the app to bypass application authentication and alter information in the app. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-40703

#CVE_2022