渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:A remote file download issue can occur in some capabilities of Esri ArcGIS Server web services that may in some edge cases allow a remote, unauthenticated attacker to induce an unsuspecting victim to launch a process in the victim's PATH environment. Current browsers provide users with warnings against running unsigned CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-38199

#CVE_2022

渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the `is_static` parameter to determine if the call is executed in a static context (via `STATICCALL`), and thus decide if stateful operations should be done. Prior to version 0.36.0, the passed `is_sta CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-39354

#CVE_2022

渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:Winter is a free, open-source content management system based on the Laravel PHP framework. The Snowboard framework in versions 1.1.8, 1.1.9, and 1.2.0 is vulnerable to prototype pollution in the main Snowboard class as well as its plugin loader. The 1.0 branch of Winter is not affected, as it does not contain the Snow CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-39357

#CVE_2022

渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:Discourse Patreon enables syncronization between Discourse Groups and Patreon rewards. On sites with Patreon login enabled, an improper authentication vulnerability could be used to take control of a victim's forum account. This vulnerability is patched in commit number 846d012151514b35ce42a1636c7d70f6dcee879e of the d CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-39355

#CVE_2022

渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Kardia App version 5.17.1-754993421 and prior on Android allows an unauthenticated attacker with physical access to the Android device containing the app to bypass application authentication and alter information in the app. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-40703

#CVE_2022

渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-2782

#CVE_2022

渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c). CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-26981

#CVE_2022

渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:D-Link DIR-816 A2 1.10 B05 was discovered to contain multiple command injection vulnerabilities via the admuser and admpass parameters at /goform/setSysAdm. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-42999

#CVE_2022

渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:The pyesasky for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2.0-1.4.2. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-30885

#CVE_2022

渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep4_pskpwd parameter at /goform/form2WizardStep4. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-43000

#CVE_2022

渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep54_pskpwd parameter at /goform/form2WizardStep54. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-43002

#CVE_2022

渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setSecurity function. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-43001

#CVE_2022

渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, H2 (Sample Database) could allow Remote Code Execution (RCE), which can be abused by users able to write SQL queries on H2 databases. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1 CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-39361

#rce

渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with an unsafe providerURL. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-42468

#rce

渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution (RCE) with privileges of application. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-29823

#rce

渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:A stack-based buffer overflow in Forcepoint Email Security version 8.5 allows an attacker to craft malicious input and potentially crash a process creating a denial-of-service. While no known Remote Code Execution (RCE) vulnerabilities exist, as with all buffer overflows, the possibility of RCE cannot be completely rul CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2018-16530

#rce

渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-2852

#CVE_2022

渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-25486

#CVE_2022

渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file . CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-2618

#CVE_2022

渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-3049

#CVE_2022

渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:Heap buffer overflow in Screen Capture in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-3043

#CVE_2022