CVE-2022-0608
Integer overflow in Mojo in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Source: CVE-2022-0608
[월:] 2022년 04월
CVE-2022-27442
CVE-2022-27442
TPCMS v3.2 allows attackers to access the ThinkPHP log directory and obtain sensitive information such as the administrator’s user name and password.
Source: CVE-2022-27442
CVE-2022-27441
CVE-2022-27441
A stored cross-site scripting (XSS) vulnerability in TPCMS v3.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Phone text box.
Source: CVE-2022-27441
CVE-2022-23698
CVE-2022-23698
A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
Source: CVE-2022-23698
CVE-2022-27650
CVE-2022-27650
A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
Source: CVE-2022-27650
CVE-2022-1233
CVE-2022-1233
URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11.
Source: CVE-2022-1233
CVE-2022-1185
CVE-2022-1185
A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to crash the GitLab web application with a maliciously crafted RDoc file
Source: CVE-2022-1185
CVE-2022-25613
CVE-2022-25613
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in FV Flowplayer Video Player (WordPress plugin) versions <= 7.5.18.727 via &fv_wp_flowplayer_field_splash parameter.
Source: CVE-2022-25613
CVE-2022-1175
CVE-2022-1175
Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes.
Source: CVE-2022-1175
CVE-2022-1189
CVE-2022-1189
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.2 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 that allowed for an unauthorised user to read the the approval rules of a private project.
Source: CVE-2022-1189