• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号
登陆 注册
描述文字
OGeek|极客世界-中国程序员成长平台 门户 漏洞CVE漏洞

CVE漏洞

RSS
  • CVE-2022-20092
    CVE-2022-20092
    In alac decoder, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:96 | 回复:0
  • CVE-2022-20093
    CVE-2022-20093
    In telephony, there is a possible way to disable receiving SMS messages due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges need ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:117 | 回复:0
  • CVE-2022-20094
    CVE-2022-20094
    In imgsensor, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:113 | 回复:0
  • CVE-2022-20095
    CVE-2022-20095
    In imgsensor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not n ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:98 | 回复:0
  • CVE-2022-20096
    CVE-2022-20096
    In camera, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is no needed ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:101 | 回复:0
  • CVE-2022-20097
    CVE-2022-20097
    In aee daemon, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is n ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:100 | 回复:0
  • CVE-2022-20098
    CVE-2022-20098
    In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction i ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:112 | 回复:0
  • CVE-2022-20099
    CVE-2022-20099
    In aee daemon, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is n ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:134 | 回复:0
  • CVE-2022-20100
    CVE-2022-20100
    In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction i ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:158 | 回复:0
  • CVE-2022-20109
    CVE-2022-20109
    In ion, there is a possible use after free due to improper update of reference count. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:189 | 回复:0
  • CVE-2022-20110
    CVE-2022-20110
    In ion, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:257 | 回复:0
  • CVE-2022-27313
    CVE-2022-27313
    An arbitrary file deletion vulnerability in Gitea v1.16.3 allows attackers to cause a Denial of Service (DoS) via deleting the configuration file.……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:399 | 回复:0
  • CVE-2022-27330
    CVE-2022-27330
    A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_product of E-Commerce Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected in ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:1079 | 回复:0
  • CVE-2022-28780
    CVE-2022-28780
    Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper pro ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:442 | 回复:0
  • CVE-2022-28781
    CVE-2022-28781
    Improper input validation in Settings prior to SMR-May-2022 Release 1 allows attackers to launch arbitrary activity with system privilege. The patch adds proper validation logic to check the caller.……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:264 | 回复:0
  • CVE-2022-28782
    CVE-2022-28782
    Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. The patch blocks entry point ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:268 | 回复:0
  • CVE-2022-28783
    CVE-2022-28783
    Improper validation of removing package name in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to uninstall arbitrary packages without permission. The patch adds proper validation logi ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:186 | 回复:0
  • CVE-2022-28784
    CVE-2022-28784
    Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user. The patch addresses incorrect implementation of ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:154 | 回复:0
  • CVE-2022-28785
    CVE-2022-28785
    Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check log ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:109 | 回复:0
  • CVE-2022-28786
    CVE-2022-28786
    Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check log ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:164 | 回复:0
  • CVE-2022-28787
    CVE-2022-28787
    Improper buffer size check logic in wmfextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check log ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:101 | 回复:0
  • CVE-2022-28788
    CVE-2022-28788
    Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check log ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:84 | 回复:0
  • CVE-2022-28789
    CVE-2022-28789
    Unprotected activities in Voice Note prior to version 21.3.51.11 allows attackers to record voice without user interaction. The patch adds proper permission for vulnerable activities.……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:83 | 回复:0
  • CVE-2022-28790
    CVE-2022-28790
    Improper authentication in Link to Windows Service prior to version 2.3.04.1 allows attacker to lock the device. The patch adds proper caller signature check logic.……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:68 | 回复:0
  • CVE-2022-28791
    CVE-2022-28791
    Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 allows attacker to overwrite files stored in a specific path. The patch adds proper protection to prev ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:77 | 回复:0
  • CVE-2022-28792
    CVE-2022-28792
    DLL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker to execute arbitrary code. The patch adds proper absolute path to prevent dll hijacking.……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:84 | 回复:0
  • CVE-2022-28793
    CVE-2022-28793
    Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch i ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:85 | 回复:0
  • CVE-2021-22680
    CVE-2021-22680
    NXP MQX Versions 5.1 and prior are vulnerable to integer overflow in mem_alloc, _lwmem_alloc and _partition functions. This unverified memory assignment can lead to arbitrary memory allocation, result ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:82 | 回复:0
  • CVE-2021-27411
    CVE-2021-27411
    Micrium OS Versions 5.10.1 and prior are vulnerable to integer wrap-around in functions Mem_DynPoolCreate, Mem_DynPoolCreateHW and Mem_PoolCreate. This unverified memory assignment can lead to arbitra ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:75 | 回复:0
  • CVE-2021-27417
    CVE-2021-27417
    eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable to integer wraparound in function calloc (an implementation of malloc). The unverified memory assignment can lead to arbitrary memo ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:96 | 回复:0
  • CVE-2021-27419
    CVE-2021-27419
    uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc-simple. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected be ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:85 | 回复:0
  • CVE-2021-27421
    CVE-2021-27421
    NXP MCUXpresso SDK versions prior to 2.8.2 are vulnerable to integer overflow in SDK_Malloc function, which could allow to access memory locations outside the bounds of a specified array, leading to u ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:124 | 回复:0
  • CVE-2021-27425
    CVE-2021-27425
    Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-around in function mm_malloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavi ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:85 | 回复:0
  • CVE-2021-27427
    CVE-2021-27427
    RIOT OS version 2020.01.1 is vulnerable to integer wrap-around in its implementation of calloc function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:78 | 回复:0
  • CVE-2021-27431
    CVE-2021-27431
    ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc (local malloc equivalent) function, which can lead to arbitrary memory allocation, resulting in unexpec ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:78 | 回复:0
  • CVE-2021-27433
    CVE-2021-27433
    ARM mbed-ualloc memory library version 1.3.0 is vulnerable to integer wrap-around in function mbed_krbs, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:65 | 回复:0
  • CVE-2021-27435
    CVE-2021-27435
    ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in malloc_wrapper function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a rem ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:78 | 回复:0
  • CVE-2021-27439
    CVE-2021-27439
    TencentOS-tiny version 3.1.0 is vulnerable to integer wrap-around in function 'tos_mmheap_alloc incorrect calculation of effective memory allocation size. This improper memory assignment can lead ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:63 | 回复:0
  • CVE-2022-1548
    CVE-2022-1548
    Mattermost Playbooks plugin 1.25 and earlier fails to properly restrict user-level permissions, which allows playbook members to escalate their membership privileges and perform actions restricted to ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:57 | 回复:0
  • CVE-2022-20101
    CVE-2022-20101
    In aee daemon, there is a possible information disclosure due to a path traversal. This could lead to local information disclosure with no additional execution privileges needed. User interaction is n ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:61 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap