CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-40562

A Segmentation fault caused by a floating point exception exists in Gpac through 1.0.1 using mp4box via the naludmx_enqueue_or_dispatch function in reframe_nalu.c, which causes a denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：11 | 回复：0
CVE-2021-40563

A Segmentation fault exists casued by null pointer dereference exists in Gpac through 1.0.1 via the naludmx_create_avc_decoder_config function in reframe_nalu.c when using mp4box, which causes a denia ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：11 | 回复：0
CVE-2021-40564

A Segmentation fault caused by null pointer dereference vulnerability eists in Gpac through 1.0.2 via the avc_parse_slice function in av_parsers.c when using mp4box, which causes a denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：9 | 回复：0
CVE-2021-40565

A Segmentation fault caused by a null pointer dereference vulnerability exists in Gpac through 1.0.1 via the gf_avc_parse_nalu function in av_parsers.c when using mp4box, which causes a denial of serv ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：9 | 回复：0
CVE-2021-40566

A Segmentation fault casued by heap use after free vulnerability exists in Gpac through 1.0.1 via the mpgviddmx_process function in reframe_mpgvid.c when using mp4box, which causes a denial of service ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：9 | 回复：0
CVE-2021-43860

Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn't properly validate that the permissions displayed to the user for an app a ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：9 | 回复：0
CVE-2022-0196

phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：7 | 回复：0
CVE-2022-0197

phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：8 | 回复：0
CVE-2022-0198

corenlp is vulnerable to Improper Restriction of XML External Entity Reference……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：8 | 回复：0
CVE-2022-22112

In DayByDay CRM, versions 1.1 through 2.2.1 (latest) suffer from an application-wide Client-Side Template Injection (CSTI). A low privileged attacker can input template injection payloads in the appli ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：7 | 回复：0
CVE-2022-22113

In DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already l ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：7 | 回复：0
CVE-2021-30285

Improper validation of memory region in Hypervisor can lead to incorrect region mapping in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：7 | 回复：0
CVE-2021-30287

Possible assertion due to improper validation of symbols configured for PDCCH monitoring in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：7 | 回复：0
CVE-2021-30300

Possible denial of service due to incorrectly decoding hex data for the SIB2 OTA message and assigning a garbage value to choice when processing the SRS configuration in Snapdragon Auto, Snapdragon Co ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：7 | 回复：0
CVE-2021-30301

Possible denial of service due to out of memory while processing RRC and NAS OTA message in Snapdragon Auto, Snapdragon Industrial IOT, Snapdragon Mobile……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：7 | 回复：0
CVE-2021-30307

Possible denial of service due to improper validation of DNS response when DNS client requests with PTR, NAPTR or SRV query type in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdr ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：7 | 回复：0
CVE-2021-30308

Possible buffer overflow while printing the HARQ memory partition detail due to improper validation of buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：7 | 回复：0
CVE-2021-30311

Possible heap overflow due to lack of index validation before allocating and writing to heap buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdrag ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：7 | 回复：0
CVE-2021-30313

Use after free condition can occur in wired connectivity due to a race condition while creating and deleting folders in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consume ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：7 | 回复：0
CVE-2021-30314

Lack of validation for third party application accessing the service can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdr ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：7 | 回复：0
CVE-2021-30319

Possible integer overflow due to improper validation of command length parameters while processing WMI command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Elec ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：8 | 回复：0
CVE-2021-30330

Possible null pointer dereference due to improper validation of APE clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：9 | 回复：0
CVE-2021-30353

Improper validation of function pointer type with actual function signature can lead to assertion in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon I ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：8 | 回复：0
CVE-2021-23514

This affects the package Crow before 0.3+4. It is possible to traverse directories to fetch arbitrary files from the server.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：7 | 回复：0
CVE-2021-45806

jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：7 | 回复：0
CVE-2021-40327

Trusted Firmware-M (TF-M) 1.4.0, when Profile Small is used, has incorrect access control. NSPE can access a secure key (held by the Crypto service) based solely on knowledge of its key ID. For exampl ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:02 | 阅读：7 | 回复：0
CVE-2022-0157

phoronix-test-suite is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：17 | 回复：0
CVE-2022-0158

vim is vulnerable to Heap-based Buffer Overflow……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：13 | 回复：0
CVE-2022-22114

In Teedy, versions v1.5 through v1.9 are vulnerable to Reflected Cross-Site Scripting (XSS). The “search term search functionality is not sufficiently sanitized while displaying the results of the se ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：13 | 回复：0
CVE-2022-22115

In Teedy, versions v1.5 through v1.9 are vulnerable to Stored Cross-Site Scripting (XSS) in the name of a created Tag. Since the Tag name is not being sanitized properly in the edit tag page, a low pr ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：15 | 回复：0
CVE-2022-22116

In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting (XSS) vulnerability via SVG file upload in media upload functionality. A low privileged attacker can inj ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：16 | 回复：0
CVE-2022-22117

In Directus, versions 9.0.0-alpha.4 through 9.4.1 allow unrestricted file upload of .html files in the media upload functionality, which leads to Cross-Site Scripting vulnerability. A low privileged a ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：16 | 回复：0
CVE-2022-22120

In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：14 | 回复：0
CVE-2022-22121

In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). A low privileged attacker can create a new table to inject payloads in the table rows. When a ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：16 | 回复：0
CVE-2020-28679

A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request.……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：15 | 回复：0
CVE-2022-0174

dolibarr is vulnerable to Business Logic Errors……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：18 | 回复：0
CVE-2021-21408

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：20 | 回复：0
CVE-2021-29454

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：23 | 回复：0
CVE-2022-0155

follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：21 | 回复：0
CVE-2022-21666

Useful Simple Open-Source CMS (USOC) is a content management system (CMS) for programmers. Versions prior to Pb2.4Bfx3 allowed Sql injection in usersearch.php only for users with administrative privil ...……

作者：菜鸟教程小白 | 时间：2022-6-22 22:01 | 阅读：23 | 回复：0