CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2020-10137

Z-Wave devices based on Silicon Labs 700 series chipsets using S2 do not adequately authenticate or encrypt FIND_NODE_IN_RANGE frames, allowing a remote, unauthenticated attacker to inject a FIND_NODE ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：10 | 回复：0
CVE-2020-29050

SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：10 | 回复：0
CVE-2020-9057

Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerabl ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：11 | 回复：0
CVE-2020-9058

Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 versi ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：10 | 回复：0
CVE-2020-9059

Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 ve ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：9 | 回复：0
CVE-2020-9060

Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited to the ZooZ ZST10 version 6.04, ZooZ ZEN20 version 5.03, ZooZ ZEN25 version 5.03, Aeon Labs ZW090-A ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：9 | 回复：0
CVE-2020-9061

Z-Wave devices using Silicon Labs 500 and 700 series chipsets, including but not likely limited to the SiLabs UZB-7 version 7.00, ZooZ ZST10 version 6.04, Aeon Labs ZW090-A version 3.95, and Samsung S ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：9 | 回复：0
CVE-2021-20046

A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in th ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：9 | 回复：0
CVE-2021-20048

A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the fir ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：7 | 回复：0
CVE-2021-22060

In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：7 | 回复：0
CVE-2021-22569

An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：6 | 回复：0
CVE-2021-23173

The affected product is vulnerable to an improper access control, which may allow an authenticated user to gain unauthorized access to sensitive data.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：9 | 回复：0
CVE-2021-23543

All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：10 | 回复：0
CVE-2021-23568

The package extend2 before 1.0.1 are vulnerable to Prototype Pollution via the extend function due to unsafe recursive merge.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：9 | 回复：0
CVE-2021-23594

All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:59 | 阅读：9 | 回复：0
CVE-2021-30278

Improper input validation in TrustZone memory transfer interface can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：6 | 回复：0
CVE-2021-30279

Possible access control violation while setting current permission for VMIDs due to improper permission masking in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Indu ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：9 | 回复：0
CVE-2021-30282

Possible out of bound write in RAM partition table due to improper validation on number of partitions provided in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：6 | 回复：0
CVE-2021-30283

Possible denial of service due to improper handling of debug register trap from user applications in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：4 | 回复：0
CVE-2021-30289

Possible buffer overflow due to lack of range check while processing a DIAG command for COEX management in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snap ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：4 | 回复：0
CVE-2021-30293

Possible assertion due to lack of input validation in PUSCH configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：4 | 回复：0
CVE-2021-30298

Possible out of bound access due to improper validation of item size and DIAG memory pools data while switching between USB and PCIE interface in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon I ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：4 | 回复：0
CVE-2021-30303

Possible buffer overflow due to lack of buffer length check when segmented WMI command is received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Conn ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：4 | 回复：0
CVE-2021-30335

Possible assertion in QOS request due to improper validation when multiple add or update request are received simultaneously in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：4 | 回复：0
CVE-2021-30336

Possible out of bound read due to lack of domain input validation while processing APK close session request in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：4 | 回复：0
CVE-2021-30337

Possible use after free when process shell memory is freed using IOCTL call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consum ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：4 | 回复：0
CVE-2021-30348

Improper validation of LLM utility timers availability can lead to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snap ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：4 | 回复：0
CVE-2021-30351

An out of bound memory access can occur due to improper validation of number of frames being passed during music playback in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Co ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：4 | 回复：0
CVE-2021-35093

Possible memory corruption in BT controller when it receives an oversized LMP packet over 2-DH1 link and leads to denial of service in BlueCore……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：4 | 回复：0
CVE-2021-44158

ASUS RT-AX56U Wi-Fi Router is vulnerable to stack-based buffer overflow due to improper validation for httpd parameter length. An authenticated local area network attacker can launch arbitrary code ex ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：4 | 回复：0
CVE-2021-45916

The programming function of Shockwall system has an improper input validation vulnerability. An authenticated attacker within the local area network can send malicious response to the server to disrup ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：4 | 回复：0
CVE-2021-45917

The server-request receiver function of Shockwall system has an improper authentication vulnerability. An authenticated attacker of an agent computer within the local area network can use the local re ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：4 | 回复：0
CVE-2021-24680

The WP Travel Engine WordPress plugin before 5.3.1 does not escape the Description field in the Trip Destination/Activities/Trip Type and Pricing Category pages, allowing users with a role as low as e ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：4 | 回复：0
CVE-2021-24786

The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the orderby GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：4 | 回复：0
CVE-2021-24828

The Mortgage Calculator / Loan Calculator WordPress plugin before 1.5.17 does not escape the some of the attributes of its mlcalc shortcode before outputting them, which could allow users with a role ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：4 | 回复：0
CVE-2021-24831

All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such a ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：4 | 回复：0
CVE-2021-24893

The Stars Rating WordPress plugin before 3.5.1 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the comments section, or pending comment dash ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：4 | 回复：0
CVE-2021-24963

The LiteSpeed Cache WordPress plugin before 4.4.4 does not escape the qc_res parameter before outputting it back in the JS code of an admin page, leading to a Reflected Cross-Site Scripting……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：4 | 回复：0
CVE-2021-24964

The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using a specifi ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：4 | 回复：0
CVE-2021-24973

The Site Reviews WordPress plugin before 5.17.3 does not sanitise and escape the site-reviews parameter of the glsr_action AJAX action (available to unauthenticated and any authenticated users), allow ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：4 | 回复：0