CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-45978

Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via xfa.host.gotoURL in the XFA API.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：27 | 回复：0
CVE-2021-45979

Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via app.launchURL in the JavaScript API.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：31 | 回复：0
CVE-2021-45980

Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via getURL in the JavaScript API.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：22 | 回复：0
CVE-2021-40148

In Modem EMM, there is a possible information disclosure due to a missing data encryption. This could lead to remote information disclosure with no additional execution privileges needed. User interac ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：21 | 回复：0
CVE-2021-41789

In wifi driver, there is a possible system crash due to a missing validation check. This could lead to remote denial of service from a proximal attacker with no additional execution privileges needed. ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：18 | 回复：0
CVE-2021-45389

StarWind SAN NAS build 1578 and StarWind Command Center Build 6864 Update Manager allows authentication with JTW token which is signed with any key. An attacker could use self-signed JTW token to byp ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：20 | 回复：0
CVE-2021-45912

An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cuAgent.exe) before 8.5 potentially allows an attacker to run OS commands via the ProcessActionRequest WCF method.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：19 | 回复：0
CVE-2022-20012

In mdp driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is no ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：19 | 回复：0
CVE-2022-20013

In vow driver, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed f ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：18 | 回复：0
CVE-2022-20014

In vow driver, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：19 | 回复：0
CVE-2022-20015

In kd_camera_hw driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：16 | 回复：0
CVE-2022-20016

In vow driver, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed f ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：17 | 回复：0
CVE-2022-20018

In seninf driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：16 | 回复：0
CVE-2022-20019

In libMtkOmxGsmDec, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User in ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：18 | 回复：0
CVE-2022-20020

In libvcodecdrv, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interact ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：17 | 回复：0
CVE-2022-20021

In Bluetooth, there is a possible application crash due to bluetooth does not properly handle the reception of multiple LMP_host_connection_req. This could lead to remote denial of service of bluetoot ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：18 | 回复：0
CVE-2022-20022

In Bluetooth, there is a possible link disconnection due to bluetooth does not properly handle a connection attempt from a host with the same BD address as the currently connected BT host. This could ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：27 | 回复：0
CVE-2022-20023

In Bluetooth, there is a possible application crash due to bluetooth flooding a device with LMP_AU_rand packet. This could lead to remote denial of service of bluetooth with no additional execution pr ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：16 | 回复：0
CVE-2021-3845

ws-scrcpy is vulnerable to External Control of File Name or Path……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：13 | 回复：0
CVE-2021-39143

Spinnaker is an open source, multi-cloud continuous delivery platform. A path traversal vulnerability was discovered in uses of TAR files by AppEngine for deployments. This uses a utility to extract f ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：12 | 回复：0
CVE-2022-0086

uppy is vulnerable to Server-Side Request Forgery (SSRF)……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：12 | 回复：0
CVE-2021-24042

The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsA ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：10 | 回复：0
CVE-2021-41141

PJSIP is a free and open source multimedia communication library written in the C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In various parts of PJSIP, ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：10 | 回复：0
CVE-2021-41236

OroPlatform is a PHP Business Application Platform. In affected versions the email template preview is vulnerable to XSS payload added to email template content. An attacker must have permission to cr ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：10 | 回复：0
CVE-2021-41610

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-27339. Reason: This candidate is a reservation duplicate of CVE-2020-27339. Notes: All CVE users should reference CVE-2020-27339 ins ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：8 | 回复：0
CVE-2021-43677

Fluxbb v1.4.12 is affected by a Cross Site Scripting (XSS) vulnerability.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：6 | 回复：0
CVE-2021-43832

Spinnaker is an open source, multi-cloud continuous delivery platform. Spinnaker has improper permissions allowing pipeline creation execution. This lets an arbitrary user with access to the gate end ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：10 | 回复：0
CVE-2021-43850

Discourse is an open source platform for community discussion. In affected versions admins users can trigger a Denial of Service attack via the `/message-bus/_diagnostics` path. The impact of this vul ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：12 | 回复：0
CVE-2021-43852

OroPlatform is a PHP Business Application Platform. In affected versions by sending a specially crafted request, an attacker could inject properties into existing JavaScript language construct prototy ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:58 | 阅读：10 | 回复：0
CVE-2021-41817

Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:57 | 阅读：111 | 回复：0
CVE-2021-44716

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:57 | 阅读：52 | 回复：0
CVE-2021-44717

Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file- ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:57 | 阅读：45 | 回复：0
CVE-2021-41819

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:57 | 阅读：40 | 回复：0
CVE-2021-43333

The Datalogic DXU service on (for example) DL-Axist devices does not require authentication for configuration changes or disclosure of configuration settings.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:57 | 阅读：32 | 回复：0
CVE-2021-44852

An issue was discovered in BS_RCIO64.sys in Biostar RACING GT Evo 2.1.1905.1700. A low-integrity process can open the driver's device object and issue IOCTLs to read or write to arbitrary physical ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:57 | 阅读：32 | 回复：0
CVE-2021-45960

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memor ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:57 | 阅读：27 | 回复：0
CVE-2021-45972

The giftrans function in giftrans 1.12.2 contains a stack-based buffer overflow because a value inside the input file determines the amount of data to write. This allows an attacker to overwrite up to ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:57 | 阅读：28 | 回复：0
CVE-2021-44896

DMP Roadmap before 3.0.4 allows XSS.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:57 | 阅读：20 | 回复：0
CVE-2022-22293

admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAIN_MAX_DECIMALS_TOT parameter.……

作者：菜鸟教程小白 | 时间：2022-6-22 21:57 | 阅读：20 | 回复：0
CVE-2022-0080

mruby is vulnerable to Heap-based Buffer Overflow……

作者：菜鸟教程小白 | 时间：2022-6-22 21:57 | 阅读：18 | 回复：0