CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-36751

ENC DataVault 7.1.1W uses an inappropriate encryption algorithm, such that an attacker (who does not know the secret key) can make ciphertext modifications that are reflected in modified plaintext. Th ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:57 | 阅读：13 | 回复：0
CVE-2022-0079

showdoc is vulnerable to Generation of Error Message Containing Sensitive Information……

作者：菜鸟教程小白 | 时间：2022-6-22 21:57 | 阅读：12 | 回复：0
CVE-2021-25981

In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through v0.2021.34, are vulnerable to Insufficient Session Expiration. This may allow an attacker to reuse the a ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:57 | 阅读：13 | 回复：0
CVE-2021-25994

In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Header Injection. By luring a victim application user to click on a link, an unauthenticated attacker can use the “forgot password” ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:57 | 阅读：12 | 回复：0
CVE-2020-11263

An integer overflow due to improper check performed after the address and size passed are aligned in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Sn ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:57 | 阅读：11 | 回复：0
CVE-2021-1894

Improper access control in TrustZone due to improper error handling while handling the signing key in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:57 | 阅读：12 | 回复：0
CVE-2021-1918

Improper handling of resource allocation in virtual machines can lead to information exposure in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile……

作者：菜鸟教程小白 | 时间：2022-6-22 21:57 | 阅读：12 | 回复：0
CVE-2021-30262

Improper validation of a socket state when socket events are being sent to clients can lead to invalid access of memory in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Cons ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:57 | 阅读：11 | 回复：0
CVE-2021-30267

Possible integer overflow to buffer overflow due to improper input validation in FTM ARA commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon I ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:57 | 阅读：7 | 回复：0
CVE-2021-30268

Possible heap Memory Corruption Issue due to lack of input validation when sending HWTC IQ Capture command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Sna ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:57 | 阅读：8 | 回复：0
CVE-2021-30269

Possible null pointer dereference due to lack of TLB validation for user provided address in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:57 | 阅读：7 | 回复：0
CVE-2021-30270

Possible null pointer dereference in thread profile trap handler due to lack of thread ID validation before dereferencing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:57 | 阅读：8 | 回复：0
CVE-2021-30271

Possible null pointer dereference in trap handler due to lack of thread ID validation before dereferencing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Elect ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:57 | 阅读：8 | 回复：0
CVE-2021-30272

Possible null pointer dereference in thread cache operation handler due to lack of validation of user provided input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consume ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:57 | 阅读：7 | 回复：0
CVE-2021-30273

Possible assertion due to improper handling of IPV6 packet with invalid length in destination options header in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:57 | 阅读：6 | 回复：0
CVE-2021-30274

Possible integer overflow in access control initialization interface due to lack and size and address validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IO ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:57 | 阅读：6 | 回复：0
CVE-2021-30275

Possible integer overflow in page alignment interface due to lack of address and size validation before alignment in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer I ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:57 | 阅读：6 | 回复：0
CVE-2021-30276

Improper access control while doing XPU re-configuration dynamically can lead to unauthorized access to a secure resource in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapd ...……

作者：菜鸟教程小白 | 时间：2022-6-22 21:57 | 阅读：6 | 回复：0
CVE-2021-40042

There is a release of invalid pointer vulnerability in some Huawei products, successful exploit may cause the process and service abnormal. Affected product versions include: CloudEngine 12800 V200R01 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:11 | 阅读：211 | 回复：0
CVE-2021-46458

Victor CMS v1.0 was discovered to contain a SQL injection vulnerability in the component admin/posts.php?source=add_post. This vulnerability can be exploited through a crafted POST request via the pos ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:11 | 阅读：200 | 回复：0
CVE-2022-0286

A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:11 | 阅读：187 | 回复：0
CVE-2021-42631

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below deserializes attacker controlled leading to pre-auth remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:11 | 阅读：213 | 回复：0
CVE-2021-42635

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcoded APP_KEY value, leading to pre-auth remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:11 | 阅读：250 | 回复：0
CVE-2021-44114

Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Stock Management System in PHP/OOP 1.0, which allows remote malicious users to execute arbitrary remote code execution via create user ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:11 | 阅读：198 | 回复：0
CVE-2021-46459

Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=add_user. These vulnerabilities can be exploited through a crafted POST request ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:11 | 阅读：185 | 回复：0
CVE-2022-21659

Flask-AppBuilder is an application development framework, built on top of the Flask web framework. In affected versions there exists a user enumeration vulnerability. This vulnerability allows for a n ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:11 | 阅读：178 | 回复：0
CVE-2022-23872

Emlog pro v1.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /admin/configure.php via the parameter footer_info.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:11 | 阅读：194 | 回复：0
CVE-2022-24263

Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php via the email parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:11 | 阅读：230 | 回复：0
CVE-2022-24264

Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the search_word parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:11 | 阅读：258 | 回复：0
CVE-2022-24265

Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/menu/ via the path=component/menu/menu_filter=3 parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:11 | 阅读：211 | 回复：0
CVE-2022-24266

Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the order_by parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:11 | 阅读：197 | 回复：0
CVE-2021-46661

MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE).……

作者：菜鸟教程小白 | 时间：2022-2-5 13:11 | 阅读：236 | 回复：0
CVE-2021-46662

MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:11 | 阅读：205 | 回复：0
CVE-2021-46663

MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:11 | 阅读：203 | 回复：0
CVE-2021-46664

MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:11 | 阅读：221 | 回复：0
CVE-2021-46665

MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:11 | 阅读：233 | 回复：0
CVE-2021-46666

MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:11 | 阅读：205 | 回复：0
CVE-2021-46667

MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:11 | 阅读：226 | 回复：0
CVE-2021-46668

MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:11 | 阅读：225 | 回复：0
CVE-2021-46669

MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:11 | 阅读：232 | 回复：0