CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-23566

The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：20 | 回复：0
CVE-2021-23567

The package colors after 1.4.0 are vulnerable to Denial of Service (DoS) that was introduced through an infinite loop in the americanFlag module. Unfortunately this appears to have been a purposeful a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：26 | 回复：0
CVE-2021-28500

An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：14 | 回复：0
CVE-2021-28501

An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：24 | 回复：0
CVE-2021-28506

An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：27 | 回复：0
CVE-2021-28507

An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the deni ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：61 | 回复：0
CVE-2021-36199

Running a vulnerability scanner against VideoEdge NVRs can cause some functionality to stop.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：13 | 回复：0
CVE-2021-36920

Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WordPress plugin Download Monitor (versions = 4.4.6).……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：21 | 回复：0
CVE-2021-38126

Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cro ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：18 | 回复：0
CVE-2021-38127

Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cro ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：18 | 回复：0
CVE-2021-39618

In multiple methods of EuiccNotificationManager.java, there is a possible way to install existing packages without user consent due to an unsafe PendingIntent. This could lead to local escalation of p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：16 | 回复：0
CVE-2021-39620

In ipcSetDataReference of Parcel.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：14 | 回复：0
CVE-2021-39621

In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：27 | 回复：0
CVE-2021-39622

In GBoard, there is a possible way to bypass Factory Reset Protection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：13 | 回复：0
CVE-2021-39623

In doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileg ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：20 | 回复：0
CVE-2021-39625

In showCarrierAppInstallationNotification of EuiccNotificationManager.java, there is a possible way to gain an access to MediaProvider content due to an unsafe PendingIntent. This could lead to local ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：56 | 回复：0
CVE-2021-39626

In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege in Bluetooth settings with no add ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：20 | 回复：0
CVE-2021-39627

In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：18 | 回复：0
CVE-2021-39628

In StatusBar.java, there is a possible disclosure of notification content on the lockscreen due to a logic error in the code. This could lead to local information disclosure with no additional executi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：17 | 回复：0
CVE-2021-39629

In phTmlNfc_Init and phTmlNfc_CleanUp of phTmlNfc.cc, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileg ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：31 | 回复：0
CVE-2021-39630

In executeRequest of OverlayManagerService.java, there is a possible way to control fabricated overlays from adb shell due to a permissions bypass. This could lead to local escalation of privilege wit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：19 | 回复：0
CVE-2021-39632

In inotify_cb of events.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：29 | 回复：0
CVE-2021-39633

In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access. This could lead to local information disclosure with no additional execution privileges needed. User ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：17 | 回复：0
CVE-2021-39634

In fs/eventpoll.c, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：26 | 回复：0
CVE-2021-39659

In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, there is a possible prevention of access to emergency calling due to an unhandled exception. In rare instances, this could lead t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：21 | 回复：0
CVE-2021-39678

In TBD of TBD, there is a possible bypass of Factory Reset Protection due to TBD. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is n ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：30 | 回复：0
CVE-2021-39679

In init of vendor_graphicbuffer_meta.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. U ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：27 | 回复：0
CVE-2021-39680

In sec_SHA256_Transform of sha256_core.c, there is a possible way to read heap data due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：26 | 回复：0
CVE-2021-39681

In delete_protocol of main.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. Use ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：19 | 回复：0
CVE-2021-39682

In mgm_alloc_page of memory_group_manager.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution pri ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：25 | 回复：0
CVE-2021-39683

In copy_from_mbox of sss_ice_util.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. Us ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：13 | 回复：0
CVE-2021-39684

In target_init of gs101/abl/target/slider/target.c, there is a possible allocation of RWX memory due to a logic error in the code. This could lead to local escalation of privilege with no additional e ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：34 | 回复：0
CVE-2021-3965

Certain HP DesignJet products may be vulnerable to unauthenticated HTTP requests which allow viewing and downloading of print job previews.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：20 | 回复：0
CVE-2021-42067

In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an attacker authenticated as a regular user can use the S/4 Hana dashboa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：29 | 回复：0
CVE-2021-43752

Adobe Illustrator versions 25.4.2 (and earlier) and 26.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could levera ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：27 | 回复：0
CVE-2021-44234

SAP Business One - version 10.0, extended log stores information that can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：14 | 回复：0
CVE-2021-44530

An injection vulnerability exists in a third-party library used in UniFi Network Version 6.5.53 and earlier (Log4J CVE-2021-44228) allows a malicious actor to control the application.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：17 | 回复：0
CVE-2021-44700

Adobe Illustrator versions 25.4.2 (and earlier) and 26.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could levera ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：22 | 回复：0
CVE-2021-44701

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：18 | 回复：0
CVE-2021-44702

Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability. An unauthentic ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:03 | 阅读：21 | 回复：0