CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-23173

The affected product is vulnerable to an improper access control, which may allow an authenticated user to gain unauthorized access to sensitive data.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-23543

All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：3 | 回复：0
CVE-2021-23568

The package extend2 before 1.0.1 are vulnerable to Prototype Pollution via the extend function due to unsafe recursive merge.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：3 | 回复：0
CVE-2021-23594

All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-30360

Users have access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a spe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-32996

The FANUC R-30iA and R-30iB series controllers are vulnerable to integer coercion errors, which cause the device to crash. A restart is required.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：3 | 回复：0
CVE-2021-32998

The FANUC R-30iA and R-30iB series controllers are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. INIT START/restore from backup required.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：3 | 回复：0
CVE-2021-34086

In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver hosts APIs vulnerable to CSRF. They do not verify inc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：3 | 回复：0
CVE-2021-34087

In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver can be used for clickjacking. This includes the setti ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：3 | 回复：0
CVE-2021-35247

Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitizatio ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-38894

IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-38895

IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended fu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：3 | 回复：0
CVE-2021-38921

IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210067.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：3 | 回复：0
CVE-2021-38956

IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive version information in HTTP response headers that could aid in further attacks against the system. IBM X-Force ID: 212038……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-38957

IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazardous input validation during QR code generation. IBM X-Force ID: 212040.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：3 | 回复：0
CVE-2021-38990

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the mount command which could lead to code execution. IBM X-Force ID: 212952.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-39993

There is an Integer overflow vulnerability with ACPU in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-39996

There is a Heap-based buffer overflow vulnerability with the NFC module in smartphones. Successful exploitation of this vulnerability may cause memory overflow.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-39998

There is Vulnerability of APIs being concurrently called for multiple times in HwConnectivityExService a in smartphones. Successful exploitation of this vulnerability may cause the system to crash and ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：3 | 回复：0
CVE-2021-40000

The Bluetooth module has an out-of-bounds write vulnerability. Successful exploitation of this vulnerability may result in malicious command execution at the remote end.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：3 | 回复：0
CVE-2021-40001

The CaasKit module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause the MeeTime application to be unavailable.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-40002

The Bluetooth module has an out-of-bounds write vulnerability. Successful exploitation of this vulnerability may result in malicious command execution at the remote end.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-40003

HwPCAssistant has a path traversal vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-40004

The cellular module has a vulnerability in permission management. Successful exploitation of this vulnerability may affect data confidentiality.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：3 | 回复：0
CVE-2021-40005

The distributed data service component has a vulnerability in data access control. Successful exploitation of this vulnerability may affect data confidentiality.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：3 | 回复：0
CVE-2021-40006

The fingerprint module has a security risk of brute force cracking. Successful exploitation of this vulnerability may affect data confidentiality.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：3 | 回复：0
CVE-2021-40009

There is an Out-of-bounds write vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：3 | 回复：0
CVE-2021-40010

The bone voice ID trusted application (TA) has a heap overflow vulnerability. Successful exploitation of this vulnerability may result in malicious code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:58 | 阅读：4 | 回复：0
CVE-2021-30272

Possible null pointer dereference in thread cache operation handler due to lack of validation of user provided input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consume ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：20 | 回复：0
CVE-2021-30273

Possible assertion due to improper handling of IPV6 packet with invalid length in destination options header in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：19 | 回复：0
CVE-2021-30274

Possible integer overflow in access control initialization interface due to lack and size and address validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IO ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：19 | 回复：0
CVE-2021-30275

Possible integer overflow in page alignment interface due to lack of address and size validation before alignment in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer I ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：13 | 回复：0
CVE-2021-30276

Improper access control while doing XPU re-configuration dynamically can lead to unauthorized access to a secure resource in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapd ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：20 | 回复：0
CVE-2021-30278

Improper input validation in TrustZone memory transfer interface can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：21 | 回复：0
CVE-2021-30279

Possible access control violation while setting current permission for VMIDs due to improper permission masking in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Indu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：16 | 回复：0
CVE-2021-30282

Possible out of bound write in RAM partition table due to improper validation on number of partitions provided in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：20 | 回复：0
CVE-2021-30283

Possible denial of service due to improper handling of debug register trap from user applications in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：17 | 回复：0
CVE-2021-30289

Possible buffer overflow due to lack of range check while processing a DIAG command for COEX management in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snap ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：16 | 回复：0
CVE-2021-30293

Possible assertion due to lack of input validation in PUSCH configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：6 | 回复：0
CVE-2021-30298

Possible out of bound access due to improper validation of item size and DIAG memory pools data while switching between USB and PCIE interface in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon I ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：9 | 回复：0