CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-30303

Possible buffer overflow due to lack of buffer length check when segmented WMI command is received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Conn ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：9 | 回复：0
CVE-2021-30335

Possible assertion in QOS request due to improper validation when multiple add or update request are received simultaneously in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：17 | 回复：0
CVE-2021-30336

Possible out of bound read due to lack of domain input validation while processing APK close session request in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：11 | 回复：0
CVE-2021-30337

Possible use after free when process shell memory is freed using IOCTL call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consum ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：11 | 回复：0
CVE-2021-30348

Improper validation of LLM utility timers availability can lead to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snap ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：11 | 回复：0
CVE-2021-30351

An out of bound memory access can occur due to improper validation of number of frames being passed during music playback in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：10 | 回复：0
CVE-2021-35093

Possible memory corruption in BT controller when it receives an oversized LMP packet over 2-DH1 link and leads to denial of service in BlueCore……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：8 | 回复：0
CVE-2021-44158

ASUS RT-AX56U Wi-Fi Router is vulnerable to stack-based buffer overflow due to improper validation for httpd parameter length. An authenticated local area network attacker can launch arbitrary code ex ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：6 | 回复：0
CVE-2021-45916

The programming function of Shockwall system has an improper input validation vulnerability. An authenticated attacker within the local area network can send malicious response to the server to disrup ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：10 | 回复：0
CVE-2021-45917

The server-request receiver function of Shockwall system has an improper authentication vulnerability. An authenticated attacker of an agent computer within the local area network can use the local re ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：10 | 回复：0
CVE-2021-24680

The WP Travel Engine WordPress plugin before 5.3.1 does not escape the Description field in the Trip Destination/Activities/Trip Type and Pricing Category pages, allowing users with a role as low as e ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：6 | 回复：0
CVE-2021-24786

The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the orderby GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：4 | 回复：0
CVE-2021-24828

The Mortgage Calculator / Loan Calculator WordPress plugin before 1.5.17 does not escape the some of the attributes of its mlcalc shortcode before outputting them, which could allow users with a role ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：4 | 回复：0
CVE-2021-24831

All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：5 | 回复：0
CVE-2021-24893

The Stars Rating WordPress plugin before 3.5.1 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the comments section, or pending comment dash ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：4 | 回复：0
CVE-2021-24963

The LiteSpeed Cache WordPress plugin before 4.4.4 does not escape the qc_res parameter before outputting it back in the JS code of an admin page, leading to a Reflected Cross-Site Scripting……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：4 | 回复：0
CVE-2021-24964

The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using a specifi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：4 | 回复：0
CVE-2021-24973

The Site Reviews WordPress plugin before 5.17.3 does not sanitise and escape the site-reviews parameter of the glsr_action AJAX action (available to unauthenticated and any authenticated users), allow ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：4 | 回复：0
CVE-2021-24991

The WooCommerce PDF Invoices Packing Slips WordPress plugin before 2.10.5 does not escape the tab and section parameters before outputting it back in an attribute, leading to a Reflected Cross-Site S ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：4 | 回复：0
CVE-2021-24999

The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_notice parameter before outputting it back in the admin dashboard when the Pdf Invoicing module is enable ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：4 | 回复：0
CVE-2021-25000

The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_delete_role parameter before outputting back in the admin dashboard when the General module is enabled, l ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：4 | 回复：0
CVE-2021-25001

The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_create_products_xml_result parameter before outputting back in the admin dashboard when the Product XML F ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：4 | 回复：0
CVE-2021-25016

The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Refle ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：5 | 回复：0
CVE-2021-25020

The CAOS | Host Google Analytics Locally WordPress plugin before 4.1.9 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：4 | 回复：0
CVE-2021-25021

The OMGF | Host Google Fonts Locally WordPress plugin before 4.5.12 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary fol ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：5 | 回复：0
CVE-2021-25022

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape the backup_timestamp and job_id parameter before outputting then back in admin pages, leading to Re ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：4 | 回复：0
CVE-2021-25023

The Speed Booster Pack âš¡ PageSpeed Optimization Suite WordPress plugin before 4.3.3.1 does not escape the sbp_convert_table_name parameter before using it in a SQL statement to convert the relate ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：5 | 回复：0
CVE-2021-25027

The PowerPack Addons for Elementor WordPress plugin before 2.6.2 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site S ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：5 | 回复：0
CVE-2021-25030

The Events Made Easy WordPress plugin before 2.2.36 does not sanitise and escape the search_text parameter before using it in a SQL statement via the eme_searchmail AJAX action, available to any authe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：4 | 回复：0
CVE-2021-25040

The Booking Calendar WordPress plugin before 8.9.2 does not sanitise and escape the booking_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：5 | 回复：0
CVE-2021-44674

An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. The vulnerability allows an authenticated attacker to read file outside of the restricted directory.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：4 | 回复：0
CVE-2021-45428

TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：4 | 回复：0
CVE-2021-3837

openwhyd is vulnerable to Improper Authorization……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：4 | 回复：0
CVE-2021-46109

Invalid input sanitizing leads to reflected Cross Site Scripting (XSS) in ASUS RT-AC52U_B1 3.0.0.4.380.10931 can lead to a user session hijack.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：4 | 回复：0
CVE-2021-45817

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-11689. Reason: This candidate is a duplicate of CVE-2018-11689. Notes: All CVE users should reference CVE-2018-11689 instead of this ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：5 | 回复：0
CVE-2020-23026

A NULL pointer dereference in the main() function dhry_1.c of dhrystone 2.1 causes a denial of service (DoS).……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：4 | 回复：0
CVE-2021-20147

ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote attacker to determine ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：5 | 回复：0
CVE-2021-20148

ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. When ADSSP is configured ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：5 | 回复：0
CVE-2021-37098

Hilinksvc service exists a Data Processing Errors vulnerability .Successful exploitation of this vulnerability may cause application crash.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：5 | 回复：0
CVE-2021-37110

There is a Timing design defects in Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:57 | 阅读：4 | 回复：0