CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-42847

Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：44 | 回复：0
CVE-2021-43397

LiquidFiles before 3.6.3 allows remote attackers to elevate their privileges from Admin (or User Admin) to Sysadmin.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：32 | 回复：0
CVE-2021-25980

In Talkyard, versions v0.04.01 through v0.6.74-WIP-63220cb, v0.2020.22-WIP-b2e97fe0e through v0.2021.02-WIP-879ef3fe1 and tyse-v0.2021.02-879ef3fe1-regular through tyse-v0.2021.28-af66b6905-regular, a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：19 | 回复：0
CVE-2021-26558

Deserialization of Untrusted Data vulnerability of Apache ShardingSphere-UI allows an attacker to inject outer link resources. This issue affects Apache ShardingSphere-UI Apache ShardingSphere-UI vers ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：14 | 回复：0
CVE-2021-43350

An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LD ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：23 | 回复：0
CVE-2002-20001

The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-expo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：46 | 回复：0
CVE-2021-3907

OctoRPKI does not escape a URI with a filename containing .., this allows a repository to create a file, (ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa), which would then be written to di ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：20 | 回复：0
CVE-2021-3908

OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：25 | 回复：0
CVE-2021-3909

OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. Specifically, the repository that OctoRPKI sends HTTP requests ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：20 | 回复：0
CVE-2021-3910

OctoRPKI crashes when encountering a repository that returns an invalid ROA (just an encoded NUL (\0) character).……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：34 | 回复：0
CVE-2021-3911

If the ROA that a repository returns contains too many bits for the IP address then OctoRPKI will crash.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：18 | 回复：0
CVE-2021-3912

OctoRPKI tries to load the entire contents of a repository in memory, and in the case of a GZIP bomb, unzip it in memory, making it possible to create a repository that makes OctoRPKI run out of memor ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：15 | 回复：0
CVE-2021-34417

The network proxy page on the web portal for the Zoom On-Premise Meeting Connector Controller before version 4.6.365.20210703, Zoom On-Premise Meeting Connector MMR before version 4.6.365.20210703, Zo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：15 | 回复：0
CVE-2021-34418

The login routine of the web console in the Zoom On-Premise Meeting Connector before version 4.6.239.20200613, Zoom On-Premise Meeting Connector MMR before version 4.6.239.20200613, Zoom On-Premise Re ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：18 | 回复：0
CVE-2021-34419

In the Zoom Client for Meetings for Ubuntu Linux before version 5.1.0, there is an HTML injection flaw when sending a remote control request to a user in the process of in-meeting screen sharing. This ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：11 | 回复：0
CVE-2021-34420

The Zoom Client for Meetings for Windows installer before version 5.5.4 does not properly verify the signature of files with .msi, .ps1, and .bat extensions. This could lead to a malicious actor insta ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：20 | 回复：0
CVE-2021-34421

The Keybase Client for Android before version 5.8.0 and the Keybase Client for iOS before version 5.8.0 fails to properly remove exploded messages initiated by a user if the receiving user places the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：17 | 回复：0
CVE-2021-34422

The Keybase Client for Windows before version 5.7.0 contains a path traversal vulnerability when checking the name of a file uploaded to a team folder. A malicious user could upload a file to a shared ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：28 | 回复：0
CVE-2021-37910

ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users' conne ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：23 | 回复：0
CVE-2021-42773

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, could allow a user to retrieve an arbitrary file from a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：21 | 回复：0
CVE-2021-42774

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote firmw ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：22 | 回复：0
CVE-2021-42775

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a vulnerability in the remote firmware download fea ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：16 | 回复：0
CVE-2021-1903

Possible denial of service scenario can occur due to lack of length check on Channel Switch Announcement IE in beacon or probe response frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connect ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：23 | 回复：0
CVE-2021-1912

Possible integer overflow can occur due to improper length check while calculating count and grace period in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Sn ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：21 | 回复：0
CVE-2021-1921

Possible memory corruption due to Improper handling of hypervisor unmap operations for concurrent memory operations in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：15 | 回复：0
CVE-2021-1924

Information disclosure through timing and power side-channels during mod exponentiation for RSA-CRT in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Con ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：13 | 回复：0
CVE-2021-1973

A FTM Diag command can allow an arbitrary write into modem OS space in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：18 | 回复：0
CVE-2021-1975

Possible heap overflow due to improper length check of domain while parsing the DNS response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Indust ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：22 | 回复：0
CVE-2021-1979

Possible buffer overflow due to improper validation of FTM command payload in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdrag ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：11 | 回复：0
CVE-2021-1981

Possible buffer over read due to improper IE size check of Bearer capability IE in MT setup request from network in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IO ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：24 | 回复：0
CVE-2021-1982

Possible denial of service scenario due to improper input validation of received NAS OTA message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon In ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：41 | 回复：0
CVE-2021-30254

Possible buffer overflow due to improper input validation in factory calibration and test DIAG command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdra ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：24 | 回复：0
CVE-2021-30255

Possible buffer overflow due to improper input validation in PDM DIAG command in FTM in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：31 | 回复：0
CVE-2021-30259

Possible out of bound access due to improper validation of function table entries in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, S ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：18 | 回复：0
CVE-2021-30263

Possible race condition can occur due to lack of synchronization mechanism when On-Device Logging node open twice concurrently in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snap ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：25 | 回复：0
CVE-2021-30264

Possible use after free due improper validation of reference from call back to internal store table in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Sna ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：25 | 回复：0
CVE-2021-30265

Possible memory corruption due to improper validation of memory address while processing user-space IOCTL for clearing Filter and Route statistics in Snapdragon Auto, Snapdragon Compute, Snapdragon Co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：25 | 回复：0
CVE-2021-30266

Possible use after free due to improper memory validation when initializing new interface via Interface add command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：38 | 回复：0
CVE-2021-30284

Possible information exposure and denial of service due to NAS not dropping messages when integrity check fails in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：26 | 回复：0
CVE-2021-30321

Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：40 | 回复：0