CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-33670

SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：48 | 回复：0
CVE-2021-33671

SAP NetWeaver Guided Procedures (Administration Workset), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for an authenticated user, resulting in escalat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：33 | 回复：0
CVE-2021-33676

A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to compromise confidentiality, integrity, or availability of the s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：29 | 回复：0
CVE-2021-33677

SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, 731, 804, 740, 750, 784, expose functions to external which can lead to information disclosure.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：39 | 回复：0
CVE-2021-33678

A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged att ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：40 | 回复：0
CVE-2021-33680

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which causes buffer overflow and causes the application to crash and becoming t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：27 | 回复：0
CVE-2021-33681

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which causes out of bounds write and causes the application to crash and becomi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：30 | 回复：0
CVE-2021-33682

SAP Lumira Server version 2.4 does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This would allow an attacker with basic level privileges to st ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：44 | 回复：0
CVE-2021-33683

SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRN ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：35 | 回复：0
CVE-2021-33684

SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：42 | 回复：0
CVE-2021-33687

SAP NetWeaver AS JAVA (Enterprise Portal), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 reveals sensitive information in one of their HTTP requests, an attacker can use this in conjunction with other ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：35 | 回复：0
CVE-2021-33689

When user with insufficient privileges tries to access any application in SAP NetWeaver Administrator (Administrator applications), version - 7.50, no security audit log is created. Therefore, securit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：28 | 回复：0
CVE-2021-35469

The Lexmark Printer Software G2, G3 and G4 Installation Packages have a local escalation of privilege vulnerability due to a registry entry that has an unquoted service path.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：28 | 回复：0
CVE-2021-24116

In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel an ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：30 | 回复：0
CVE-2021-24119

In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：34 | 回复：0
CVE-2019-11098

Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical acc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：33 | 回复：0
CVE-2020-0417

In setNiNotification of GpsNetInitiatedHandler.java, there is a possible permissions bypass due to an empty mutable PendingIntent. This could lead to local escalation of privilege with User execution ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：31 | 回复：0
CVE-2020-20231

Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability in the /nova/bin/detnet process. An authenticated remote attacker can cause a Denial of Service (NULL poi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：36 | 回复：0
CVE-2021-0144

Insecure default variable initialization for the Intel BSSA DFT feature may allow a privileged user to potentially enable an escalation of privilege via local access.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：33 | 回复：0
CVE-2021-0441

In onCreate of PermissionActivity.java, there is a possible permission bypass due to Confusing UI. This could lead to local escalation of privilege with no additional execution privileges needed. User ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：38 | 回复：0
CVE-2021-0486

In onPackageAddedInternal of PermissionManagerService.java, there is possible access to external storage due to a permissions bypass. This could lead to local escalation of privilege with User executi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：39 | 回复：0
CVE-2021-0514

In several functions of the V8 library, there is a possible use after free due to a race condition. This could lead to remote code execution in an unprivileged process with no additional execution pri ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：30 | 回复：0
CVE-2021-0515

In Factory::CreateStrictFunctionMap of factory.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：26 | 回复：0
CVE-2021-0518

In handleSendStatusChangeBroadcast of WifiDisplayAdapter.java, there is a possible leak of location-sensitive data due to a missing permission check. This could lead to local information disclosure wi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：29 | 回复：0
CVE-2021-0577

In flv extractor, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interacti ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：35 | 回复：0
CVE-2021-0585

In beginWrite and beginRead of MessageQueueBase.h, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution priv ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：41 | 回复：0
CVE-2021-0586

In onCreate of DevicePickerFragment.java, there is a possible way to trick the user to select an unwanted bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of pr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：33 | 回复：0
CVE-2021-0587

In StreamOut::prepareForWriting of StreamOut.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privile ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：50 | 回复：0
CVE-2021-0588

In processInboundMessage of MceStateMachine.java, there is a possible SMS disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution pri ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：28 | 回复：0
CVE-2021-0589

In BTM_TryAllocateSCN of btm_scn.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. U ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：31 | 回复：0
CVE-2021-0590

In sendNetworkConditionsBroadcast of NetworkMonitor.java, there is a possible way for a privileged app to receive WiFi BSSID and SSID without location permissions due to a missing permission check. Th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：26 | 回复：0
CVE-2021-0592

In various functions in WideVine, there are possible out of bounds writes due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. Use ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：29 | 回复：0
CVE-2021-0594

In onCreate of ConfirmConnectActivity, there is a possible remote bypass of user consent due to improper input validation. This could lead to remote (proximal, NFC) escalation of privilege allowing an ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：64 | 回复：0
CVE-2021-0596

In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over NFC with no additional e ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：53 | 回复：0
CVE-2021-0597

In notifyProfileAdded and notifyProfileRemoved of SipService.java, there is a possible way to retrieve SIP account names due to a missing permission check. This could lead to local information disclos ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：39 | 回复：0
CVE-2021-0599

In scheduleTimeoutLocked of NotificationRecord.java, there is a possible disclosure of a sensitive identifier via broadcasted intent due to a confused deputy. This could lead to local information disc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：45 | 回复：0
CVE-2021-0600

In onCreate of DeviceAdminAdd.java, there is a possible way to mislead a user to activate a device admin app due to improper input validation. This could lead to local escalation of privilege with no ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：32 | 回复：0
CVE-2021-0601

In encodeFrames of avc_enc_fuzzer.cpp, there is a possible out of bounds write due to a double free. This could lead to local information disclosure with no additional execution privileges needed. Use ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：36 | 回复：0
CVE-2021-0602

In onCreateOptionsMenu of WifiNetworkDetailsFragment.java, there is a possible way for guest users to view and modify Wi-Fi settings for all configured APs due to a permissions bypass. This could lead ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：34 | 回复：0
CVE-2021-0603

In onCreate of ContactSelectionActivity.java, there is a possible way to get access to contacts without permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：41 | 回复：0