CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2020-20217

Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/route process. An authenticated remote attacker can cause a Denial of Servi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：14 | 回复：0
CVE-2020-28598

An out-of-bounds write vulnerability exists in the Admesh stl_fix_normal_directions() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted AMF file can ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：9 | 回复：0
CVE-2021-21779

A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：11 | 回复：0
CVE-2021-21793

An out-of-bounds write vulnerability exists in the JPG sof_nb_comp header processing functionality of Accusoft ImageGear 19.8 and 19.9. A specially crafted malformed file can lead to memory corruption ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：33 | 回复：0
CVE-2021-21794

An out-of-bounds write vulnerability exists in the TIF bits_per_sample processing functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to memory corruption. An attacke ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：19 | 回复：0
CVE-2021-21806

An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：13 | 回复：0
CVE-2021-34110

WinWaste.NET version 1.0.6183.16475 has incorrect permissions, allowing a local unprivileged user to replace the executable with a malicious file that will be executed with LocalSystem privileges.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：9 | 回复：0
CVE-2021-25426

Improper component protection vulnerability in SmsViewerActivity of Samsung Message prior to SMR July-2021 Release 1 allows untrusted applications to access Message files.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：29 | 回复：0
CVE-2021-25427

SQL injection vulnerability in Bluetooth prior to SMR July-2021 Release 1 allows unauthorized access to paired device information……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：16 | 回复：0
CVE-2021-25428

Improper validation check vulnerability in PackageManager prior to SMR July-2021 Release 1 allows untrusted applications to get dangerous level permission without user confirmation in limited circumst ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：26 | 回复：0
CVE-2021-25429

Improper privilege management vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：11 | 回复：0
CVE-2021-25430

Improper access control vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：15 | 回复：0
CVE-2021-25431

Improper access control vulnerability in Cameralyzer prior to versions 3.2.1041 in 3.2.x, 3.3.1040 in 3.3.x, and 3.4.4210 in 3.4.x allows untrusted applications to access some functions of Cameralyzer ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：24 | 回复：0
CVE-2021-25432

Information exposure vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to access chat da ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：29 | 回复：0
CVE-2021-25433

Improper authorization vulnerability in Tizen factory reset policy prior to Firmware update JUL-2021 Release allows untrusted applications to perform factory reset using dbus signal.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：25 | 回复：0
CVE-2021-25434

Improper input validation vulnerability in Tizen bootloader prior to Firmware update JUL-2021 Release allows arbitrary code execution using param partition in wireless firmware download mode.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：24 | 回复：0
CVE-2021-25435

Improper input validation vulnerability in Tizen bootloader prior to Firmware update JUL-2021 Release allows arbitrary code execution using recovery partition in wireless firmware download mode.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：17 | 回复：0
CVE-2021-25436

Improper input validation vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Release allows arbitrary code execution via Samsung Accessory Protocol.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：20 | 回复：0
CVE-2021-25437

Improper access control vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Release allows attackers to arbitrary code execution by replacing FOTA update file.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：18 | 回复：0
CVE-2021-20752

Cross-site scripting vulnerability in IkaIka RSS Reader all versions allows a remote attacker to inject an arbitrary script via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：19 | 回复：0
CVE-2021-20778

Improper access control vulnerability in EC-CUBE 4.0.6 (EC-CUBE 4 series) allows a remote attacker to bypass access restriction and obtain sensitive information via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：5 | 回复：0
CVE-2021-22347

There is an Improper Access Control vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause temporary DoS.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：7 | 回复：0
CVE-2020-9158

There is a Missing Cryptographic Step vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause DoS of Samgr.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：10 | 回复：0
CVE-2021-22343

There is a Configuration Defect vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service integrity and availability.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：9 | 回复：0
CVE-2021-22344

There is an Improper Access Control vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause temporary DoS.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：18 | 回复：0
CVE-2021-31813

Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：13 | 回复：0
CVE-2021-27477

When JTEKT Corporation TOYOPUC PLC versions PC10G-CPU, 2PORT-EFR, Plus CPU, Plus EX, Plus EX2, Plus EFR, Plus EFR2, Plus 2P-EFR, PC10P-DP, PC10P-DP-IO, Plus BUS-EX, Nano 10GX, Nano 2ET,PC10PE, PC10PE- ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：15 | 回复：0
CVE-2021-35336

Tieline IP Audio Gateway 2.6.4.8 and below is affected by Incorrect Access Control. A vulnerability in the Tieline Web Administrative Interface could allow an unauthenticated user to access a sensitiv ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：6 | 回复：0
CVE-2021-27660

An insecure client auto update feature in C-CURE 9000 can allow remote execution of lower privileged Windows programs.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：8 | 回复：0
CVE-2021-27661

Successful exploitation of this vulnerability could give an authenticated Facility Explorer SNC Series Supervisory Controller (F4-SNC) user an unintended level of access to the controller’s file syst ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：8 | 回复：0
CVE-2021-35337

Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR). Any attacker will be able to see the invoices of different users by changing the id par ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：18 | 回复：0
CVE-2021-28127

An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can occur.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：21 | 回复：0
CVE-2021-28423

Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 allow remote authenticated users to execute arbitrary SQL commands via the 'editid' GET parameter in edit-subjec ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：11 | 回复：0
CVE-2021-28424

A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the 'email' POST paramet ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：16 | 回复：0
CVE-2020-27361

An issue exists within Akkadian Provisioning Manager 4.50.02 which allows attackers to view sensitive information within the /pme subdirectories.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：6 | 回复：0
CVE-2020-27362

An issue exists within the SSH console of Akkadian Provisioning Manager 4.50.02 which allows a low-level privileged user to escape the web configuration file editor and escalate privileges.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：8 | 回复：0
CVE-2020-4902

IBM Datacap Taskmaster Capture (IBM Datacap Navigator 9.1.7) is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：13 | 回复：0
CVE-2020-4935

IBM Datacap Fastdoc Capture (IBM Datacap Navigator 9.1.7 ) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the int ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：10 | 回复：0
CVE-2021-32729

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A vulnerability exists in versions prior to 12.6.88, 12.10.4, and 13.0. The script service meth ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：13 | 回复：0
CVE-2021-32730

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A cross-site request forgery vulnerability exists in versions prior to 12.10.5, and in versions ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:21 | 阅读：12 | 回复：0