CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-34379

Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 10 is missing. The length of an I/O buffer parameter is not checked, which might lead to memory corruption.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：26 | 回复：0
CVE-2021-34380

Bootloader contains a vulnerability in NVIDIA MB2 where potential heap overflow might cause corruption of the heap metadata, which might lead to arbitrary code execution, denial of service, and inform ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：25 | 回复：0
CVE-2021-34381

Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow on the size parameter of the tz_map_shared_mem function, whi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：23 | 回复：0
CVE-2021-34382

Trusty TLK contains a vulnerability in the NVIDIA TLK kernelâ€™s tz_map_shared_mem function where an integer overflow on the size parameter causes the request buffer and the logging buffer to overf ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：39 | 回复：0
CVE-2021-34383

Bootloader contains a vulnerability in NVIDIA MB2 where a potential heap overflow might lead to denial of service or escalation of privileges.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：26 | 回复：0
CVE-2021-34384

Bootloader contains a vulnerability in NVIDIA MB2 where a potential heap overflow could cause memory corruption, which might lead to denial of service or code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：33 | 回复：0
CVE-2021-34385

Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the calculation of a length could lead to a heap overflow.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：32 | 回复：0
CVE-2021-25951

XXE vulnerability in 'XML2Dict' version 0.2.2 allows an attacker to cause a denial of service.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：31 | 回复：0
CVE-2021-27902

An issue was discovered in Craft CMS before 3.6.0. In some circumstances, a potential XSS vulnerability existed in connection with front-end forms that accepted user uploads.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：36 | 回复：0
CVE-2021-27903

An issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes (if an attacker ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：23 | 回复：0
CVE-2021-35956

Stored cross-site scripting (XSS) in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote authenticated attackers to introduce arbitrary JavaScript via the Sensor Descriptio ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：45 | 回复：0
CVE-2021-28993

Plixer Scrutinizer 19.0.2 is affected by: SQL Injection. The impact is: obtain sensitive information (remote).……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：33 | 回复：0
CVE-2021-20107

There exists an unauthenticated BLE Interface in Sloan SmartFaucets including Optima EAF, Optima ETF/EBF, BASYS EFX, and Flushometers including SOLIS. The vulnerability allows for unauthenticated kine ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：38 | 回复：0
CVE-2021-20461

IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting. An attacker could potentially bypass business logic to modify the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：42 | 回复：0
CVE-2021-22326

A component of the HarmonyOS has a Privilege Dropping / Lowering Errors vulnerability. Local attackers may exploit this vulnerability to obtain Kernel space read/write capability.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：32 | 回复：0
CVE-2021-22370

There is a Credentials Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：29 | 回复：0
CVE-2021-22372

There is a Security Features Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：36 | 回复：0
CVE-2021-22375

There is a Key Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality,availability and integrity.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：30 | 回复：0
CVE-2021-22376

A component of the HarmonyOS has a Improper Privilege Management vulnerability. Local attackers may exploit this vulnerability to bypass user restrictions.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：34 | 回复：0
CVE-2021-22380

There is a Cleartext Transmission of Sensitive Information Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality and availability.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：29 | 回复：0
CVE-2021-3630

An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. This flaw affects DjVuLib ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：35 | 回复：0
CVE-2021-22323

There is an Integer Overflow Vulnerability in Huawei Smartphone. Successful exploitation of these vulnerabilities may escalate the permission to that of the root user.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：36 | 回复：0
CVE-2021-22369

There is a Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability in Huawei Smartphone. Successful exploitation of these vulnerabilities may escalate the permission to that of the root user.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：45 | 回复：0
CVE-2021-22371

There is an Improper Permission Management Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：33 | 回复：0
CVE-2021-22373

There is a Defects Introduced in the Design Process Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service integrity and availability.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：32 | 回复：0
CVE-2021-22374

There is an Improper Validation of Array Index Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause stability risks.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：36 | 回复：0
CVE-2021-35970

Talk 4 in Coral before 4.12.1 allows remote attackers to discover e-mail addresses and other sensitive information via GraphQL because permission checks use an incorrect data type.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：52 | 回复：0
CVE-2021-35971

Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 before 11.0.0.837 P20210507 mishandles deserialization during Microsoft .NET remoting.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：27 | 回复：0
CVE-2021-35973

NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/mini_httpd, allowing an unauthenticated attacker to invoke any action by adding the currentse ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：45 | 回复：0
CVE-2021-21670

Jenkins 2.299 and earlier, LTS 2.289.1 and earlier allows users to cancel queue items and abort builds of jobs for which they have Item/Cancel permission even when they do not have Item/Read permissio ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：23 | 回复：0
CVE-2021-21671

Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the previous session on login.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：20 | 回复：0
CVE-2021-21672

Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：32 | 回复：0
CVE-2021-21673

Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：23 | 回复：0
CVE-2021-21674

A missing permission check in Jenkins requests-plugin Plugin 2.2.6 and earlier allows attackers with Overall/Read permission to view the list of pending requests.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：36 | 回复：0
CVE-2021-21675

A cross-site request forgery (CSRF) vulnerability in Jenkins requests-plugin Plugin 2.2.12 and earlier allows attackers to create requests and/or have administrators apply pending requests.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：33 | 回复：0
CVE-2021-21676

Jenkins requests-plugin Plugin 2.2.7 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to send test emails to an attacker-specified e ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：42 | 回复：0
CVE-2021-22353

There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause the kernel to restart.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：46 | 回复：0
CVE-2021-22354

There is an Information Disclosure Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause out-of-bounds read.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：28 | 回复：0
CVE-2021-22367

There is a Key Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may lead to authentication bypass.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：30 | 回复：0
CVE-2021-22368

There is a Permission Control Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect normal use of the device.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：43 | 回复：0