CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-34372

Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver contains a vulnerability in the NVIDIA OTE protocol message parsing code where an integer overflow in a malloc() size calculation l ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：11 | 回复：0
CVE-2021-34390

Trusty contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow through a specific SMC call that is triggered by the user, which ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：31 | 回复：0
CVE-2021-34391

Trusty contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow through a specific SMC call that is triggered by the user, which ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：23 | 回复：0
CVE-2021-34392

Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the tz_map_shared_mem function can bypass boundary checks, which might lead to denial of service.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：24 | 回复：0
CVE-2021-34393

Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deser ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：20 | 回复：0
CVE-2021-34394

Trusty contains a vulnerability in the NVIDIA OTE protocol that is present in all TAs. An incorrect message stream deserialization allows an attacker to use the malicious CA that is run by the user to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：9 | 回复：0
CVE-2021-34395

Trusty TLK contains a vulnerability in its access permission settings where it does not properly restrict access to a resource from a user with local privileges, which might lead to limited informatio ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：9 | 回复：0
CVE-2021-34396

Bootloader contains a vulnerability in access permission settings where unauthorized software may be able to overwrite NVIDIA MB2 code, which would result in limited denial of service.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：13 | 回复：0
CVE-2021-34397

Bootloader contains a vulnerability in NVIDIA MB2, which may cause free-the-wrong-heap, which may lead to limited denial of service.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：18 | 回复：0
CVE-2021-27649

Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：10 | 回复：0
CVE-2021-29084

Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：17 | 回复：0
CVE-2021-29085

Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) befo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：24 | 回复：0
CVE-2021-29086

Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive info ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：14 | 回复：0
CVE-2021-29087

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attack ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：20 | 回复：0
CVE-2021-35210

Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tl_log table that will be executed in the browser when the system ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：18 | 回复：0
CVE-2021-21998

VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, and 8.6 prior to 8.6.2 has an authentication bypass. A malicious actor with network access to the VMware Carbon Black App Control manageme ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：22 | 回复：0
CVE-2021-21999

VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103) contain a local privilege es ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：20 | 回复：0
CVE-2021-31585

Accellion Kiteworks before 7.3.1 allows a user with Admin privileges to escalate their privileges by generating SSH passwords that allow local access.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：17 | 回复：0
CVE-2021-31586

Accellion Kiteworks before 7.4.0 allows an authenticated user to perform SQL Injection via LDAPGroup Search.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：21 | 回复：0
CVE-2021-28976

Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：26 | 回复：0
CVE-2021-28977

Cross Site Scripting vulnerability in GetSimpleCMS 3.3.16 in admin/upload.php by adding comments or jpg and other file header information to the content of xla, pages, and gzip files,……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：27 | 回复：0
CVE-2011-0023

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：21 | 回复：0
CVE-2011-1177

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：23 | 回复：0
CVE-2011-1942

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：40 | 回复：0
CVE-2011-1955

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：23 | 回复：0
CVE-2011-2926

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：19 | 回复：0
CVE-2020-20389

Cross Site Scripting (XSS) vulnerability in GetSimpleCMS 3.4.0a in admin/edit.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：24 | 回复：0
CVE-2020-20391

Cross Site Scripting vulnerability in GetSimpleCMS 3.4.0a in admin/snippets.php via (1) Add Snippet and (2) Save snippets.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：20 | 回复：0
CVE-2020-20392

SQL Injection vulnerability in imcat v5.2 via the fm parameters in coms/add_coms.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：12 | 回复：0
CVE-2021-25950

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：22 | 回复：0
CVE-2021-35438

phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php of the IP calculator.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：21 | 回复：0
CVE-2021-33624

In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：22 | 回复：0
CVE-2021-3526

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：29 | 回复：0
CVE-2021-29620

Report portal is an open source reporting and analysis framework. Starting from version 3.1.0 of the service-api XML parsing was introduced. Unfortunately the XML parser was not configured properly to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：34 | 回复：0
CVE-2020-18657

Cross Site Scripting (XSS) vulnerability in GetSimpleCMS = 3.3.15 in admin/changedata.php via the redirect_url parameter and the headers_sent function.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：21 | 回复：0
CVE-2020-18658

Cross Site Scriptiong (XSS) vulnerability in GetSimpleCMS =3.3.15 via the timezone parameter to settings.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：22 | 回复：0
CVE-2020-18659

Cross Site Scripting vulnerability in GetSimpleCMS =3.3.15 via the (1) sitename, (2) username, and (3) email parameters to /admin/setup.php……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：19 | 回复：0
CVE-2020-23962

A cross site scripting (XSS) vulnerability in Catfish CMS 4.9.90 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the announcement_gonggao parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：22 | 回复：0
CVE-2020-18660

GetSimpleCMS =3.3.15 has an open redirect in admin/changedata.php via the redirect function to the url parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：18 | 回复：0
CVE-2021-20019

A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：19 | 回复：0