CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2020-11259

Memory corruption due to lack of validation of pointer arguments passed to Trustzone BSP in Snapdragon Wired Infrastructure and Networking……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：14 | 回复：0
CVE-2020-11260

An improper free of uninitialized memory can occur in DIAG services in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：25 | 回复：0
CVE-2020-11261

Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Cons ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：21 | 回复：0
CVE-2020-11262

A race between command submission and destroying the context can cause an invalid context being added to the list leads to use after free issue. in Snapdragon Auto, Snapdragon Compute, Snapdragon Conn ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：15 | 回复：0
CVE-2020-11265

Information disclosure issue due to lack of validation of pointer arguments passed to TZ BSP in Snapdragon Wired Infrastructure and Networking……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：19 | 回复：0
CVE-2020-11266

Image address is dereferenced before validating its range which can cause potential QSEE information leakage in Snapdragon Wired Infrastructure and Networking……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：28 | 回复：0
CVE-2020-11176

While processing server certificate from IPSec server, certificate validation for subject alternative name API can cause heap overflow which can lead to memory corruption in Snapdragon Auto, Snapdrago ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：29 | 回复：0
CVE-2020-11267

Stack out-of-bounds write occurs while setting up a cipher device if the provided IV length exceeds the max limit value in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Cons ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：21 | 回复：0
CVE-2021-29610

TensorFlow is an end-to-end open source platform for machine learning. The validation in `tf.raw_ops.QuantizeAndDequantizeV2` allows invalid values for `axis` argument:. The validation(https://github. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：16 | 回复：0
CVE-2021-29611

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `SparseReshape` results in a denial of service based on a `CHECK`-failure. The implementation(https://gi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：20 | 回复：0
CVE-2021-29612

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a heap buffer overflow in Eigen implementation of `tf.raw_ops.BandedTriangularSolve`. The implementation( ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：14 | 回复：0
CVE-2021-29613

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `tf.raw_ops.CTCLoss` allows an attacker to trigger an OOB read from heap. The fix will be included in Te ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：10 | 回复：0
CVE-2021-29614

TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.io.decode_raw` produces incorrect results and crashes the Python interpreter when combining `fixed_leng ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：10 | 回复：0
CVE-2021-29615

TensorFlow is an end-to-end open source platform for machine learning. The implementation of `ParseAttrValue`(https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/ten ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：14 | 回复：0
CVE-2021-29616

TensorFlow is an end-to-end open source platform for machine learning. The implementation of TrySimplify(https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorfl ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：27 | 回复：0
CVE-2021-29617

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via `CHECK`-fail in `tf.strings.substr` with invalid arguments. The fix will be include ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：13 | 回复：0
CVE-2021-29618

TensorFlow is an end-to-end open source platform for machine learning. Passing a complex argument to `tf.transpose` at the same time as passing `conjugate=True` argument results in a crash. The fix wi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：15 | 回复：0
CVE-2021-29619

TensorFlow is an end-to-end open source platform for machine learning. Passing invalid arguments (e.g., discovered via fuzzing) to `tf.raw_ops.SparseCountSparseOutput` results in segfault. The fix wil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：9 | 回复：0
CVE-2021-3537

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：14 | 回复：0
CVE-2020-24119

A heap buffer overflow read was discovered in upx 4.0.0, because the check in p_lx_elf.cpp is not perfect.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：8 | 回复：0
CVE-2020-27833

A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：12 | 回复：0
CVE-2021-22866

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：10 | 回复：0
CVE-2021-27737

Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on the experimental Slicer plugin.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：6 | 回复：0
CVE-2021-32054

Firely/Incendi Spark before 1.5.5-r4 lacks Content-Disposition headers in certain situations, which may cause crafted files to be delivered to clients such that they are rendered directly in a victim ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：8 | 回复：0
CVE-2021-3402

An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure vi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：11 | 回复：0
CVE-2019-25044

The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：12 | 回复：0
CVE-2021-33033

The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：11 | 回复：0
CVE-2021-33034

In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：24 | 回复：0
CVE-2020-16632

A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：10 | 回复：0
CVE-2021-32073

DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：16 | 回复：0
CVE-2021-22668

Delta Industrial Automation CNCSoft ScreenEditor Versions 1.01.28 (with ScreenEditor Version 1.01.2) and prior are vulnerable to an out-of-bounds read while processing project files, which may allow a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：5 | 回复：0
CVE-2021-29039

Cross-site scripting (XSS) vulnerability in the Asset module's categories administration page in Liferay Portal 7.3.4 allows remote attackers to inject arbitrary web script or HTML via the site na ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：6 | 回复：0
CVE-2021-29040

The JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 20 and 7.2 before fix pack 10 may provide overly verbose error messages, which al ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：5 | 回复：0
CVE-2021-29041

Denial-of-service (DoS) vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by (1 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：12 | 回复：0
CVE-2021-29047

The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack 1 does not invalidate CAPTCHA answers after it is used, which allows remote attackers to repeatedly ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：17 | 回复：0
CVE-2021-29043

The Portal Store module in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 does not obfuscate the S ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：13 | 回复：0
CVE-2021-29044

Cross-site scripting (XSS) vulnerability in the Site module's membership request administration pages in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：26 | 回复：0
CVE-2021-29045

Cross-site scripting (XSS) vulnerability in the Redirect module's redirection administration page in Liferay Portal 7.3.2 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 allows remote attacke ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：36 | 回复：0
CVE-2021-29046

Cross-site scripting (XSS) vulnerability in the Asset module's category selector input field in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1, allows remote attackers to inject arbitr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：16 | 回复：0
CVE-2021-29053

Multiple SQL injection vulnerabilities in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1 allow remote authenticated users to execute arbitrary SQL commands via the classPKField parameter t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:44 | 阅读：29 | 回复：0