CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-32460

The Trend Micro Maximum Security 2021 (v17) consumer product is vulnerable to an improper access control vulnerability in the installer which could allow a local attacker to escalate privileges on a t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：31 | 回复：0
CVE-2020-28469

This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：20 | 回复：0
CVE-2021-22308

There is a Business Logic Errors vulnerability in Huawei Smartphone. The malicious apps installed on the device can keep taking screenshots in the background. This issue does not cause system errors, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：24 | 回复：0
CVE-2021-22313

There is a Security Function vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may impair data confidentiality.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：25 | 回复：0
CVE-2021-22316

There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone. Attackers with physical access to the device can thereby exploit this vulnerability. A successful exploitati ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：17 | 回复：0
CVE-2021-22317

There is an Information Disclosure vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may impair data confidentiality.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：27 | 回复：0
CVE-2021-22322

There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may impair data confidentiality.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：19 | 回复：0
CVE-2021-22324

There is a Credentials Management Errors vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may impair data confidentiality.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：38 | 回复：0
CVE-2021-22325

There is an Information Disclosure vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may result in video streams being intercepted during transmission.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：20 | 回复：0
CVE-2021-22336

There is an Improper Control of Generation of Code vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause denial of security services on a rooted device.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：23 | 回复：0
CVE-2021-32660

Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In versions of `@backstage/tehdocs-common` prior to 0.6. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：38 | 回复：0
CVE-2021-33815

dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_count is not strictly checked.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：30 | 回复：0
CVE-2021-32661

Backstage is an open platform for building developer portals. In versions of Backstage's Techdocs Plugin (`@backstage/plugin-techdocs`) prior to 0.9.5, a malicious internal actor can potentially u ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：33 | 回复：0
CVE-2019-14584

Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：28 | 回复：0
CVE-2021-22333

There is an Improper Validation of Array Index vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause code to execute, thus obtaining system permissions.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：29 | 回复：0
CVE-2021-22334

There is an Improper Access Control vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause app redirections.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：23 | 回复：0
CVE-2021-22335

There is a Memory Buffer Improper Operation Limit vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause exceptions in image processing.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：32 | 回复：0
CVE-2021-22337

There is an Information Disclosure vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause leaking of user click data.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：24 | 回复：0
CVE-2021-25947

Prototype pollution vulnerability in 'nestie' versions 0.0.0 through 1.0.0 allows an attacker to cause a denial of service and may lead to remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：26 | 回复：0
CVE-2021-3469

Foreman versions before 2.3.4 and before 2.4.0 is affected by an improper authorization handling flaw. An authenticated attacker can impersonate the foreman-proxy if product enable the Puppet Certific ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：36 | 回复：0
CVE-2020-35970

An issue was discovered in YzmCMS 5.8. There is a SSRF vulnerability in the background collection management that allows arbitrary file read.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：29 | 回复：0
CVE-2020-35971

A storage XSS vulnerability is found in YzmCMS v5.8, which can be used by attackers to inject JS code and attack malicious XSS on the /admin/system_manage/user_config_edit.html page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：32 | 回复：0
CVE-2020-35972

An issue was discovered in YzmCMS V5.8. There is a CSRF vulnerability that can add member user accounts via member/member/add.html.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：45 | 回复：0
CVE-2020-35973

An issue was discovered in zzcms2020. There is a XSS vulnerability that can insert and execute JS code arbitrarily via /user/manage.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：34 | 回复：0
CVE-2021-32665

wire-ios is the iOS version of Wire, an open-source secure messaging app. wire-ios versions 3.8.0 and earlier have a bug in which a conversation could be incorrectly set to unverified. This occurs whe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：37 | 回复：0
CVE-2021-32662

Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In `@backstage/techdocs-common` versions prior to 0.6.3, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：29 | 回复：0
CVE-2021-32666

wire-ios is the iOS version of Wire, an open-source secure messaging app. In wire-ios versions 3.8.0 and prior, a vulnerability exists that can cause a denial of service between users. If a user has a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：42 | 回复：0
CVE-2020-36004

AppCMS 2.0.101 in /admin/download_frame.php has a SQL injection vulnerability which allows attackers to obtain sensitive database information.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：24 | 回复：0
CVE-2020-36005

AppCMS 2.0.101 in /admin/app.php has an arbitrary file deletion vulnerability which allows attackers to delete arbitrary files on the site.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：31 | 回复：0
CVE-2020-36006

AppCMS 2.0.101 in /admin/info.php has an arbitrary file deletion vulnerability which allows attackers to delete arbitrary files on the site.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：38 | 回复：0
CVE-2020-36007

AppCMS 2.0.101 in /admin/template/tpl_app.php has a cross site scripting attack vulnerability which allows the attacker to obtain sensitive information of other users.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：25 | 回复：0
CVE-2020-36008

OBottle 2.0 in \c\t.php contains an arbitrary file write vulnerability.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：31 | 回复：0
CVE-2020-36009

OBottle 2.0 in \c\g.php contains an arbitrary file download vulnerability.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：28 | 回复：0
CVE-2021-33838

Luca through 1.7.4 on Android allows remote attackers to obtain sensitive information about COVID-19 tracking because requests related to Check-In State occur shortly after requests for Phone Number R ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：29 | 回复：0
CVE-2021-33839

Luca through 1.7.4 on Android allows remote attackers to obtain sensitive information about COVID-19 tracking because the QR code of a Public Location can be intentionally confused with the QR code of ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：32 | 回复：0
CVE-2021-33840

The server in Luca through 1.1.14 allows remote attackers to cause a denial of service (insertion of many fake records related to COVID-19) because Phone Number data lacks a digital signature.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：43 | 回复：0
CVE-2021-3489

The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：35 | 回复：0
CVE-2021-3490

The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kerne ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：28 | 回复：0
CVE-2021-3491

The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be bypassed in the PROVIDE_BUFFERS operation, which led to negative values being usedin mem_rw when reading /proc/PID/mem. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：24 | 回复：0
CVE-2020-15077

OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be use ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:42 | 阅读：22 | 回复：0