CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-31205

Windows SMB Client Security Feature Bypass Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：15 | 回复：0
CVE-2021-31207

Microsoft Exchange Server Security Feature Bypass Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：15 | 回复：0
CVE-2021-31208

Windows Container Manager Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31165, CVE-2021-31167, CVE-2021-31168, CVE-2021-31169.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：14 | 回复：0
CVE-2021-31209

Microsoft Exchange Server Spoofing Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：18 | 回复：0
CVE-2021-31211

Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31214.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：13 | 回复：0
CVE-2021-31213

Visual Studio Code Remote Containers Extension Remote Code Execution Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：13 | 回复：0
CVE-2021-31214

Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31211.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：22 | 回复：0
CVE-2021-31936

Microsoft Accessibility Insights for Web Information Disclosure Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：35 | 回复：0
CVE-2020-24586

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecti ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：20 | 回复：0
CVE-2020-24587

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. A ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：21 | 回复：0
CVE-2020-24588

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authent ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：19 | 回复：0
CVE-2020-26139

An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：16 | 回复：0
CVE-2020-26140

An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abus ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：19 | 回复：0
CVE-2020-26141

An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An advers ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：14 | 回复：0
CVE-2020-26142

An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. An adversary can abuse this to inject arbitrary network packe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:41 | 阅读：20 | 回复：0
CVE-2021-23018

Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x before 3.4.0 namespace are using cleartext protocols inside the cluster.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：30 | 回复：0
CVE-2021-25932

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：15 | 回复：0
CVE-2021-27828

SQL injection in In4Suite ERP 3.2.74.1370 allows attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：26 | 回复：0
CVE-2021-23017

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process cras ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：15 | 回复：0
CVE-2021-23019

The NGINX Controller 2.0.0 thru 2.9.0 and 3.x before 3.15.0 Administrator password may be exposed in the systemd.txt file that is included in the NGINX support package.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：20 | 回复：0
CVE-2021-23020

The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictable keys.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：19 | 回复：0
CVE-2021-23021

The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：25 | 回复：0
CVE-2019-4471

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for a sensitive cookie in an HTTPS session. A remote atta ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：21 | 回复：0
CVE-2019-4653

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pote ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：30 | 回复：0
CVE-2019-4722

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information via a stack trace due to mishandling of certain error conditions. IBM X-Force ID: 172128.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：37 | 回复：0
CVE-2019-4723

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page. IBM X-Force ID: ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：19 | 回复：0
CVE-2019-4724

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Content Backup page. IBM X-Force ID: 172130. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：14 | 回复：0
CVE-2019-4730

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive infor ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：19 | 回复：0
CVE-2020-1920

A regular expression denial of service (ReDoS) vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：12 | 回复：0
CVE-2020-27748

A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：15 | 回复：0
CVE-2020-4300

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive infor ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：14 | 回复：0
CVE-2020-4354

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pote ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：15 | 回复：0
CVE-2020-11293

Out of bound read can happen in Widevine TA while copying data to buffer from user data due to lack of check of buffer length received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：9 | 回复：0
CVE-2020-11294

Out of bound write in logger due to prefix size is not validated while prepended to logging string in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：15 | 回复：0
CVE-2020-11295

Use after free in camera If the threadmanager is being cleaned up while the worker thread is processing objects in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：21 | 回复：0
CVE-2021-1891

A possible use-after-free occurrence in audio driver can happen when pointers are not properly handled in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdra ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：13 | 回复：0
CVE-2021-1895

Possible integer overflow due to improper length check while flashing an image in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice Music……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：14 | 回复：0
CVE-2021-1905

Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapd ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：16 | 回复：0
CVE-2021-1906

Improper handling of address deregistration on failure can lead to new GPU address allocation failure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdra ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：17 | 回复：0
CVE-2021-1910

Double free in video due to lack of input buffer length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Sn ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:40 | 阅读：9 | 回复：0