CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-20518

IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potential ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：30 | 回复：0
CVE-2021-20520

IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potential ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：30 | 回复：0
CVE-2021-21412

Potential for arbitrary code execution in npm package @thi.ng/egf `#gpg`-tagged property values (only if `decrypt: true` option is enabled). PR with patch has been submitted and will has been released ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：42 | 回复：0
CVE-2021-26579

A security vulnerability in HPE Unified Data Management (UDM) could allow the local disclosure of privileged information (CWE-321: Use of Hard-coded Cryptographic Key in a product). HPE has provided u ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：34 | 回复：0
CVE-2021-3474

There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：59 | 回复：0
CVE-2021-3475

There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with app ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：52 | 回复：0
CVE-2021-3476

A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：60 | 回复：0
CVE-2021-29642

GistPad before 0.2.7 allows a crafted workspace folder to change the URL for the Gist API, which leads to leakage of GitHub access tokens.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：63 | 回复：0
CVE-2020-24391

mongo-express before 1.0.0 offers support for certain advanced syntax but implements this in an unsafe way. NOTE: this may overlap CVE-2019-10769.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：37 | 回复：0
CVE-2021-29646

An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c does not properly validate certain data sizes, aka CID-0217ed2848e8.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：51 | 回复：0
CVE-2021-29647

An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized dat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：48 | 回复：0
CVE-2021-29648

An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly consider that resolved_ids and resolved_sizes are intentionally uninitialized in the vmlinux BPF Type Fo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：42 | 回复：0
CVE-2021-29649

An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：49 | 回复：0
CVE-2021-29650

An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：37 | 回复：0
CVE-2020-24995

Buffer overflow vulnerability in sniff_channel_order function in aacdec_template.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code (local).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：30 | 回复：0
CVE-2021-21413

isolated-vm is a library for nodejs which gives you access to v8's Isolate interface. Versions of isolated-vm before v4.0.0 have API pitfalls which may make it easy for implementers to expose supp ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:55 | 阅读：46 | 回复：0
CVE-2020-6787

Loading a DLL through an Uncontrolled Search Path Element in the Bosch Video Client installer up to and including version 1.7.6.079 potentially allows an attacker to execute arbitrary code on a victim ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：27 | 回复：0
CVE-2020-6788

Loading a DLL through an Uncontrolled Search Path Element in the Bosch Configuration Manager installer up to and including version 7.21.0078 potentially allows an attacker to execute arbitrary code on ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：32 | 回复：0
CVE-2020-6789

Loading a DLL through an Uncontrolled Search Path Element in the Bosch Monitor Wall installer up to and including version 10.00.0164 potentially allows an attacker to execute arbitrary code on a victi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：29 | 回复：0
CVE-2020-6790

Calling an executable through an Uncontrolled Search Path Element in the Bosch Video Streaming Gateway installer up to and including version 6.45.10 potentially allows an attacker to execute arbitrary ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：29 | 回复：0
CVE-2021-22496

Authentication Bypass Vulnerability in Micro Focus Access Manager Product, affects all version prior to version 4.5.3.3. The vulnerability could cause information leakage.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：24 | 回复：0
CVE-2021-22659

Rockwell Automation MicroLogix 1400 Version 21.6 and below may allow a remote unauthenticated attacker to send a specially crafted Modbus packet allowing the attacker to retrieve or modify random valu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：20 | 回复：0
CVE-2021-21783

A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HT ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：26 | 回复：0
CVE-2021-25349

Using unsafe PendingIntent in Slow Motion Editor prior to version 3.5.18.5 allows local attackers unauthorized action without permission via hijacking the PendingIntent.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：25 | 回复：0
CVE-2021-25350

Information Exposure vulnerability in Samsung Account prior to version 12.1.1.3 allows physically proximate attackers to access user information via log.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：25 | 回复：0
CVE-2021-25351

Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：31 | 回复：0
CVE-2021-25352

Using PendingIntent with implicit intent in Bixby Voice prior to version 3.0.52.14 allows attackers to execute privileged action by hijacking and modifying the intent.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：24 | 回复：0
CVE-2021-25353

Using empty PendingIntent in Galaxy Themes prior to version 5.2.00.1215 allows local attackers to read/write private file directories of Galaxy Themes application without permission via hijacking the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：22 | 回复：0
CVE-2021-25354

Improper input check in Samsung Internet prior to version 13.2.1.46 allows attackers to launch non-exported activity in Samsung Browser via malicious deeplink.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：28 | 回复：0
CVE-2021-25355

Using unsafe PendingIntent in Samsung Notes prior to version 4.2.00.22 allows local attackers unauthorized action without permission via hijacking the PendingIntent.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：26 | 回复：0
CVE-2021-25366

Improper access control in Samsung Internet prior to version 13.2.1.70 allows physically proximate attackers to bypass the secret mode's authentication.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：26 | 回复：0
CVE-2021-25367

Path Traversal vulnerability in Samsung Notes prior to version 4.2.00.22 allows attackers to access local files without permission.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：25 | 回复：0
CVE-2021-25368

Hijacking vulnerability in Samsung Cloud prior to version 4.7.0.3 allows attackers to intercept when the provider is executed.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：40 | 回复：0
CVE-2020-35502

A flaw was found in Privoxy in versions before 3.0.29. Memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory can lead to a system crash.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：34 | 回复：0
CVE-2021-20210

A flaw was found in Privoxy in versions before 3.0.29. Memory leak in the show-status CGI handler when no filter files are configured can lead to a system crash.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：24 | 回复：0
CVE-2021-20211

A flaw was found in Privoxy in versions before 3.0.29. Memory leak when client tags are active can cause a system crash.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：17 | 回复：0
CVE-2021-20212

A flaw was found in Privoxy in versions before 3.0.29. Memory leak if multiple filters are executed and the last one is skipped due to a pcre error leading to a system crash.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：23 | 回复：0
CVE-2021-20213

A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destinat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：19 | 回复：0
CVE-2021-20214

A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail can lead to a system crash.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：17 | 回复：0
CVE-2021-20215

A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the show-status CGI handler when memory allocations fail can lead to a system crash.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:54 | 阅读：13 | 回复：0