CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-39784

In CellBroadcastReceiver, there is a possible path to enable specific cellular features due to a missing permission check. This could lead to local escalation of privilege with no additional execution ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：59 | 回复：0
CVE-2021-39786

In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：53 | 回复：0
CVE-2021-39787

In SystemUI, there is a possible arbitrary Activity launch due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：88 | 回复：0
CVE-2021-39788

In TelecomManager, there is a possible way to check if a particular self managed phone account was registered on the device due to side channel information disclosure. This could lead to local informa ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：188 | 回复：0
CVE-2021-39789

In Telecom, there is a possible leak of TTY mode change due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interac ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：193 | 回复：0
CVE-2021-39790

In Dialer, there is a possible way to manipulate visual voicemail settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges n ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：192 | 回复：0
CVE-2021-39791

In WallpaperManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local informatio ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：201 | 回复：0
CVE-2021-3456

An improper authorization handling flaw was found in Foreman. The Salt plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allo ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：201 | 回复：0
CVE-2022-0998

An integer overflow flaw was found in the Linux kernel’s virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function. This flaw allows a local user to crash or potent ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：207 | 回复：0
CVE-2022-20002

In incfs, there is a possible way of mounting on arbitrary paths due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User inter ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：196 | 回复：0
CVE-2022-22996

The G-RAID 4/8 Software Utility setups for Windows were affected by a DLL hijacking vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the system user.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：227 | 回复：0
CVE-2022-23136

There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user views the current top ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：215 | 回复：0
CVE-2022-23793

An issue was discovered in Joomla! 3.0.0 through 3.10.6 4.0.0 through 4.1.0. Extracting an specifilcy crafted tar package could write files outside of the intended path.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：217 | 回复：0
CVE-2022-23794

An issue was discovered in Joomla! 3.0.0 through 3.10.6 4.0.0 through 4.1.0. Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source co ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：245 | 回复：0
CVE-2022-23795

An issue was discovered in Joomla! 2.5.0 through 3.10.6 4.0.0 through 4.1.0. A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an acco ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：225 | 回复：0
CVE-2022-23796

An issue was discovered in Joomla! 3.7.0 through 3.10.6. Lack of input validation could allow an XSS attack using com_fields.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：246 | 回复：0
CVE-2022-23797

An issue was discovered in Joomla! 3.0.0 through 3.10.6 4.0.0 through 4.1.0. Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：429 | 回复：0
CVE-2022-23798

An issue was discovered in Joomla! 2.5.0 through 3.10.6 4.0.0 through 4.1.0. Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：479 | 回复：0
CVE-2022-23799

An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：278 | 回复：0
CVE-2022-23800

An issue was discovered in Joomla! 4.0.0 through 4.1.0. Inadequate content filtering leads to XSS vulnerabilities in various components.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：278 | 回复：0
CVE-2022-23801

An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in com_media.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：253 | 回复：0
CVE-2022-27907

Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：258 | 回复：0
CVE-2021-44310

An issue was discovered in Firmware Analysis and Comparison Tool v3.2. With administrator privileges, the attacker could perform stored XSS attacks by inserting JavaScript and HTML code in user creati ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：231 | 回复：0
CVE-2021-44312

An issue was discovered in Firmware Analysis and Comparison Tool v3.2. Logged in administrators could be targeted by a CSRF attack through visiting a crafted web page.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：289 | 回复：0
CVE-2022-22772

The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a dif ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：321 | 回复：0
CVE-2022-24132

phpshe V1.8 is affected by a denial of service (DoS) attack in the registry's verification code, which can paralyze the target service.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：253 | 回复：0
CVE-2022-24135

QingScan 1.3.0 is affected by Cross Site Scripting (XSS) vulnerability in all search functions.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：255 | 回复：0
CVE-2022-27772

** UNSUPPORTED WHEN ASSIGNED ** spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.serv ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：279 | 回复：0
CVE-2022-28223

Tekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to root by uploading a malicious Lua plugin.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：320 | 回复：0
CVE-2022-1160

heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：265 | 回复：0
CVE-2019-12266

Stack-based Buffer Overflow vulnerability in Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to run arbitrary code on the affected device. This issue affects: Wyze Cam Pan v2 versions prior to 4.49 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：276 | 回复：0
CVE-2019-9564

A vulnerability in the authentication logic of Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to bypass login and control the devices. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：263 | 回复：0
CVE-2021-45031

A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：267 | 回复：0
CVE-2021-40644

An SQL Injection vulnerability exists in oasys oa_system as of 9/7/2021 in resources/mappers/notice-mapper.xml.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：246 | 回复：0
CVE-2021-40645

An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：260 | 回复：0
CVE-2022-24763

PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSI ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：233 | 回复：0
CVE-2021-33208

The Register an Ehcache Configuration File admin feature in MashZone NextGen through 10.7 GA allows XXE attacks via a malicious XML configuration file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：224 | 回复：0
CVE-2021-33581

MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact with arbitrary TCP services, by abusing the feature to check the availability of a PPM connection. This o ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：195 | 回复：0
CVE-2021-38362

In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference (IDOR) issue and retrieve ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：194 | 回复：0
CVE-2021-43142

An XML External Entity (XXE) vulnerability exists in wuta jox 1.16 in the readObject method in JOXSAXBeanInput.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：204 | 回复：0