CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2020-11149

Out of bound access due to usage of an out-of-range pointer offset in the camera driver. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：28 | 回复：0
CVE-2020-11150

Out of bound memory access in camera driver due to improper validation on data coming from UMD which is used for offset manipulation of pointer in Snapdragon Auto, Snapdragon Compute, Snapdragon Conne ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：15 | 回复：0
CVE-2020-11151

Race condition occurs while calling user space ioctl from two different threads can results to use after free issue in video in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：25 | 回复：0
CVE-2020-11152

Race condition in HAL layer while processing callback objects received from HIDL due to lack of synchronization between accessing objects in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IO ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：21 | 回复：0
CVE-2020-11167

Memory corruption while calculating L2CAP packet length in reassembly logic when remote sends more data than expected in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consum ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：25 | 回复：0
CVE-2020-11179

Arbitrary read and write to kernel addresses by temporarily overwriting ring buffer pointer and creating a race condition. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon C ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：19 | 回复：0
CVE-2020-11180

Out of bound access in computer vision control due to improper validation of command length before processing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IO ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：30 | 回复：0
CVE-2020-11181

Out of bound access issue while handling cvp process control command due to improper validation of buffer pointer received from HLOS in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：25 | 回复：0
CVE-2020-11183

A process can potentially cause a buffer overflow in the display service allowing privilege escalation by executing code as that service in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consume ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：25 | 回复：0
CVE-2020-11185

Out of bound issue in WLAN driver while processing vdev responses from firmware due to lack of validation of data received from firmware in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consume ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：36 | 回复：0
CVE-2020-11197

Possible integer overflow can occur when stream info update is called when total number of streams detected are zero while parsing TS clip with invalid data in Snapdragon Auto, Snapdragon Compute, Sna ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：19 | 回复：0
CVE-2020-11200

Buffer over-read while parsing RPS due to lack of check of input validation on values received from user side. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：29 | 回复：0
CVE-2020-11212

Out of bounds reads while parsing NAN beacons attributes and OUIs due to improper length of field check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：27 | 回复：0
CVE-2020-11213

Out of bound reads might occur in while processing Service descriptor due to improper validation of length of fields in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consume ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：30 | 回复：0
CVE-2020-11214

Buffer over-read while processing NDL attribute if attribute length is larger than expected and then FW is treating it as more number of immutable schedules in Snapdragon Auto, Snapdragon Compute, Sna ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：17 | 回复：0
CVE-2020-11215

An out of bounds read can happen when processing VSA attribute due to improper minimum required length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：15 | 回复：0
CVE-2020-11216

Buffer over read can happen in video driver when playing clip with atomsize having value UINT32_MAX in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：22 | 回复：0
CVE-2020-11217

A possible double free or invalid memory access in audio driver while reading Speaker Protection parameters in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：15 | 回复：0
CVE-2020-11225

Out of bound access in WLAN driver due to lack of validation of array length before copying into array in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：17 | 回复：0
CVE-2020-3685

Pointer variable which is freed is not cleared can result in memory corruption and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：11 | 回复：0
CVE-2020-3686

Possible memory out of bound issue during music playback when an incorrect bit stream content is copied into array without checking the length of array in Snapdragon Auto, Snapdragon Compute, Snapdrag ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：27 | 回复：0
CVE-2020-3687

Local privilege escalation in admin services in Windows environment can occur due to an arbitrary read issue.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：19 | 回复：0
CVE-2020-11297

Denial of service in WLAN module due to improper check of subtypes in logic where excessive frames are dropped in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Elec ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：21 | 回复：0
CVE-2020-3664

Out of bound read access in hypervisor due to an invalid read access attempt by passing invalid addresses in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snap ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：35 | 回复：0
CVE-2020-19762

Automated Logic Corporation (ALC) WebCTRL System 6.5 and prior allows remote attackers to execute any JavaScript code via a XSS payload for the first parameter in a GET request.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：26 | 回复：0
CVE-2020-21224

A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote attacker can send a malicious login packet to the control server……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：22 | 回复：0
CVE-2021-27368

The Contact page in Monica 2.19.1 allows stored XSS via the First Name field.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：72 | 回复：0
CVE-2021-27369

The Contact page in Monica 2.19.1 allows stored XSS via the Middle Name field.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：27 | 回复：0
CVE-2021-27370

The Contact page in Monica 2.19.1 allows stored XSS via the Last Name field.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：31 | 回复：0
CVE-2021-27371

The Contact page in Monica 2.19.1 allows stored XSS via the Description field.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：30 | 回复：0
CVE-2021-27559

The Contact page in Monica 2.19.1 allows stored XSS via the Nickname field.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：31 | 回复：0
CVE-2021-3120

An arbitrary file upload vulnerability in the YITH WooCommerce Gift Cards Premium plugin before 3.3.1 for WordPress allows remote attackers to achieve remote code execution on the operating system in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：35 | 回复：0
CVE-2020-24175

Buffer overflow in Yz1 0.30 and 0.32, as used in IZArc 4.4, ZipGenius 6.3.2.3116, and Explzh (extension) 8.14, allows attackers to execute arbitrary code via a crafted archive file, related to filenam ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：30 | 回复：0
CVE-2020-22474

In webERP 4.15, the ManualContents.php file allows users to specify the Language parameter, which can lead to local file inclusion.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：38 | 回复：0
CVE-2020-22475

Tasks application version before 9.7.3 is affected by insecure permissions. The VoiceCommandActivity application component allows arbitrary applications on a device to add tasks with no restrictions.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：30 | 回复：0
CVE-2021-27228

An issue was discovered in Shinobi through ocean version 1. lib/auth.js has Incorrect Access Control. Valid API Keys are held in an internal JS Object. Therefore an attacker can use JS Proto Method na ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：33 | 回复：0
CVE-2021-27549

** DISPUTED ** Genymotion Desktop through 3.2.0 leaks the host's clipboard data to the Android application by default. NOTE: the vendor's position is that this is intended behavior that can be ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：32 | 回复：0
CVE-2021-27564

A stored XSS issue exists in Appspace 6.2.4. After a user is authenticated and enters an XSS payload under the groups section of the network tab, it is stored as the group name. Whenever another membe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：27 | 回复：0
CVE-2021-27279

MyBB before 1.8.25 allows stored XSS via nested tags with MyCode (aka BBCode).……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：23 | 回复：0
CVE-2020-29448

The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated re ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：31 | 回复：0