CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2020-5016

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. When application security is disabled and JAX-RPC applications are present, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：82 | 回复：0
CVE-2021-21491

SAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Rev ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：77 | 回复：0
CVE-2021-28122

A request-validation issue was discovered in Open5GS 2.1.3 through 2.2.x before 2.2.1. The WebUI component allows an unauthenticated user to use a crafted HTTP API request to create, read, update, or ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：71 | 回复：0
CVE-2020-0025

In deletePackageVersionedInternal of PackageManagerService.java, there is a possible way to exit Screen Pinning due to a permissions bypass. This could lead to local escalation of privilege with no ad ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：71 | 回复：0
CVE-2020-1916

An incorrect size calculation in ldap_escape may lead to an integer overflow when overly long input is passed in, resulting in an out-of-bounds write. This issue affects HHVM prior to 4.56.2, all vers ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：86 | 回复：0
CVE-2020-1917

xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buff ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：79 | 回复：0
CVE-2020-1918

In-memory file operations (ie: using fopen on a data URI) did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory buffer. This issue affects HHVM versions ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：85 | 回复：0
CVE-2020-1919

Incorrect bounds calculations in substr_compare could lead to an out-of-bounds read when the second string argument passed in is longer than the first. This issue affects HHVM versions prior to 4.56.3 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：87 | 回复：0
CVE-2020-1921

In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions prior to 4.56.3, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：71 | 回复：0
CVE-2021-0368

In oggpack_look of bitwise.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. Use ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：72 | 回复：0
CVE-2021-0369

In CrossProfileAppsServiceImpl.java, there is the possibility of an application's INTERACT_ACROSS_PROFILES grant state not displaying properly in the setting UI due to a logic error in the code. T ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：93 | 回复：0
CVE-2021-0370

In Write of NxpMfcReader.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC server with System execution privileges ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：81 | 回复：0
CVE-2021-0371

In nci_proc_rf_management_ntf of nci_hrcv.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges ne ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：77 | 回复：0
CVE-2021-0372

In getMediaOutputSliceAction of RemoteMediaSlice.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：59 | 回复：0
CVE-2021-0374

In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execut ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：49 | 回复：0
CVE-2021-0375

In onPackageModified of VoiceInteractionManagerService.java, there is a possible change of default applications due to an insecure default value. This could lead to local escalation of privilege with ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：56 | 回复：0
CVE-2021-0376

In checkUriPermission and related functions of MediaProvider.java, there is a possible way to access external files due to a permissions bypass. This could lead to local escalation of privilege with n ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：62 | 回复：0
CVE-2021-0377

In DeltaPerformer::Write of delta_performer.cc, there is a possible use of untrusted input due to improper input validation. This could lead to a local bypass of defense in depth protections with no a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：58 | 回复：0
CVE-2021-0378

In getNbits of pvmp3_getbits.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：74 | 回复：0
CVE-2021-0390

In various methods of WifiNetworkSuggestionsManager.java, there is a possible modification of suggested networks due to a missing permission check. This could lead to local escalation of privilege by ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：64 | 回复：0
CVE-2021-0391

In onCreate() of ChooseTypeAndAccountActivity.java, there is a possible way to learn the existence of an account, without permissions, due to a tapjacking/overlay attack. This could lead to local esca ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：78 | 回复：0
CVE-2021-0392

In main of main.cpp, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：54 | 回复：0
CVE-2021-0393

In Scanner::LiteralBuffer::NewCapacity of scanner.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if an attacker can supply a malicious ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：51 | 回复：0
CVE-2021-0394

In android_os_Parcel_readString8 of android_os_Parcel.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional exec ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：67 | 回复：0
CVE-2021-0395

In StopServicesAndLogViolations of reboot.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges nee ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：66 | 回复：0
CVE-2021-0396

In Builtins::Generate_ArgumentsAdaptorTrampoline of builtins-arm.cc and related files, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code executio ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：68 | 回复：0
CVE-2021-0397

In sdp_copy_raw_data of sdp_discovery.cc, there is a possible system compromise due to a double free. This could lead to remote code execution with no additional execution privileges needed. User inte ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：68 | 回复：0
CVE-2021-0398

In bindServiceLocked of ActiveServices.java, there is a possible foreground service launch due to a confused deputy. This could lead to local escalation of privilege with User execution privileges nee ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：52 | 回复：0
CVE-2021-1240

A vulnerability in the loading process of specific DLLs in Cisco Proximity Desktop for Windows could allow an authenticated, local attacker to load a malicious library. To exploit this vulnerability, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：33 | 回复：0
CVE-2021-1242

A vulnerability in Cisco Webex Teams could allow an unauthenticated, remote attacker to manipulate file names within the messaging interface. The vulnerability exists because the affected software mis ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：56 | 回复：0
CVE-2021-1245

Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack and obtain potentially co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：44 | 回复：0
CVE-2021-1246

Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack and obtain potentially co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：41 | 回复：0
CVE-2021-1258

A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：40 | 回复：0
CVE-2021-1267

A vulnerability in the dashboard widget of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected de ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：38 | 回复：0
CVE-2021-1307

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：40 | 回复：0
CVE-2021-1310

A vulnerability in the web-based management interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to redirect a user to an untrusted web page, bypassing the warning mechani ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：39 | 回复：0
CVE-2021-1311

A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to take over the host role during a meeting. This ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：32 | 回复：0
CVE-2021-1360

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：33 | 回复：0
CVE-2013-1053

In crypt.c of remote-login-service, the cryptographic algorithm used to cache usernames and passwords is insecure. An attacker could use this vulnerability to recover usernames and passwords from the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：46 | 回复：0
CVE-2020-14097

Wrong nginx configuration, causing specific paths to be downloaded without authorization. This affects Xiaomi router AX6 ROM version 1.0.18.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:44 | 阅读：44 | 回复：0