• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号
登陆 注册
描述文字
OGeek|极客世界-中国程序员成长平台 门户 漏洞

漏洞

RSS

下级分类:

  • CVE-2022-20118
    CVE漏洞
    CVE-2022-20118
    In ion_ioctl and related functions of ion.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:34 | 阅读:114 | 回复:0
  • CVE-2022-20117
    CVE漏洞
    CVE-2022-20117
    In (TBD) of (TBD), there is a possible way to decrypt local data encrypted by the GSC due to improperly used crypto. This could lead to local information disclosure with no additional execution privil ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:34 | 阅读:71 | 回复:0
  • CVE-2022-1431
    CVE漏洞
    CVE-2022-1431
    An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:34 | 阅读:48 | 回复:0
  • CVE-2022-1417
    CVE漏洞
    CVE-2022-1417
    Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allo ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:34 | 阅读:49 | 回复:0
  • CVE-2022-0866
    CVE漏洞
    CVE-2022-0866
    This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.e ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:34 | 阅读:43 | 回复:0
  • CVE-2021-39738
    CVE漏洞
    CVE-2021-39738
    In CarSetings, there is a possible to pair BT device bypassing user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privi ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:34 | 阅读:48 | 回复:0
  • CVE-2022-30278
    CVE漏洞
    CVE-2022-30278
    A vulnerability in Black Duck Hub’s embedded MadCap Flare documentation files could allow an unauthenticated remote attacker to conduct a cross-site scripting attack. The vulnerability is due to impr ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:34 | 阅读:43 | 回复:0
  • CVE-2022-29399
    CVE漏洞
    CVE-2022-29399
    TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the url parameter in the function FUN_00415bf0.……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:34 | 阅读:42 | 回复:0
  • CVE-2022-29398
    CVE漏洞
    CVE-2022-29398
    TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the File parameter in the function FUN_0041309c.……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:34 | 阅读:46 | 回复:0
  • CVE-2022-29397
    CVE漏洞
    CVE-2022-29397
    TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004196c8.……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:34 | 阅读:68 | 回复:0
  • CVE-2022-29396
    CVE漏洞
    CVE-2022-29396
    TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_00418f10.……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:34 | 阅读:57 | 回复:0
  • CVE-2022-29395
    CVE漏洞
    CVE-2022-29395
    TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the apcliKey parameter in the function FUN_0041bac4.……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:34 | 阅读:74 | 回复:0
  • CVE-2022-29394
    CVE漏洞
    CVE-2022-29394
    TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macAddress parameter in the function FUN_0041b448.……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:34 | 阅读:121 | 回复:0
  • CVE-2022-29393
    CVE漏洞
    CVE-2022-29393
    TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004192cc.……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:34 | 阅读:298 | 回复:0
  • CVE-2022-29392
    CVE漏洞
    CVE-2022-29392
    TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_00418c24.……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:34 | 阅读:103 | 回复:0
  • CVE-2022-29391
    CVE漏洞
    CVE-2022-29391
    TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004200c8.……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:34 | 阅读:51 | 回复:0
  • CVE-2022-27167
    CVE漏洞
    CVE-2022-27167
    Privilege escalation vulnerability in Windows products of ESET, spol. s r.o. allows attacker to exploit Repair and Uninstall features what may lead to arbitrary file deletion. This issue affects: ESET ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:34 | 阅读:59 | 回复:0
  • CVE-2022-20116
    CVE漏洞
    CVE-2022-20116
    In onEntryUpdated of OngoingCallController.kt, it is possible to launch non-exported activities due to intent redirection. This could lead to local escalation of privilege with User execution privileg ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:34 | 阅读:45 | 回复:0
  • CVE-2022-20115
    CVE漏洞
    CVE-2022-20115
    In broadcastServiceStateChanged of TelephonyRegistry.java, there is a possible way to learn base station information without location permission due to a missing permission check. This could lead to l ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:34 | 阅读:38 | 回复:0
  • CVE-2022-20114
    CVE漏洞
    CVE-2022-20114
    In placeCall of TelecomManager.java, there is a possible way for an application to keep itself running with foreground service importance due to a permissions bypass. This could lead to local escalati ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:34 | 阅读:48 | 回复:0
  • CVE-2022-20113
    CVE漏洞
    CVE-2022-20113
    In mPreference of DefaultUsbConfigurationPreferenceController.java, there is a possible way to enable file transfer mode due to a logic error in the code. This could lead to local escalation of privil ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:34 | 阅读:26 | 回复:0
  • CVE-2022-20112
    CVE漏洞
    CVE-2022-20112
    In getAvailabilityStatus of PrivateDnsPreferenceController.java, there is a possible way for a guest user to change private DNS settings due to a permissions bypass. This could lead to local escalatio ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:34 | 阅读:25 | 回复:0
  • CVE-2022-20011
    CVE漏洞
    CVE-2022-20011
    In getArray of NotificationManagerService.java , there is a possible leak of one user notifications to another due to missing check. This could lead to local information disclosure with no additional ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:34 | 阅读:28 | 回复:0
  • CVE-2022-20010
    CVE漏洞
    CVE-2022-20010
    In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure through Bluetooth with no additional ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:34 | 阅读:33 | 回复:0
  • CVE-2022-20009
    CVE漏洞
    CVE-2022-20009
    In various functions of the USB gadget subsystem, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution p ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:34 | 阅读:36 | 回复:0
  • CVE-2022-20008
    CVE漏洞
    CVE-2022-20008
    In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that trigger ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:34 | 阅读:42 | 回复:0
  • CVE-2022-20007
    CVE漏洞
    CVE-2022-20007
    In startActivityForAttachedApplicationIfNeeded of RootWindowContainer.java, there is a possible way to overlay an app that believes it's still in the foreground, when it is not, due to a race cond ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:34 | 阅读:56 | 回复:0
  • CVE-2022-20006
    CVE漏洞
    CVE-2022-20006
    In several functions of KeyguardServiceWrapper.java and related files,, there is a possible way to briefly view what's under the lockscreen due to a race condition. This could lead to local escala ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:34 | 阅读:70 | 回复:0
  • CVE-2022-20005
    CVE漏洞
    CVE-2022-20005
    In validateApkInstallLocked of PackageInstallerSession.java, there is a way to force a mismatch between running code and a parsed APK . This could lead to local escalation of privilege with User execu ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:34 | 阅读:146 | 回复:0
  • CVE-2022-20004
    CVE漏洞
    CVE-2022-20004
    In checkSlicePermission of SliceManagerService.java, it is possible to access any slice URI due to improper input validation. This could lead to local escalation of privilege with no additional execut ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:34 | 阅读:389 | 回复:0
  • CVE-2022-1567
    CVE漏洞
    CVE-2022-1567
    The WP-JS plugin for WordPress contains a script called wp-js.php with the function wp_js_admin, that accepts unvalidated user input and echoes it back to the user. This can be used for reflected Cros ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:34 | 阅读:142 | 回复:0
  • CVE-2022-1505
    CVE漏洞
    CVE-2022-1505
    The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endp ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:34 | 阅读:82 | 回复:0
  • CVE-2022-1476
    CVE漏洞
    CVE-2022-1476
    The All-in-One WP Migration plugin for WordPress is vulnerable to arbitrary file deletion via directory traversal due to insufficient file validation via the ~/lib/model/class-ai1wm-backups.php file, ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:34 | 阅读:69 | 回复:0
  • CVE-2022-1463
    CVE漏洞
    CVE-2022-1463
    The Booking Calendar plugin for WordPress is vulnerable to PHP Object Injection via the shortcode in versions up to, and including, 9.1. This could be exploited by subscriber-level users and above to ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:34 | 阅读:59 | 回复:0
  • CVE-2022-1453
    CVE漏洞
    CVE-2022-1453
    The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:34 | 阅读:40 | 回复:0
  • CVE-2022-1442
    CVE漏洞
    CVE-2022-1442
    The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:34 | 阅读:35 | 回复:0
  • CVE-2022-1209
    CVE漏洞
    CVE-2022-1209
    The Ultimate Member plugin for WordPress is vulnerable to open redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page, which makes it possible for attackers ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:34 | 阅读:30 | 回复:0
  • CVE-2021-39700
    CVE漏洞
    CVE-2021-39700
    In the policies of adbd.te, there was a logic error which caused the CTS Listening Ports Test to report invalid results. This could lead to local information disclosure with no additional execution pr ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:34 | 阅读:30 | 回复:0
  • CVE-2021-39670
    CVE漏洞
    CVE-2021-39670
    In setStream of WallpaperManager.java, there is a possible way to cause a permanent DoS due to improper input validation. This could lead to local denial of service with User execution privileges need ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:34 | 阅读:26 | 回复:0
  • CVE-2022-28986
    CVE漏洞
    CVE-2022-28986
    LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 has an Insecure direct object references (IDOR) vulnerability, which allows remote attackers to update sensitive record ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:34 | 阅读:24 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap