漏洞 - 第492页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-1005

In getDeviceIdWithFeature of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-1004

In getConfiguredNetworks of WifiServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to loc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-1003

In adjustStreamVolume of AudioService.java, there is a possible way for unprivileged app to change audio stream volume due to a confused deputy. This could lead to local escalation of privilege with n ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：39 | 回复：0
CVE漏洞

CVE-2021-1002

In WT_Interpolate of eas_wtengine.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges need ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：48 | 回复：0
CVE漏洞

CVE-2021-1001

In PVInitVideoEncoder of mp4enc_api.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges n ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：50 | 回复：0
CVE漏洞

CVE-2021-0999

In the broadcast definition in AndroidManifest.xml, there is a possible way to set the A2DP bluetooth device connection state due to a missing permission check. This could lead to local escalation of ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：49 | 回复：0
CVE漏洞

CVE-2021-0998

In 'ih264e_find_bskip_params()' of ih264e_me.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional executi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-0997

In handleUpdateNetworkState of GnssNetworkConnectivityHandler.java , there is a possible APN disclosure due to log information disclosure. This could lead to local information disclosure with no addit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：52 | 回复：0
CVE漏洞

CVE-2021-0996

In nfaHciCallback of HciEventManager.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure over NFC with System execution privilege ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-0995

In registerSuggestionConnectionStatusListener of WifiServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：44 | 回复：0
CVE漏洞

CVE-2021-0994

In requestRouteToHostAddress of ConnectivityService.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lea ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-0993

In getOffsetBeforeAfter of TextLine.java, there is a possible denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：44 | 回复：0
CVE漏洞

CVE-2021-0992

In onCreate of PaymentDefaultDialog.java, there is a possible way to change a default payment app without user consent due to tapjack overlay. This could lead to local escalation of privilege with no ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-0991

In OnMetadataChangedListener of AdvancedBluetoothDetailsHeaderController.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local informati ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-0990

In getDeviceId of PhoneSubInfoController.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：62 | 回复：0
CVE漏洞

CVE-2021-0989

In hasManageOngoingCallsPermission of TelecomServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:39 | 阅读：50 | 回复：0
CVE漏洞

CVE-2021-20843

Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier all ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:38 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-20842

Cross-site request forgery (CSRF) vulnerability in EC-CUBE 2 series 2.11.0 to 2.17.1 allows a remote attacker to hijack the authentication of Administrator and delete Administrator via a specially cra ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:38 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-20841

Improper access control in Management screen of EC-CUBE 2 series 2.11.2 to 2.17.1 allows a remote authenticated attacker to bypass access restriction and to alter System settings via unspecified vecto ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:38 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-20840

Cross-site scripting vulnerability in Booking Package - Appointment Booking Calendar System versions prior to 1.5.11 allows a remote attacker to inject an arbitrary script via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:38 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-20835

Improper authorization in handler for custom URL scheme vulnerability in Android App 'Mercari (Merpay) - Marketplace and Mobile Payments App' (Japan version) versions prior to 4.49.1 allows a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:38 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-44140

Remote attackers may delete arbitrary files in a system hosting a JSPWiki instance, versions up to 2.11.0.M8, by using a carefuly crafted http request on logout, given that those files are reachable t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:38 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-40369

A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Denounce plugin, which could allow the attacker to execute javascript in the victim' ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:38 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-28709

issues with partially successful P2M updates on x86 T x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guest ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:38 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-28705

issues with partially successful P2M updates on x86 T x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guest ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:38 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-43221

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 12:38 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-43220

Microsoft Edge for iOS Spoofing Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 12:38 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-43211

Windows 10 Update Assistant Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42297.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:38 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-42308

Microsoft Edge (Chromium-based) Spoofing Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 12:38 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-42306

Azure Active Directory Information Disclosure Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 12:38 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-42297

Windows 10 Update Assistant Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43211.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:38 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-28708

PoD operations on misaligned GFNs T x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:38 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-28707

PoD operations on misaligned GFNs T x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:38 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-28706

guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrato ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:38 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-28704

PoD operations on misaligned GFNs T x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:38 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-42785

Buffer Overflow vulnerability in tvnviewer.exe of TightVNC Viewer allows a remote attacker to execute arbitrary instructions via a crafted FramebufferUpdate packet from a VNC server.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:38 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-42784

OS Command Injection vulnerability in debug_fcgi of D-Link DWR-932C E1 firmware allows a remote attacker to perform command injection via a crafted HTTP request.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:38 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-42783

Missing Authentication for Critical Function vulnerability in debug_post_set.cgi of D-Link DWR-932C E1 firmware allows an unauthenticated attacker to execute administrative actions.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:38 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-38004

Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to leak cross-origin data via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:38 | 阅读：50 | 回复：0
CVE漏洞

CVE-2021-38003

Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:38 | 阅读：33 | 回复：0