• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

漏洞

RSS

下级分类:

  • CVE-2021-42538
    CVE-2021-42538
    The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:13 | 回复:0
  • CVE-2021-42536
    CVE-2021-42536
    The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:16 | 回复:0
  • CVE-2021-42534
    CVE-2021-42534
    The affected product’s web application does not properly neutralize the input during webpage generation, which could allow an attacker to inject code in the input forms.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:14 | 回复:0
  • CVE-2021-42169
    CVE-2021-42169
    The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite Free Source Code (by: oretnom23 ) is vulnerable from remote SQL-Injection-Bypass-Authentication for the admin account. The parame ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:15 | 回复:0
  • CVE-2021-38485
    CVE-2021-38485
    The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any file on disk.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:12 | 回复:0
  • CVE-2021-30359
    CVE-2021-30359
    The Harmony Browse and the SandBlast Agent for Browsers installers must have admin privileges to execute some steps during the installation. Because the MS Installer allows regular users to repair the ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:90 | 回复:0
  • CVE-2021-0870
    CVE-2021-0870
    In RW_SetActivatedTagType of rw_main.cc, there is possible memory corruption due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User inte ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:23 | 回复:0
  • CVE-2021-0708
    CVE-2021-0708
    In runDumpHeap of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:19 | 回复:0
  • CVE-2021-0706
    CVE-2021-0706
    In startListening of PluginManagerImpl.java, there is a possible way to disable arbitrary app components due to a missing permission check. This could lead to local denial of service with no additiona ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:35 | 回复:0
  • CVE-2021-0705
    CVE-2021-0705
    In sanitizeSbn of NotificationManagerService.java, there is a possible way to keep service running in foreground and keep granted permissions due to Bypass of Background Service Restrictions. This cou ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:24 | 回复:0
  • CVE-2021-0703
    CVE-2021-0703
    In SecondStageMain of init.cpp, there is a possible use after free due to incorrect shared_ptr usage. This could lead to local escalation of privilege if the attacker has physical access to the device ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:31 | 回复:0
  • CVE-2021-0702
    CVE-2021-0702
    In RevertActiveSessions of apexd.cpp, there is a possible way to share the wrong file due to an unintentional MediaStore downgrade. This could lead to local information disclosure with no additional e ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:26 | 回复:0
  • CVE-2021-0652
    CVE-2021-0652
    In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a possible way to introduce a memory corruption due to sharing of not thread-safe objects. This could lead to local escalation of pri ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:21 | 回复:0
  • CVE-2021-0651
    CVE-2021-0651
    In loadLabel of PackageItemInfo.java, there is a possible way to DoS a device by having a long label in an app due to incorrect input validation. This could lead to local denial of service with no add ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:16 | 回复:0
  • CVE-2021-0643
    CVE-2021-0643
    In getAllSubInfoList of SubscriptionController.java, there is a possible way to retrieve a long term identifier without the correct permissions due to a missing permission check. This could lead to lo ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:22 | 回复:0
  • CVE-2021-0483
    CVE-2021-0483
    In multiple methods of AAudioService, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interacti ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:14 | 回复:0
  • CVE-2021-41747
    CVE-2021-41747
    Cross-Site Scripting (XSS) vulnerability exists in Csdn APP 4.10.0, which can be exploited by attackers to obtain sensitive information such as user cookies.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:20 | 回复:0
  • CVE-2021-41745
    CVE-2021-41745
    ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:19 | 回复:0
  • CVE-2021-41744
    CVE-2021-41744
    All versions of yongyou PLM are affected by a command injection issue. UFIDA PLM (Product Life Cycle Management) is a strategic management method. It applies a series of enterprise application systems ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:21 | 回复:0
  • CVE-2021-38481
    CVE-2021-38481
    The scheduler service running on a specific TCP port enables the user to start and stop jobs. There is no sanitation of the supplied JOB ID provided to the function. An attacker may send a malicious p ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:23 | 回复:0
  • CVE-2021-38479
    CVE-2021-38479
    Many API function codes receive raw pointers remotely from the user and trust these pointers as valid in-bound memory regions. An attacker can manipulate API functions by writing arbitrary data into t ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:23 | 回复:0
  • CVE-2021-38477
    CVE-2021-38477
    There are multiple API function codes that permit reading and writing data to or from files and directories, which could lead to the manipulation and/or the deletion of files.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:27 | 回复:0
  • CVE-2021-38475
    CVE-2021-38475
    The database connection to the server is performed by calling a specific API, which could allow an unprivileged user to gain SYSDBA permissions.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:23 | 回复:0
  • CVE-2021-38473
    CVE-2021-38473
    The affected product’s code base doesn’t properly control arguments for specific functions, which could lead to a stack overflow.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:18 | 回复:0
  • CVE-2021-38471
    CVE-2021-38471
    There are multiple API function codes that permit data writing to any file, which may allow an attacker to modify existing files or create new files.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:24 | 回复:0
  • CVE-2021-38469
    CVE-2021-38469
    Many of the services used by the affected product do not specify full paths for the DLLs they are loading. An attacker can exploit the uncontrolled search path by implanting their own DLL near the aff ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:22 | 回复:0
  • CVE-2021-38467
    CVE-2021-38467
    A specific function code receives a raw pointer supplied by the user and deallocates this pointer. The user can then control what memory regions will be freed and cause use-after-free condition.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:12 | 回复:0
  • CVE-2021-38465
    CVE-2021-38465
    The webinstaller is a Golang web server executable that enables the generation of an Auvesy image agent. Resource consumption can be achieved by generating large amounts of installations, which are th ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:13 | 回复:0
  • CVE-2021-38463
    CVE-2021-38463
    The affected product does not properly control the allocation of resources. A user may be able to allocate unlimited memory buffers using API functions.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:19 | 回复:0
  • CVE-2021-38461
    CVE-2021-38461
    The affected product uses a hard-coded blowfish key for encryption/decryption processes. The key can be easily extracted from binaries.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:17 | 回复:0
  • CVE-2021-38459
    CVE-2021-38459
    The data of a network capture of the initial handshake phase can be used to authenticate at a SYSDBA level. If a specific .exe is not restarted often, it is possible to access the needed handshake pac ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:18 | 回复:0
  • CVE-2021-38457
    CVE-2021-38457
    The server permits communication without any authentication procedure, allowing the attacker to initiate a session with the server without providing any form of authentication.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:15 | 回复:0
  • CVE-2021-38455
    CVE-2021-38455
    The affected product’s OS Service does not verify any given parameter. A user can supply any type of parameter that will be passed to inner calls without checking the type of the parameter or the val ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:8 | 回复:0
  • CVE-2021-38453
    CVE-2021-38453
    Some API functions allow interaction with the registry, which includes reading values as well as data modification.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:14 | 回复:0
  • CVE-2021-38451
    CVE-2021-38451
    The affected product’s proprietary protocol CSC allows for calling numerous function codes. In order to call those function codes, the user must supply parameters. There is no sanitation on the value ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:10 | 回复:0
  • CVE-2021-38449
    CVE-2021-38449
    Some API functions permit by-design writing or copying data into a given buffer. Since the client controls these parameters, an attacker could rewrite the memory in any location of the affected produc ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:9 | 回复:0
  • CVE-2021-36357
    CVE-2021-36357
    An issue was discovered in OpenPOWER 2.6 firmware. unpack_timestamp() calls le32_to_cpu() for endian conversion of a uint16_t year value, resulting in a type mismatch that can truncate a higher intege ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:8 | 回复:0
  • CVE-2021-35230
    CVE-2021-35230
    As a result of an unquoted service path vulnerability present in the Kiwi CatTools Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:10 | 回复:0
  • CVE-2021-31682
    CVE-2021-31682
    The login portal for the Automated Logic WebCTRL/WebCTRL OEM web application contains a vulnerability that allows for reflected XSS attacks due to the operatorlocale GET parameter not being sanitized. ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:16 | 回复:0
  • CVE-2021-31835
    CVE-2021-31835
    Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via a specific parameter where the admi ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:15 | 阅读:9 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap