漏洞 - 第754页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-0520

In several functions of MemoryFileSystem.cpp and related files, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional executio ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-0517

In updateCapabilities of ConnectivityService.java, there is a possible incorrect network state determination due to a logic error in the code. This could lead to biasing of networking tasks to occur o ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-0516

In p2p_process_prov_disc_req of p2p_pd.c, there is a possible out of bounds read and write due to a use after free. This could lead to remote escalation of privilege with no additional execution privi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-0513

In deleteNotificationChannel and related functions of NotificationManagerService.java, there is a possible permission bypass due to improper state validation. This could lead to local escalation of pr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-0512

In __hidinput_change_resolution_multipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional e ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-0511

In Dex2oat of dex2oat.cc, there is a possible way to inject bytecode into an app due to improper input validation. This could lead to local escalation of privilege with no additional execution privile ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-0510

In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-0509

In various functions of CryptoPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. U ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-0508

In various functions of DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-0507

In handle_rc_metamsg_cmd of btif_rc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution priv ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-0506

In ActivityPicker.java, there is a possible bypass of user interaction in intent resolution due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution pri ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-0505

In the Settings app, there is a possible way to disable an always-on VPN due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges nee ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-0504

In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional exe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-0478

In updateDrawable of StatusBarIconView.java, there is a possible permission bypass due to an uncaught exception. This could lead to local escalation of privilege by running foreground services without ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-29060

A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Color-String version 1.5.5 and below which occurs when the application is provided and checks a crafted invalid HWB strin ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-29059

A vulnerability was discovered in IS-SVG version 2.1.0 to 4.2.2 and below where a Regular Expression Denial of Service (ReDOS) occurs if the application is provided and checks a crafted invalid SVG st ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-20249

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-20248

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：14 | 回复：0
CVE漏洞

CVE-2020-21130

Cross Site Scripting (XSS) vulnerability in HisiPHP 2.0.8 via the group name in addgroup.html.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：8 | 回复：0
CVE漏洞

CVE-2020-22390

Akaunting = 2.0.9 is vulnerable to CSV injection in the Item name field, export function. Attackers can inject arbitrary code into the name parameter and perform code execution when the crafted file i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：10 | 回复：0
CVE漏洞

CVE-2020-21517

Cross Site Scripting (XSS) vulnerability in MetInfo 7.0.0 via the gourl parameter in login.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：6 | 回复：0
CVE漏洞

CVE-2019-25047

Greenbone Security Assistant (GSA) before 8.0.2 and Greenbone OS (GOS) before 5.0.10 allow XSS during 404 URL handling in gsad.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：8 | 回复：0
CVE漏洞

CVE-2018-25016

Greenbone Security Assistant (GSA) before 7.0.3 and Greenbone OS (GOS) before 5.0.0 allow Host Header Injection.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：13 | 回复：0
CVE漏洞

CVE-2007-1857

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：8 | 回复：0
CVE漏洞

CVE-2006-1053

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：21 | 回复：0
CVE漏洞

CVE-2006-0849

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：14 | 回复：0
CVE漏洞

CVE-2006-0740

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：10 | 回复：0
CVE漏洞

CVE-2006-0017

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：13 | 回复：0
CVE漏洞

CVE-2006-0016

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-28833

Increments Qiita::Markdown before 0.34.0 allows XSS via a crafted gist link, a different vulnerability than CVE-2021-28796.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-28684

The XML parser used in ConeXware PowerArchiver before 20.10.02 allows processing of external entities, which might lead to exfiltration of local files over the network (via an XXE attack).……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：10 | 回复：0
CVE漏洞

CVE-2020-7031

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：12 | 回复：0
CVE漏洞

CVE-2019-7002

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-33572

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the FSAVD component used in certain F-Secure products can crash while scanning larger packages/fuzzed files. T ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-29337

MODAPI.sys in MSI Dragon Center 2.0.104.0 allows low-privileged users to access kernel memory and potentially escalate privileges via a crafted IOCTL 0x9c406104 call. This IOCTL provides the MmMapIoSp ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-31769

MyQ Server in MyQ X Smart before 8.2 allows remote code execution by unprivileged users because administrative session data can be read in the %PROGRAMFILES%\MyQ\PHP\Sessions directory. The Select ser ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：6 | 回复：0
CVE漏洞

CVE-2020-20474

White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the default_task_edituser.php files failing to filter the csa_to_user parameter. Remote attackers can exp ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：10 | 回复：0
CVE漏洞

CVE-2020-20473

White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the control_task.php, control_project.php, default_user.php files failing to filter the sort parameter. R ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：9 | 回复：0
CVE漏洞

CVE-2020-20472

White Shark System (WSS) 1.3.2 has a sensitive information disclosure vulnerability. The if_get_addbook.php file does not have an authentication operation. Remote attackers can obtain username informa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：11 | 回复：0
CVE漏洞

CVE-2020-20471

White Shark System (WSS) 1.3.2 has an unauthorized access vulnerability in default_user_edit.php, remote attackers can exploit this vulnerability to escalate to admin privileges.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:50 | 阅读：30 | 回复：0