漏洞 - 第859页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-20020

A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-30480

Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-21199

Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML pag ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-21198

Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-21197

Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-21196

Heap buffer overflow in TabStrip in Google Chrome on Windows prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-21195

Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：5 | 回复：0
CVE漏洞

CVE-2021-21194

Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-25381

Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-25380

Improper handling of exceptional conditions in Bixby prior to version 3.0.53.02 allows attacker to execute the actions registered by the user.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-25379

Intent redirection vulnerability in Gallery prior to version 5.4.16.1 allows attacker to execute privileged action.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-25378

Improper access control of certain port in SmartThings prior to version 1.7.63.6 allows remote temporary denial of service.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-25377

Intent redirection in Samsung Experience Service versions 10.8.0.4 in Android P(9.0) below, and 12.2.0.5 in Android Q(10.0) above allows attacker to execute privileged action.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-25376

An improper synchronization logic in Samsung Email prior to version 6.1.41.0 can leak messages in certain mailbox in plain text when STARTTLS negotiation is failed.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-25375

Using predictable index for attachments in Samsung Email prior to version 6.1.41.0 allows remote attackers to get attachments of another emails when users open the malicious attachment.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-25374

An improper authorization vulnerability in Samsung Members samsungrewards scheme for deeplink in versions 2.4.83.9 in Android O(8.1) and below, and 3.9.00.9 in Android P(9.0) and above allows remote a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-25373

Using unsafe PendingIntent in Customization Service prior to version 2.2.02.1 in Android O(8.x), 2.4.03.0 in Android P(9.0), 2.7.02.1 in Android Q(10.0) and 2.9.01.1 in Android R(11.0) allows local at ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-25365

An improper exception control in softsimd prior to SMR APR-2021 Release 1 allows unprivileged applications to access the API in softsimd.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-25364

A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-25363

An improper access control in ActivityManagerService prior to SMR APR-2021 Release 1 allows untrusted applications to access running processesdelete some local files.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-25362

An improper permission management in CertInstaller prior to SMR APR-2021 Release 1 allows untrusted applications to delete certain local files.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-25361

An improper access control vulnerability in stickerCenter prior to SMR APR-2021 Release 1 allows local attackers to read or write arbitrary files of system process via untrusted applications.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-25360

An improper input validation vulnerability in libswmfextractor library prior to SMR APR-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-25359

An improper SELinux policy prior to SMR APR-2021 Release 1 allows local attackers to access AP information without proper permissions via untrusted applications.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-25358

A vulnerability that stores IMSI values in an improper path prior to SMR APR-2021 Release 1 allows local attackers to access IMSI values without any permission via untrusted applications.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-25357

A pendingIntent hijacking vulnerability in Create Movie prior to SMR APR-2021 Release 1 in Android O(8.x) and P(9.0), 3.4.81.1 in Android Q(10,0), and 3.6.80.7 in Android R(11.0) allows unprivileged a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-25356

An improper caller check vulnerability in Managed Provisioning prior to SMR APR-2021 Release 1 allows unprivileged application to install arbitrary application, grant device admin permission and then ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-21728

A ZTE product has a configuration error vulnerability. Because a certain port is open by default, an attacker can consume system processing resources by flushing a large number of packets to the port, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-21433

Discord Recon Server is a bot that allows you to do your reconnaissance process from your Discord. Remote code execution in version 0.0.1 would allow remote users to execute commands on the server res ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:32 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-21432

Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. An authentication mechanism added in version 0.7.0 enables some malicious user to obtain secrets ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-20080

Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persisten ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-20022

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-20021

A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：25 | 回复：0
CVE漏洞

CVE-2020-23763

SQL injection in admin.php in Online Book Store 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：15 | 回复：0
CVE漏洞

CVE-2020-23762

Cross Site Scripting (XSS) vulnerability in the Larsens Calender plugin Version = 1.2 for WordPress allows remote attackers to execute arbitrary web script via the titel column on the Eintrage hinzufu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：23 | 回复：0
CVE漏洞

CVE-2020-23761

Cross Site Scripting (XSS) vulnerability in subrion CMS Version = 4.2.1 allows remote attackers to execute arbitrary web script via the payment gateway column on transactions tab.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：23 | 回复：0
CVE漏洞

CVE-2020-13592

An exploitable SQL injection vulnerability exists in global_lists/choices page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：17 | 回复：0
CVE漏洞

CVE-2020-13591

An exploitable SQL injection vulnerability exists in the access_rules/rules_form page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An at ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：21 | 回复：0
CVE漏洞

CVE-2020-13587

An exploitable SQL injection vulnerability exists in the forms_fields_rules/rules page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：25 | 回复：0
CVE漏洞

CVE-2020-13534

A privilege escalation vulnerability exists in Dream Report 5 R20-2. COM Class Identifiers (CLSID), installed by Dream Report 5 20-2, reference LocalServer32 and InprocServer32 with weak privileges wh ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：11 | 回复：0