漏洞 - 第89页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-39748

In InputMethodEditor, there is a possible way to access some files accessible to Settings due to an unsafe PendingIntent. This could lead to local information disclosure with no additional execution p ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-39747

In Settings Provider, there is a possible way to list values of non-readable global settings due to a permissions bypass. This could lead to local information disclosure with no additional execution p ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-39746

In PermissionController, there is a possible way to delete some local files due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-39745

In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information di ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-39744

In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information di ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：41 | 回复：0
CVE漏洞

CVE-2021-39743

In PackageManager, there is a possible way to update the last usage time of another package due to a missing permission check. This could lead to local escalation of privilege with no additional execu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：45 | 回复：0
CVE漏洞

CVE-2021-39742

In Voicemail, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges need ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-39741

In Keymaster, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not n ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-39740

In Messaging, there is a possible way to bypass attachment restrictions due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：45 | 回复：0
CVE漏洞

CVE-2021-39739

In ArrayMap, there is a possible leak of the content of SMS messages due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-23851

A specially crafted TCP/IP packet may cause the camera recovery image web interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-23850

A specially crafted TCP/IP packet may cause a camera recovery image telnet interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-1033

In createGeneralSlice of ConnectedDevicesSliceProvider.java.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：43 | 回复：0
CVE漏洞

CVE-2021-1000

In createBluetoothDeviceSlice of ConnectedDevicesSliceProvider.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with no addi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：44 | 回复：0
CVE漏洞

CVE-2020-35501

A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：44 | 回复：0
CVE漏洞

CVE-2022-25620

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Group Functionality of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause execute arbitr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：50 | 回复：0
CVE漏洞

CVE-2022-25619

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in ping tool of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause run arbitr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：61 | 回复：0
CVE漏洞

CVE-2022-1155

Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：72 | 回复：0
CVE漏洞

CVE-2022-24131

DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in the background, which will lead to JavaScript code execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：68 | 回复：0
CVE漏洞

CVE-2022-1181

Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：55 | 回复：0
CVE漏洞

CVE-2022-1180

Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：49 | 回复：0
CVE漏洞

CVE-2022-1179

Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：52 | 回复：0
CVE漏洞

CVE-2022-1178

Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：56 | 回复：0
CVE漏洞

CVE-2022-1154

Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：58 | 回复：0
CVE漏洞

CVE-2022-23869

In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：93 | 回复：0
CVE漏洞

CVE-2022-23868

RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：114 | 回复：0
CVE漏洞

CVE-2022-1177

Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：216 | 回复：0
CVE漏洞

CVE-2022-25598

Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：73 | 回复：0
CVE漏洞

CVE-2022-1172

Null Pointer Dereference Caused Segmentation Fault in GitHub repository gpac/gpac prior to 2.1.0-DEV.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：54 | 回复：0
CVE漏洞

CVE-2022-28209

An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is incorrect.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：51 | 回复：0
CVE漏洞

CVE-2022-28206

An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：65 | 回复：0
CVE漏洞

CVE-2022-28205

An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：71 | 回复：0
CVE漏洞

CVE-2022-1163

Cross-site Scripting (XSS) - Stored in GitHub repository mineweb/minewebcms prior to next.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：50 | 回复：0
CVE漏洞

CVE-2022-28202

An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：64 | 回复：0
CVE漏洞

CVE-2022-27816

SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：60 | 回复：0
CVE漏洞

CVE-2022-24693

Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that are easily discovered, and can be used by remote attackers to authenticate via ssh. (The cre ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：66 | 回复：0
CVE漏洞

CVE-2020-24771

Incorrect access control in NexusPHP 1.5.beta5.20120707 allows unauthorized attackers to access published content.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：66 | 回复：0
CVE漏洞

CVE-2020-24770

SQL injection vulnerability in modrules.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：53 | 回复：0
CVE漏洞

CVE-2020-24769

SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the classes parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：59 | 回复：0
CVE漏洞

CVE-2022-27815

SWHKD 1.1.5 unsafely uses the /tmp/swhkd.pid pathname. There can be an information leak or denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：51 | 回复：0