CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-20167

Product: AndroidVersions: Android kernelAndroid ID: A-204956204References: N/A……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：41 | 回复：0
CVE-2022-20168

Product: AndroidVersions: Android kernelAndroid ID: A-210594998References: N/A……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：70 | 回复：0
CVE-2022-20169

Product: AndroidVersions: Android kernelAndroid ID: A-211162353References: N/A……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：42 | 回复：0
CVE-2022-20170

Product: AndroidVersions: Android kernelAndroid ID: A-209421931References: N/A……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：37 | 回复：0
CVE-2022-20171

Product: AndroidVersions: Android kernelAndroid ID: A-215565667References: N/A……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：33 | 回复：0
CVE-2022-20172

In onbind of ShannonRcsService.java, there is a possible access to protect data due to a missing permission check. This could lead to local information disclosure with no additional execution privileg ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：21 | 回复：0
CVE-2022-20173

Product: AndroidVersions: Android kernelAndroid ID: A-207116951References: N/A……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：26 | 回复：0
CVE-2022-20174

In exynos_secEnv_init of mach-gs101.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：31 | 回复：0
CVE-2022-20175

Product: AndroidVersions: Android kernelAndroid ID: A-209252491References: N/A……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：22 | 回复：0
CVE-2022-20176

In auth_store of sjtag-driver.c, there is a possible read of uninitialized memory due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：21 | 回复：0
CVE-2022-20177

Product: AndroidVersions: Android kernelAndroid ID: A-209906686References: N/A……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：21 | 回复：0
CVE-2022-20178

In ioctl_dpm_qos_update and ioctl_event_control_set of (TBD), there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：20 | 回复：0
CVE-2022-20179

Product: AndroidVersions: Android kernelAndroid ID: A-211683760References: N/A……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：17 | 回复：0
CVE-2022-20181

Product: AndroidVersions: Android kernelAndroid ID: A-210936609References: N/A……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：18 | 回复：0
CVE-2022-20182

In handle_ramdump of pixel_loader.c, there is a possible way to create a ramdump of non-secure memory due to a missing permission check. This could lead to local information disclosure with System exe ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：17 | 回复：0
CVE-2022-20183

In hypx_create_blob_dmabuf of faceauth_hypx.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：16 | 回复：0
CVE-2022-20184

Product: AndroidVersions: Android kernelAndroid ID: A-209153114References: N/A……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：13 | 回复：0
CVE-2022-20185

In TBD of TBD, there is a possible use after free bug. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：15 | 回复：0
CVE-2022-30917

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the AddWlanMacList parameter at /goform/aspForm.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：13 | 回复：0
CVE-2022-30918

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTelnet parameter at /goform/aspForm.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：16 | 回复：0
CVE-2022-30919

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Edit_BasicSSID_5G parameter at /goform/aspForm.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：14 | 回复：0
CVE-2022-30920

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Edit_BasicSSID parameter at /goform/aspForm.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：17 | 回复：0
CVE-2022-30921

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the SetMobileAPInfoById parameter at /goform/aspForm.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：15 | 回复：0
CVE-2022-30922

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the EditWlanMacList parameter at /goform/aspForm.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：14 | 回复：0
CVE-2022-30923

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTimingtimeWifiAndLed parameter at /goform/aspForm.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：14 | 回复：0
CVE-2022-30924

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the SetAPWifiorLedInfoById parameter at /goform/aspForm.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：15 | 回复：0
CVE-2022-30925

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the AddMacList parameter at /goform/aspForm.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：13 | 回复：0
CVE-2022-30926

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the EditMacList parameter at /goform/aspForm.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：14 | 回复：0
CVE-2020-14125

A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by out-of-bound read/write and can be exploited by attackers to make denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：13 | 回复：0
CVE-2021-36710

ToaruOS 1.99.2 is affected by incorrect access control via the kernel. Improper MMU management and having a low GDT address allows it to be mapped in userland. A call gate can then be written to escal ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：15 | 回复：0
CVE-2022-24296

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. 3.21 and prior, Air Conditioning System AG-150A-A Ver. 3.21 and prior, Air Conditioning System AG ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：14 | 回复：0
CVE-2022-28382

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to the use of an insecure encryption AES mode (Electronic Codebook, aka ECB), an attacker may be able to extract information ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：16 | 回复：0
CVE-2022-28383

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to insufficient firmware validation, an attacker can store malicious firmware code for the USB-to-SATA bridge controller on t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：13 | 回复：0
CVE-2022-28384

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they allow an offline brute-force attack for determining the correct passcode, and thus gaining unauth ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：11 | 回复：0
CVE-2022-28385

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to missing integrity checks, an attacker can manipulate the content of the emulated CD-ROM drive (containing the Windows and ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：12 | 回复：0
CVE-2022-28387

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they can be unlocked by an attacker who can then gain unauthorized access to the stored data. The atta ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：10 | 回复：0
CVE-2022-30899

A Cross Site Scripting vulnerabilty exists in PartKeepr 1.4.0 via the 'name' field in /api/part_categories.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：17 | 回复：0
CVE-2022-31325

There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the 'PersonID' field in /churchcrm/WhyCameEditor.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：17 | 回复：0
CVE-2022-32273

As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core (MDCore) before 5.1.2 could allow an authenticated user to enumerate filenames on the server.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：17 | 回复：0
CVE-2022-28386

An issue was discovered in certain Verbatim drives through 2022-03-31. The security feature for lockout (e.g., requiring a reformat of the drive after 20 failed unlock attempts) does not work as speci ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：13 | 回复：0