CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-30318

Improper validation of input when provisioning the HDCP key can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industria ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：11 | 回复：0
CVE-2021-30322

Possible out of bounds write due to improper validation of number of GPIOs configured in an internal parameters array in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consum ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：12 | 回复：0
CVE-2021-30323

Improper validation of maximum size of data write to EFS file can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobil ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：13 | 回复：0
CVE-2021-30324

Possible out of bound write due to lack of boundary check for the maximum size of buffer when sending a DCI packet to remote process in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Sn ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：13 | 回复：0
CVE-2021-30325

Possible out of bound access of DCI resources due to lack of validation process and resource allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snap ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：15 | 回复：0
CVE-2021-30326

Possible assertion due to improper size validation while processing the DownlinkPreemption IE in an RRC Reconfiguration/RRC Setup message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivit ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：17 | 回复：0
CVE-2021-35068

Lack of null check while freeing the device information buffer in the Bluetooth HFP protocol can lead to a NULL pointer dereference in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Sna ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：17 | 回复：0
CVE-2021-35069

Improper validation of data length received from DMA buffer can lead to memory corruption. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industri ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：20 | 回复：0
CVE-2021-35074

Possible integer overflow due to improper fragment datatype while calculating number of fragments in a request message in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdrago ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：22 | 回复：0
CVE-2021-35075

Possible null pointer dereference due to lack of WDOG structure validation during registration in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：20 | 回复：0
CVE-2021-35077

Possible use after free scenario in compute offloads to DSP while multiple calls spawn a dynamic process in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Sna ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：19 | 回复：0
CVE-2021-44521

When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is poss ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：23 | 回复：0
CVE-2021-46355

OCS Inventory 2.9.1 is affected by Cross Site Scripting (XSS). To exploit the vulnerability, the attacker needs to manipulate the name of some device on your computer, such as a printer, replacing the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：24 | 回复：0
CVE-2022-0560

Open Redirect in Packagist microweber/microweber prior to 1.2.11.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：24 | 回复：0
CVE-2022-24112

An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX (with default API key) is vulnerable to remote code ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：25 | 回复：0
CVE-2022-24289

Hessian serialization is a network protocol that supports object-based transmission. Apache Cayenne's optional Remote Object Persistence (ROP) feature is a web services-based technology that provi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：28 | 回复：0
CVE-2021-38679

An improper authentication vulnerability has been reported to affect QNAP NAS running Kazoo Server. If exploited, this vulnerability allows attackers to compromise the security of the system. We have ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：34 | 回复：0
CVE-2021-45402

The check_alu_op() function in kernel/bpf/verifier.c in the Linux kernel through v5.16-rc5 did not properly update bounds while handling the mov32 instruction, which allows local users to obtain poten ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：47 | 回复：0
CVE-2020-13668

Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：32 | 回复：0
CVE-2020-13669

Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core allows attacker to inject XSS. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10.; 8.9.x versions prior to 8.9.6; 9.0.x ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：29 | 回复：0
CVE-2020-13670

Information Disclosure vulnerability in file module of Drupal Core allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：29 | 回复：0
CVE-2020-13672

Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. This issue affects: Drupal Core 9.1.x versions ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：26 | 回复：0
CVE-2020-13673

The Entity Embed module provides a filter to allow embedding entities in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is acc ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：24 | 回复：0
CVE-2020-13674

The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. Sites are only affec ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：24 | 回复：0
CVE-2020-13675

Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker m ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：23 | 回复：0
CVE-2020-13676

The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are only affected if the QuickEdit module (which comes ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：28 | 回复：0
CVE-2020-13677

Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. Sites that do not have the JSON:API module ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：24 | 回复：0
CVE-2020-36062

Dairy Farm Shop Management System v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：26 | 回复：0
CVE-2021-42940

A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php, which allows an attacker to upload a SVG file containing malicious JavaScript code.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：29 | 回复：0
CVE-2021-45385

A Null Pointer Dereference vulnerability exits in ffjpeg d5cfd49 (2021-12-06) in bmp_load(). When the size information in metadata of the bmp is out of range, it returns without assign memory buffer t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：42 | 回复：0
CVE-2021-23597

This affects the package fastify-multipart before 5.3.1. By providing a name=constructor property it is still possible to crash the application. **Note:** This is a bypass of CVE-2020-8136 (https://se ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：52 | 回复：0
CVE-2021-45386

tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：36 | 回复：0
CVE-2021-45387

tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：38 | 回复：0
CVE-2020-14521

Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, mo ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：39 | 回复：0
CVE-2020-14523

Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：26 | 回复：0
CVE-2021-0524

In isServiceDistractionOptimized of CarPackageManagerService.java, there is a possible disclosure of installed packages due to side channel information disclosure. This could lead to local information ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：18 | 回复：0
CVE-2021-22748

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow a remote code execution when a file is saved. Affected Product: C ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：20 | 回复：0
CVE-2021-22785

A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server o ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：19 | 回复：0
CVE-2021-22787

A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affec ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：22 | 回复：0
CVE-2021-22788

A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modico ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：23 | 回复：0