CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-22796

A CWE-287: Improper Authentication vulnerability exists that could allow remote code execution when a malicious file is uploaded. Affected Product: C-Bus Toolkit (V1.15.9 and prior), C-Gate Server (V2 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：18 | 回复：0
CVE-2021-22798

A CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause Sensitive data such as login credentials being exposed when a Network is sniffed. Affected Product: Conext? ComBox ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：15 | 回复：0
CVE-2021-22800

A CWE-20: Improper Input Validation vulnerability exists that could cause a Denial of Service when a crafted packet is sent to the controller over network port 1105/TCP. Affected Product: Modicon M218 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：18 | 回复：0
CVE-2021-22801

A CWE-269: Improper Privilege Management vulnerability exists that could cause an arbitrary command execution when the software is configured with specially crafted event actions. Affected Product: Co ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：16 | 回复：0
CVE-2021-22802

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is r ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：15 | 回复：0
CVE-2021-22803

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：13 | 回复：0
CVE-2021-22804

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS, due to mis ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：13 | 回复：0
CVE-2021-22805

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network m ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：10 | 回复：0
CVE-2021-22806

A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could cause data exfiltration and unauthorized access when accessing a malicious website. Affected Product: spaceLYnk ( ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：9 | 回复：0
CVE-2021-22823

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network m ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：9 | 回复：0
CVE-2021-22824

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：9 | 回复：0
CVE-2021-31932

Nokia BTS TRS web console FTM_W20_FP2_2019.08.16_0010 allows Authentication Bypass. A malicious unauthenticated user can get access to all the functionalities exposed via the web panel, circumventing ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：9 | 回复：0
CVE-2021-34235

Tokheim Profleet DiaLOG 11.005.02 is affected by SQL Injection. The component is the Field__UserLogin parameter on the logon page.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：9 | 回复：0
CVE-2021-39616

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-204686438……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：10 | 回复：0
CVE-2021-39619

In updatePackageMappingsData of UsageStatsService.java, there is a possible way to bypass security and privacy settings of app usage due to an unusual root cause. This could lead to local escalation o ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：12 | 回复：0
CVE-2021-39631

In clear_data_dlg_text of strings.xml, there is a possible situation when Clear storage functionality sets up the wrong security/privacy expectations due to a misleading message. This could lead to lo ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：9 | 回复：0
CVE-2021-39635

ims_ex is a vendor system service used to manage VoLTE in unisoc devices?But it does not verify the caller's permissions?so that normal apps (No phone permissions) can obtain some VoLTE sensitive ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：9 | 回复：0
CVE-2021-39658

ismsEx service is a vendor service in unisoc equipment?ismsEx service is an extension of sms system service?but it does not check the permissions of the caller?resulting in permission leaks?Third-part ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：9 | 回复：0
CVE-2021-39662

In checkUriPermission of MediaProvider.java , there is a possible way to gain access to the content of media provider collections due to a missing permission check. This could lead to local escalation ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：8 | 回复：0
CVE-2021-39663

In openFileAndEnforcePathPermissionsHelper of MediaProvider.java, there is a possible bypass of a permissions check due to a confused deputy. This could lead to local escalation of privilege with User ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：8 | 回复：0
CVE-2021-39664

In LoadedPackage::Load of LoadedArsc.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure when parsing an APK file with no additio ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：8 | 回复：0
CVE-2021-39665

In checkSpsUpdated of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：8 | 回复：0
CVE-2021-39666

In extract of MediaMetricsItem.h, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges neede ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：8 | 回复：0
CVE-2021-39668

In onActivityViewReady of DetailDialog.kt, there is a possible Intent Redirect due to a confused deputy. This could lead to local escalation of privilege that allows actions performed as the System UI ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：8 | 回复：0
CVE-2021-39669

In onCreate of InstallCaCertificateWarning.java, there is a possible way to mislead an user about CA installation circumstances due to a tapjacking/overlay attack. This could lead to local escalation ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：8 | 回复：0
CVE-2021-39671

In code generated by aidl_const_expressions.cpp, there is a possible out of bounds read due to uninitialized data. This could lead to information disclosure with no additional execution privileges nee ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：8 | 回复：0
CVE-2021-39672

In fastboot, there is a possible secure boot bypass due to a configuration error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is n ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：8 | 回复：0
CVE-2021-39674

In btm_sec_connected and btm_sec_disconnected of btm_sec.cc file , there is a possible use after free. This could lead to local escalation of privilege with User execution privileges needed. User inte ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：8 | 回复：0
CVE-2021-39675

In GKI_getbuf of gki_buffer.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：8 | 回复：0
CVE-2021-39676

In writeThrowable of AndroidFuture.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no ad ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：8 | 回复：0
CVE-2021-39677

In startVideoStream() there is a possibility of an OOB Read in the heap, when the camera buffer is ‘zero’ in size.Product: AndroidVersions: Android-11Android ID: A-205097028……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：8 | 回复：0
CVE-2021-39687

In HandleTransactionIoEvent of actuator_driver.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution pr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：8 | 回复：0
CVE-2021-39688

In TBD of TBD, there is a possible out of bounds read due to TBD. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exp ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：8 | 回复：0
CVE-2021-44111

A Directory Traversal vulnerability exists in S-Cart 6.7 via download in sc-admin/backup.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：9 | 回复：0
CVE-2021-4035

A stored cross site scripting have been identified at the comments in the report creation due to an obsolote version of tinymce editor. In order to exploit this vulnerability, the attackers needs an a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：9 | 回复：0
CVE-2021-4046

The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an attacker to perform persistent XSS attacks. This vulnerability could be used to carry out a number of browser-based attacks including ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：9 | 回复：0
CVE-2022-0185

A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivile ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：9 | 回复：0
CVE-2022-0382

An information leak flaw was found due to uninitialized memory in the Linux kernel's TIPC protocol subsystem, in the way a user sends a TIPC datagram to one or more destinations. This flaw allows ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：9 | 回复：0
CVE-2022-0483

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis VSS Doctor (Windows) before build 53……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：9 | 回复：0
CVE-2022-0561

Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF fi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：9 | 回复：0