CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-0562

Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：9 | 回复：0
CVE-2022-22291

Logging of excessive data vulnerability in telephony prior to SMR Feb-2022 Release 1 allows privileged attackers to get Cell Location Information through log of user device.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：9 | 回复：0
CVE-2022-22292

Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release 1 allows untrusted applications to launch arbitrary activity.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：10 | 回复：0
CVE-2022-23425

Improper input validation in Exynos baseband prior to SMR Feb-2022 Release 1 allows attackers to send arbitrary NAS signaling messages with fake base station.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：10 | 回复：0
CVE-2022-23426

A vulnerability using PendingIntent in DeX Home and DeX for PC prior to SMR Feb-2022 Release 1 allows attackers to access files with system privilege.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：10 | 回复：0
CVE-2022-23427

PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission via implicit Intent.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：9 | 回复：0
CVE-2022-23428

An improper boundary check in eden_runtime hal service prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：11 | 回复：0
CVE-2022-23429

An improper boundary check in audio hal service prior to SMR Feb-2022 Release 1 allows attackers to read invalid memory and it leads to application crash.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：11 | 回复：0
CVE-2022-23431

An improper boundary check in RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：11 | 回复：0
CVE-2022-23432

An improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：11 | 回复：0
CVE-2022-23433

Improper access control vulnerability in Reminder prior to versions 12.3.01.3000 in Android S(12), 12.2.05.6000 in Android R(11) and 11.6.08.6000 in Andoid Q(10) allows attackers to register reminders ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：11 | 回复：0
CVE-2022-23434

A vulnerability using PendingIntent in Bixby Vision prior to versions 3.7.60.8 in Android S(12), 3.7.50.6 in Andorid R(11) and below allows attackers to execute privileged action by hijacking and modi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：10 | 回复：0
CVE-2022-23707

An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index patter ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：10 | 回复：0
CVE-2022-23853

The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server binary when opening a file of a given type. If this binary ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：14 | 回复：0
CVE-2022-23994

An Improper access control vulnerability in StBedtimeModeReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permiss ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：15 | 回复：0
CVE-2022-23995

Unprotected component vulnerability in StBedtimeModeAlarmReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permiss ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：28 | 回复：0
CVE-2022-23996

Unprotected component vulnerability in StTheaterModeReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to enable bedtime mode without a proper permission.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：31 | 回复：0
CVE-2022-23997

Unprotected component vulnerability in StTheaterModeDurationAlarmReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to disable theater mode without a prope ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：28 | 回复：0
CVE-2022-23998

Improper access control vulnerability in Camera prior to versions 11.1.02.16 in Android R(11), 10.5.03.77 in Android Q(10) and 9.0.6.68 in Android P(9) allows untrusted applications to take a picture ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：22 | 回复：0
CVE-2022-23999

PendingIntent hijacking vulnerability in CpaReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：13 | 回复：0
CVE-2022-24000

PendingIntent hijacking vulnerability in DataUsageReminderReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via impl ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：10 | 回复：0
CVE-2022-24001

Information disclosure vulnerability in Edge Panel prior to Android S(12) allows physical attackers to access screenshot in clipboard via Edge Panel.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：9 | 回复：0
CVE-2022-24002

Improper Authorization vulnerability in Link Sharing prior to version 12.4.00.3 allows attackers to open protected activity via PreconditionActivity.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：10 | 回复：0
CVE-2022-24003

Exposure of Sensitive Information vulnerability in Bixby Vision prior to version 3.7.50.6 allows attackers to access internal data of Bixby Vision via unprotected intent.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：10 | 回复：0
CVE-2022-24923

Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：8 | 回复：0
CVE-2022-24924

An improper access control in LiveWallpaperService prior to versions 3.0.9.0 allows to create a specific named system directory without a proper permission.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：9 | 回复：0
CVE-2022-24925

Improper input validation vulnerability in SettingsProvider prior to Android S(12) allows privileged attackers to trigger a permanent denial of service attack on a victim's devices.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：9 | 回复：0
CVE-2022-24926

Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.15-6 allows privileged attackers to trigger a XSS on a victim's devices.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：11 | 回复：0
CVE-2022-24927

Improper privilege management vulnerability in Samsung Video Player prior to version 7.3.15.30 allows attackers to execute video files without permission.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：12 | 回复：0
CVE-2020-26728

A vulnerability was discovered in Tenda AC9 v3.0 V15.03.06.42_multi and Tenda AC9 V1.0 V15.03.05.19(6318)_CN which allows for remote code execution via shell metacharacters in the guestuser field to t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：12 | 回复：0
CVE-2022-22766

Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：14 | 回复：0
CVE-2021-20001

It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which cou ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：14 | 回复：0
CVE-2021-23555

The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arb ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：14 | 回复：0
CVE-2022-24975

The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the GitBleed issue. This could present a security risk if information-disclosure auditing pr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：14 | 回复：0
CVE-2021-46361

An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass security restrictions and execute arbitrary code via a crafted FreeMarker payload.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：23 | 回复：0
CVE-2021-46362

A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload ent ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：36 | 回复：0
CVE-2021-46363

An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS files. These formulas may result in arbitrary code execution on a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：45 | 回复：0
CVE-2021-46364

A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and below allows attackers to execute arbitrary code via a crafted YAML file.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：29 | 回复：0
CVE-2021-46365

An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML External Entity attacks via a crafted XLF file.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：42 | 回复：0
CVE-2021-46366

An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:29 | 阅读：35 | 回复：0