• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    公众号

CVE漏洞

RSS
  • CVE-2022-20218
    CVE-2022-20218
    In PermissionController, there is a possible way to get and retain permissions without user's consent due to a logic error in the code. This could lead to local escalation of privilege with no add ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:1056 | 回复:0
  • CVE-2022-20219
    CVE-2022-20219
    In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code. This could lead t ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:688 | 回复:0
  • CVE-2022-20220
    CVE-2022-20220
    In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User i ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:975 | 回复:0
  • CVE-2022-20221
    CVE-2022-20221
    In avrc_ctrl_pars_vendor_cmd of avrc_pars_ct.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure over Bluetooth with no additi ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:1083 | 回复:0
  • CVE-2022-20222
    CVE-2022-20222
    In read_attr_value of gatt_db.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User i ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:696 | 回复:0
  • CVE-2022-20223
    CVE-2022-20223
    In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of p ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:701 | 回复:0
  • CVE-2022-20224
    CVE-2022-20224
    In AT_SKIP_REST of bta_hf_client_at.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure in the Bluetooth stack with no additio ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:613 | 回复:0
  • CVE-2022-20225
    CVE-2022-20225
    In getSubscriptionProperty of SubscriptionController.java, there is a possible read of a sensitive identifier due to a missing permission check. This could lead to local information disclosure with no ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:610 | 回复:0
  • CVE-2022-20226
    CVE-2022-20226
    In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation. This could lead to local escalation of privilege with User execution privileges ne ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:930 | 回复:0
  • CVE-2022-20227
    CVE-2022-20227
    In USB driver, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with User execution privileges needed. User interaction is not need ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:626 | 回复:0
  • CVE-2022-20228
    CVE-2022-20228
    In various functions of C2DmaBufAllocator.cpp, there is a possible memory corruption due to a use after free. This could lead to remote information disclosure with no additional execution privileges n ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:1085 | 回复:0
  • CVE-2022-20229
    CVE-2022-20229
    In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execut ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:873 | 回复:0
  • CVE-2022-20230
    CVE-2022-20230
    In choosePrivateKeyAlias of KeyChain.java, there is a possible access to the user's certificate due to improper input validation. This could lead to local information disclosure with no additional ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:709 | 回复:0
  • CVE-2022-20234
    CVE-2022-20234
    In Car Settings app, the NotificationAccessConfirmationActivity is exported. In NotificationAccessConfirmationActivity, it gets both 'mComponentName' and 'pkgTitle' from user.An unpriv ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:694 | 回复:0
  • CVE-2022-20236
    CVE-2022-20236
    A drm driver have oob problem, could cause the system crash or EOPProduct: AndroidVersions: Android SoCAndroid ID: A-233124709……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:682 | 回复:0
  • CVE-2022-20238
    CVE-2022-20238
    'remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma-vm_page_prot' can also be controlled by userspace, so userspace ma ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:790 | 回复:0
  • CVE-2022-22982
    CVE-2022-22982
    The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request out ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:1060 | 回复:0
  • CVE-2022-2380
    CVE-2022-2380
    The Linux kernel was found vulnerable out of bounds memory access in the drivers/video/fbdev/sm712fb.c:smtcfb_read() function. The vulnerability could result in local attackers being able to crash the ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:900 | 回复:0
  • CVE-2020-21967
    CVE-2020-21967
    File upload vulnerability in the Catalog feature in Prestashop 1.7.6.7 allows remote attackers to run arbitrary code via the add new file page.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:1022 | 回复:0
  • CVE-2022-32308
    CVE-2022-32308
    Cross Site Scripting (XSS) vulnerability in uBlock Origin extension before 1.41.1 allows remote attackers to run arbitrary code via a spoofed 'MessageSender.url' to the browser renderer proces ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:937 | 回复:0
  • CVE-2022-31145
    CVE-2022-31145
    FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. In versions 1.1.30 and prior, authenticated users using an external identity provider ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:633 | 回复:0
  • CVE-2022-32114
    CVE-2022-32114
    An unrestricted file upload vulnerability in the Add New Assets function of Strapi v4.1.12 allows attackers to execute arbitrary code via a crafted file.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:829 | 回复:0
  • CVE-2022-32117
    CVE-2022-32117
    Jerryscript v2.4.0 was discovered to contain a stack buffer overflow via the function jerryx_print_unhandled_exception in /util/print.c.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:752 | 回复:0
  • CVE-2022-34753
    CVE-2022-34753
    A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote root exploit when the command is compromised. ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:927 | 回复:0
  • CVE-2022-34754
    CVE-2022-34754
    A CWE-269: Improper Privilege Management vulnerability exists that could allow elevated functionality when guessing credentials. Affected Products: Acti9 PowerTag Link C (A9XELC10-A) (V1.7.5 and prior ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:1467 | 回复:0
  • CVE-2022-34756
    CVE-2022-34756
    A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution or the crash of HTTPs stack which is used for the device Web HMI. Affected Product ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:1569 | 回复:0
  • CVE-2022-34757
    CVE-2022-34757
    A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allo ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:1040 | 回复:0
  • CVE-2022-34758
    CVE-2022-34758
    A CWE-20: Improper Input Validation vulnerability exists that could cause the device watchdog function to be disabled if the attacker had access to privileged user credentials. Affected Products: Ease ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:536 | 回复:0
  • CVE-2022-34759
    CVE-2022-34759
    A CWE-787: Out-of-bounds Write vulnerability exists that could cause a denial of service of the webserver due to improper parsing of the HTTP Headers. Affected Products: X80 advanced RTU Communication ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:494 | 回复:0
  • CVE-2022-34760
    CVE-2022-34760
    A CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability exists that could cause a denial of service of the webserver due to improper handling of the cookies. Affected P ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:974 | 回复:0
  • CVE-2022-34761
    CVE-2022-34761
    A CWE-476: NULL Pointer Dereference vulnerability exists that could cause a denial of service of the webserver when parsing JSON content type. Affected Products: X80 advanced RTU Communication Module ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:564 | 回复:0
  • CVE-2022-34762
    CVE-2022-34762
    A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized firmware image loading when unsigned images are adde ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:917 | 回复:0
  • CVE-2022-34763
    CVE-2022-34763
    A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists that could cause loading of unauthorized firmware images due to improper verification of the firmware signature. Affected ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:528 | 回复:0
  • CVE-2022-34764
    CVE-2022-34764
    A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service when parsing the URL. Affected Products: X80 advanced RTU Com ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:553 | 回复:0
  • CVE-2022-34765
    CVE-2022-34765
    A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of unauthorized firmware images when user-controlled data is written to the file path. Affected Products: ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:2477 | 回复:0
  • CVE-2022-35857
    CVE-2022-35857
    kvf-admin through 2022-02-12 allows remote attackers to execute arbitrary code because deserialization is mishandled. The rememberMe parameter is encrypted with a hardcoded key from the com.kalvin.kvf ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:624 | 回复:0
  • CVE-2017-20129
    CVE-2017-20129
    A vulnerability was found in LogoStore. It has been classified as critical. Affected is an unknown function of the file /LogoStore/search.php. The manipulation of the argument query with the input tes ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:1144 | 回复:0
  • CVE-2022-25800
    CVE-2022-25800
    Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via the whois lookup tool.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:685 | 回复:0
  • CVE-2022-25801
    CVE-2022-25801
    Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via Scripted Action tools.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:665 | 回复:0
  • CVE-2022-25802
    CVE-2022-25802
    Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:15 | 阅读:1186 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
专题导读
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap