• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    公众号
登陆 注册
OStack程序员社区-中国程序员成长平台 门户 漏洞

漏洞

RSS

下级分类:

  • CVE-2021-0439
    CVE漏洞
    CVE-2021-0439
    In setPowerModeWithHandle of com_android_server_power_PowerManagerService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege w ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:32 | 阅读:18 | 回复:0
  • CVE-2021-0438
    CVE漏洞
    CVE-2021-0438
    In several functions of InputDispatcher.cpp, WindowManagerService.java, and related files, there is a possible tapjacking attack due to an incorrect FLAG_OBSCURED value. This could lead to local escal ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:32 | 阅读:17 | 回复:0
  • CVE-2021-0437
    CVE漏洞
    CVE-2021-0437
    In setPlayPolicy of DrmPlugin.cpp, there is a possible double free. This could lead to local escalation of privilege in a privileged process with no additional execution privileges needed. User intera ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:32 | 阅读:12 | 回复:0
  • CVE-2021-0436
    CVE漏洞
    CVE-2021-0436
    In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds read due to integer overflow. This could lead to local information disclosure with no additional execution privileges ne ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:32 | 阅读:10 | 回复:0
  • CVE-2021-0435
    CVE漏洞
    CVE-2021-0435
    In avrc_proc_vendor_command of avrc_api.cc, there is a possible leak of heap data due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges ne ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:32 | 阅读:12 | 回复:0
  • CVE-2021-0433
    CVE漏洞
    CVE-2021-0433
    In onCreate of DeviceChooserActivity.java, there is a possible way to bypass user consent when pairing a Bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of pri ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:32 | 阅读:41 | 回复:0
  • CVE-2021-0432
    CVE漏洞
    CVE-2021-0432
    In ClearPullerCacheIfNecessary and ForceClearPullerCache of StatsPullerManager.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:32 | 阅读:17 | 回复:0
  • CVE-2021-0431
    CVE漏洞
    CVE-2021-0431
    In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a paired device with no additional execution ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:32 | 阅读:25 | 回复:0
  • CVE-2021-0430
    CVE漏洞
    CVE-2021-0430
    In rw_mfc_handle_read_op of rw_mfc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution via a malicious NFC packet with no additional exe ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:32 | 阅读:21 | 回复:0
  • CVE-2021-0429
    CVE漏洞
    CVE-2021-0429
    In pollOnce of ALooper.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interacti ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:32 | 阅读:17 | 回复:0
  • CVE-2021-0428
    CVE漏洞
    CVE-2021-0428
    In getSimSerialNumber of TelephonyManager.java, there is a possible way to read a trackable identifier due to a missing permission check. This could lead to local information disclosure with User exec ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:32 | 阅读:22 | 回复:0
  • CVE-2021-0427
    CVE漏洞
    CVE-2021-0427
    In parseExclusiveStateAnnotation of LogEvent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution p ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:32 | 阅读:13 | 回复:0
  • CVE-2021-0426
    CVE漏洞
    CVE-2021-0426
    In parsePrimaryFieldFirstUidAnnotation of LogEvent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execu ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:32 | 阅读:25 | 回复:0
  • CVE-2021-0400
    CVE漏洞
    CVE-2021-0400
    In injectBestLocation and handleUpdateLocation of GnssLocationProvider.java, there is a possible incorrect reporting of location data to emergency services due to improper input validation. This could ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:32 | 阅读:21 | 回复:0
  • CVE-2020-28590
    CVE漏洞
    CVE-2020-28590
    An out-of-bounds read vulnerability exists in the Obj File TriangleMesh::TriangleMesh() functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted obj file could lead to i ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:32 | 阅读:16 | 回复:0
  • CVE-2021-29999
    CVE漏洞
    CVE-2021-29999
    An issue was discovered in Wind River VxWorks through 6.8. There is a possible stack overflow in dhcp server.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:32 | 阅读:5 | 回复:0
  • CVE-2021-29998
    CVE漏洞
    CVE-2021-29998
    An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:32 | 阅读:15 | 回复:0
  • CVE-2021-29997
    CVE漏洞
    CVE-2021-29997
    An issue was discovered in Wind River VxWorks 7 before 21.03. A specially crafted packet may lead to buffer over-read on IKE.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:32 | 阅读:9 | 回复:0
  • CVE-2021-28973
    CVE漏洞
    CVE-2021-28973
    The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE at ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:32 | 阅读:9 | 回复:0
  • CVE-2021-21731
    CVE漏洞
    CVE-2021-21731
    A CSRF vulnerability exists in the management page of a ZTE product.The vulnerability is caused because the management page does not fully verify whether the request comes from a trusted user. The att ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:32 | 阅读:8 | 回复:0
  • CVE-2021-21730
    CVE漏洞
    CVE-2021-21730
    A ZTE product is impacted by improper access control vulnerability. The attacker could exploit this vulnerability to access CLI by brute force attacks.This affects: ZXHN H168N V3.5.0_TY.T6……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:32 | 阅读:22 | 回复:0
  • CVE-2021-21729
    CVE漏洞
    CVE-2021-21729
    Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification, attackers could perform illegal authorization operations by constructing messages.This affects: ZXHN ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:32 | 阅读:5 | 回复:0
  • CVE-2020-27236
    CVE漏洞
    CVE-2020-27236
    An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the compnomenclature parameter. An attacker can make an authenticated HTTP request to trigger th ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:32 | 阅读:23 | 回复:0
  • CVE-2020-27235
    CVE漏洞
    CVE-2020-27235
    An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the description parameter. An attacker can make an authenticated HTTP request to trigger this vu ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:32 | 阅读:24 | 回复:0
  • CVE-2020-27234
    CVE漏洞
    CVE-2020-27234
    An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the serviceUID parameter. An attacker can make an authenticated HTTP request to trigger this vul ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:32 | 阅读:11 | 回复:0
  • CVE-2020-27233
    CVE漏洞
    CVE-2020-27233
    An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the supplierUID parameter. An attacker can make an authenticated HTTP request to trigger this vu ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:32 | 阅读:12 | 回复:0
  • CVE-2020-27228
    CVE漏洞
    CVE-2020-27228
    An incorrect default permissions vulnerability exists in the installation functionality of OpenClinic GA 5.173.3. Overwriting the binary can result in privilege escalation. An attacker can replace a f ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:32 | 阅读:14 | 回复:0
  • CVE-2020-27227
    CVE漏洞
    CVE-2020-27227
    An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:32 | 阅读:10 | 回复:0
  • CVE-2020-13568
    CVE漏洞
    CVE-2020-13568
    SQL injection vulnerability exists in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability in admin/edit_grou ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:32 | 阅读:7 | 回复:0
  • CVE-2020-13566
    CVE漏洞
    CVE-2020-13566
    SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability In admin/edit_gro ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:32 | 阅读:17 | 回复:0
  • CVE-2021-30176
    CVE漏洞
    CVE-2021-30176
    The ZEROF Expert pro/2.0 application for mobile devices allows SQL Injection via the Authorization header to the /v2/devices/add endpoint.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:32 | 阅读:14 | 回复:0
  • CVE-2021-30175
    CVE漏洞
    CVE-2021-30175
    ZEROF Web Server 1.0 (April 2021) allows SQL Injection via the /HandleEvent endpoint for the login page.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:32 | 阅读:11 | 回复:0
  • CVE-2021-28421
    CVE漏洞
    CVE-2021-28421
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-21417. Reason: This candidate is a duplicate of CVE-2021-21417. Notes: All CVE users should reference CVE-2021-21417 instead of this ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:32 | 阅读:15 | 回复:0
  • CVE-2021-22505
    CVE漏洞
    CVE-2021-22505
    Escalation of privileges vulnerability in Micro Focus Operations Agent, affects versions 12.0x, 12.10, 12.11, 12.12, 12.14 and 12.15. The vulnerability could be exploited to escalate privileges and ex ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:32 | 阅读:16 | 回复:0
  • CVE-2021-28647
    CVE漏洞
    CVE-2021-28647
    Trend Micro Password Manager version 5 (Consumer) is vulnerable to a DLL Hijacking vulnerability which could allow an attacker to inject a malicious DLL file during the installation progress and could ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:32 | 阅读:11 | 回复:0
  • CVE-2021-28646
    CVE漏洞
    CVE-2021-28646
    An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to take control of a specific log file on affected installa ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:32 | 阅读:9 | 回复:0
  • CVE-2021-28645
    CVE漏洞
    CVE-2021-28645
    An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to escalate privileges on affected installations. Ple ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:32 | 阅读:16 | 回复:0
  • CVE-2021-25253
    CVE漏洞
    CVE-2021-25253
    An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a resource used by the service could allow a local attacker to escalate pri ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:32 | 阅读:13 | 回复:0
  • CVE-2021-25250
    CVE漏洞
    CVE-2021-25250
    An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a sensitive file could allow a local attacker to escalate privileges on aff ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:32 | 阅读:12 | 回复:0
  • CVE-2021-29943
    CVE漏洞
    CVE-2021-29943
    When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client cr ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:32 | 阅读:15 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap