漏洞 - 第864页-OStack程序员社区-中国程序员成长平台

OStack程序员社区-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-20689

Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbitrary script via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-20688

Cross-site scripting vulnerability in Click Ranker Ver.3.5 allows remote attackers to inject an arbitrary script via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-20687

Cross-site request forgery (CSRF) vulnerability in Kagemai 0.8.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-20686

Cross-site scripting vulnerability in Kagemai 0.8.8 allows remote attackers to inject an arbitrary script via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-20685

Cross-site scripting vulnerability in Kagemai 0.8.8 allows remote attackers to inject an arbitrary script via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：8 | 回复：0
CVE漏洞

CVE-2020-11255

Denial of service while processing RTCP packets containing multiple SDES reports due to memory for last SDES packet is freed and rest of the memory is leaked in Snapdragon Auto, Snapdragon Compute, Sn ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:31 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-20684

Cross-site scripting vulnerability in MagazinegerZ v.1.01 allows remote attackers to inject an arbitrary script via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-1892

Memory corruption due to improper input validation while processing IO control which is nonstandard in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：16 | 回复：0
CVE漏洞

CVE-2020-11252

Trustzone initialization code will disable xPU`s when memory dumps are enabled and lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer I ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：13 | 回复：0
CVE漏洞

CVE-2020-11251

Out-of-bounds read vulnerability while accessing DTMF payload due to lack of check of buffer length before copying in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：6 | 回复：0
CVE漏洞

CVE-2020-11247

Out of bound memory read while unpacking data due to lack of offset length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Sn ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：10 | 回复：0
CVE漏洞

CVE-2020-11246

A double free condition can occur when the device moves to suspend mode during secure playback in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Indu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：15 | 回复：0
CVE漏洞

CVE-2020-11245

Unintended reads and writes by NS EL2 in access control driver due to lack of check of input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：14 | 回复：0
CVE漏洞

CVE-2020-11243

RRC sends a connection establishment success to NAS even though connection setup validation returns failure and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：9 | 回复：0
CVE漏洞

CVE-2020-11242

User could gain access to secure memory due to incorrect argument into address range validation api used in SDI to capture requested contents in Snapdragon Industrial IOT, Snapdragon Mobile……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：10 | 回复：0
CVE漏洞

CVE-2020-11237

Memory crash when accessing histogram type KPI input received due to lack of check of histogram definition before accessing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdrag ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：13 | 回复：0
CVE漏洞

CVE-2020-11236

Memory corruption due to invalid value of total dimension in the non-histogram type KPI could lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：11 | 回复：0
CVE漏洞

CVE-2020-11234

When sending a socket event message to a user application, invalid information will be passed if socket is freed by other thread resulting in a Use After Free condition in Snapdragon Auto, Snapdragon ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：15 | 回复：0
CVE漏洞

CVE-2020-11231

Two threads call one or both functions concurrently leading to corruption of pointers and reference counters which in turn can lead to heap corruption in Snapdragon Compute, Snapdragon Connectivity, S ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：21 | 回复：0
CVE漏洞

CVE-2020-11210

Possible memory corruption in RPM region due to improper XPU configuration in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：24 | 回复：0
CVE漏洞

CVE-2020-11191

Out of bound read occurs while processing crafted SDP due to lack of check of null string in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-30147

DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as adding new manager accounts via admin.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-30178

An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context, aka CID-919f4ebc5987.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：29 | 回复：0
CVE漏洞

CVE-2020-36313

An issue was discovered in the Linux kernel before 5.7. The KVM subsystem allows out-of-range access to memslots after a deletion, aka CID-0774a964ef56. This affects arch/s390/kvm/kvm-s390.c, include/ ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：26 | 回复：0
CVE漏洞

CVE-2020-36312

An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：21 | 回复：0
CVE漏洞

CVE-2020-36311

An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires u ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：15 | 回复：0
CVE漏洞

CVE-2020-36310

An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/svm/svm.c allows a set_memory_region_test infinite loop for certain nested page faults, aka CID-e72436bc3a52.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-27900

The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is missing an authorization check on several pages in the Web Console. This enables a view-only user to change any configura ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-27899

The Proofpoint Insider Threat Management Agents (formerly ObserveIT Agent) for MacOS and Linux perform improper validation of the ITM Server's certificate, which enables a remote attacker to inter ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-22158

The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is vulnerable to XML external entity (XXE) injection in the Web Console. The vulnerability requires admin user privileges an ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-22157

Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.11.1 allows stored XSS.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：15 | 回复：0
CVE漏洞

CVE-2020-13422

OpenIAM before 4.2.0.3 does not verify if a user has permissions to perform /webconsole/rest/api/* administrative actions.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：23 | 回复：0
CVE漏洞

CVE-2020-13421

OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions, and Password Reset actions.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：23 | 回复：0
CVE漏洞

CVE-2020-13420

OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary code via Groovy Script.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：17 | 回复：0
CVE漏洞

CVE-2020-13419

OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：21 | 回复：0
CVE漏洞

CVE-2020-13418

OpenIAM before 4.2.0.3 allows XSS in the Add New User feature.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-25692

Sensitive smart card data is logged in default INFO logs by Teradici's PCoIP Connection Manager and Security Gateway prior to version 21.01.3.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：39 | 回复：0
CVE漏洞

CVE-2021-21404

Syncthing is a continuous file synchronization program. In Syncthing before version 1.15.0, the relay server `strelaysrv` can be caused to crash and exit by sending a relay message with a negative len ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-28688

The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-21423

`projen` is a project generation tool that synthesizes project configuration files such as `package.json`, `tsconfig.json`, `.gitignore`, GitHub Workflows, `eslint`, `jest`, and more, from a well-type ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:30 | 阅读：6 | 回复：0