漏洞 - 第919页-OStack程序员社区-中国程序员成长平台

OStack程序员社区-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-22191

Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：46 | 回复：0
CVE漏洞

CVE-2021-20286

A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may lead to denial of service.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：35 | 回复：0
CVE漏洞

CVE-2020-29556

The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulnera ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：51 | 回复：0
CVE漏洞

CVE-2020-29555

The BackupDelete functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to delete arbitrary files on the underlying server by exploiting a path-traversal technique. (This vulne ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：52 | 回复：0
CVE漏洞

CVE-2020-28149

myDBR 5.8.3/4262 is affected by: Cross Site Scripting (XSS). The impact is: execute arbitrary code (remote). The component is: CSRF Token. The attack vector is: CSRF token injection to XSS.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：47 | 回复：0
CVE漏洞

CVE-2020-24985

An issue was discovered in Quadbase EspressReports ES 7 Update 9. An authenticated user is able to navigate to the MenuPage section of the application, and change the frmsrc parameter value to retriev ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：51 | 回复：0
CVE漏洞

CVE-2020-24982

An issue was discovered in Quadbase ExpressDashboard (EDAB) 7 Update 9. It allows CSRF. An attacker may be able to trick an authenticated user into changing the email address associated with their acc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-27889

Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：37 | 回复：0
CVE漏洞

CVE-2021-27817

A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code generated by phar where the suffix is JPG, which is uploaded after modifying the phar suffix.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：42 | 回复：0
CVE漏洞

CVE-2021-27695

Multiple stored cross-site scripting (XSS) vulnerabilities in openMAINT 2.1-3.3-b allow remote attackers to inject arbitrary web script or HTML via any Add sections, such as Add Card Building Floor, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:48 | 阅读：53 | 回复：0
CVE漏洞

CVE-2020-11296

Arithmetic overflow can happen while processing NOA IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Sna ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：28 | 回复：0
CVE漏洞

CVE-2020-11287

Allowing RTT frames to be linked with non randomized MAC address by comparing the sequence numbers can lead to information disclosure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：27 | 回复：0
CVE漏洞

CVE-2020-11286

An Untrusted Pointer Dereference can occur while doing USB control transfers, if multiple requests of different standard request categories like device, interface endpoint are made together. in Snapd ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：42 | 回复：0
CVE漏洞

CVE-2020-11283

A buffer overflow can occur when playing an MKV clip due to lack of input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：39 | 回复：0
CVE漏洞

CVE-2020-11282

Improper access control when using mmap with the kgsl driver with a special offset value that can be provided to map the memstore of the GPU to user space in Snapdragon Auto, Snapdragon Compute, Snapd ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：27 | 回复：0
CVE漏洞

CVE-2020-11281

Allowing RTT frames to be linked with non randomized MAC address by comparing the sequence numbers can lead to information disclosure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：37 | 回复：0
CVE漏洞

CVE-2020-11280

Denial of service while processing fine timing measurement request (FTMR) frame with reserved bits set in the FTM parameter IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Sn ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：30 | 回复：0
CVE漏洞

CVE-2020-11278

Possible denial of service while handling host WMI command due to improper validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Sna ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：20 | 回复：0
CVE漏洞

CVE-2020-11277

Possible race condition during async fastrpc session after sending RPC message due to the fastrpc ctx gets free during async session in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：28 | 回复：0
CVE漏洞

CVE-2020-11276

Possible buffer over read while processing P2P IE and NOA attribute of beacon and probe response frames due to improper validation of P2P IE and NOA attribute lengths in Snapdragon Auto, Snapdragon Co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：29 | 回复：0
CVE漏洞

CVE-2020-11275

Possible buffer over-read while parsing quiet IE in Rx beacon frame due to improper check of IE length in received beacon in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：39 | 回复：0
CVE漏洞

CVE-2020-11272

Before enqueuing a frame to the PE queue for further processing, an entry in a hash table can be deleted and using a stale version later can lead to use after free condition in Snapdragon Auto, Snapdr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：36 | 回复：0
CVE漏洞

CVE-2020-11271

Possible out of bounds while accessing global control elements due to race condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：21 | 回复：0
CVE漏洞

CVE-2020-11270

Possible denial of service due to RTT responder consistently rejects all FTMR by transmitting FTM1 with failure status in the FTM parameter IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connec ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：46 | 回复：0
CVE漏洞

CVE-2020-11269

Possible memory corruption while processing EAPOL frames due to lack of validation of key length before using it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer El ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：28 | 回复：0
CVE漏洞

CVE-2020-11253

Arbitrary memory write issue in video driver while setting the internal buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Sna ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：24 | 回复：0
CVE漏洞

CVE-2020-11223

Out of bound in camera driver due to lack of check of validation of array index before copying into array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Sn ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：33 | 回复：0
CVE漏洞

CVE-2020-11204

Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for parameters that are read from shared MSG RAM in Snapdragon Auto, Snapdrag ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：26 | 回复：0
CVE漏洞

CVE-2020-11203

Stack overflow may occur if GSM/WCDMA broadcast config size received from user is larger than variable length array in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Ind ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：40 | 回复：0
CVE漏洞

CVE-2020-11198

Key material used for TZ diag buffer encryption and other data related to log buffer is not wiped securely due to improper usage of memset in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：27 | 回复：0
CVE漏洞

CVE-2020-11195

Out of bound write and read in TA while processing command from NS side due to improper length check on command and response buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Sn ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：27 | 回复：0
CVE漏洞

CVE-2020-11194

Possible out of bound access in TA while processing a command from NS side due to improper length check of response buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon C ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：43 | 回复：0
CVE漏洞

CVE-2020-11187

Possible memory corruption in BSI module due to improper validation of parameter count in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Mobile……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：89 | 回复：0
CVE漏洞

CVE-2020-11177

User can overwrite Security Code NV item without knowing current SPC due to improper validation of SPC code setting and device lock in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Sna ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：30 | 回复：0
CVE漏洞

CVE-2020-11170

Out of bound memory access while playing music playbacks with crafted vorbis content due to improper checks in header extraction in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：19 | 回复：0
CVE漏洞

CVE-2020-11163

Possible buffer overflow while updating ikev2 parameters due to lack of check of input validation for certain parameters received from the ePDG server in Snapdragon Auto, Snapdragon Compute, Snapdrago ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：38 | 回复：0
CVE漏洞

CVE-2020-11147

Use after free issue in audio modules while removing and freeing objects during list iteration due to incorrect usage of macro in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：47 | 回复：0
CVE漏洞

CVE-2021-21269

Keymaker is a Mastodon Community Finder based Matrix Community serverlist page Server. In Keymaker before version 0.2.0, the assets endpoint did not check for the extension. The rust `join` method wit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：47 | 回复：0
CVE漏洞

CVE-2020-28483

This affects all versions of package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：29 | 回复：0
CVE漏洞

CVE-2020-28452

This affects the package com.softwaremill.akka-http-session:core_2.12 from 0 and before 0.6.1; all versions of package com.softwaremill.akka-http-session:core_2.11; the package com.softwaremill.akka-h ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：34 | 回复：0