• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号
登陆 注册
OGeek|极客世界-中国程序员成长平台 门户 漏洞CVE漏洞

CVE漏洞

RSS
  • CVE-2021-33627
    CVE-2021-33627
    A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(CommBuffer). This can be used by ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:78 | 回复:0
  • CVE-2021-41837
    CVE-2021-41837
    An unsafe pointer vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler. An attacker can use this unsafe pointer current_ptr to read or write or manipulate data in ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:70 | 回复:0
  • CVE-2021-41838
    CVE-2021-41838
    An unsafe pointer vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler. An attacker can use this unsafe pointer ptr to read or write or manipulate data in the SMR ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:74 | 回复:0
  • CVE-2021-41839
    CVE-2021-41839
    A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated table variable EFI_BOOT_SERVICES. This can be us ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:83 | 回复:0
  • CVE-2021-41840
    CVE-2021-41840
    A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated table variable EFI_BOOT_SERVICES. This allows an ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:85 | 回复:0
  • CVE-2021-41841
    CVE-2021-41841
    A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated table variables EFI_BOOT_SERVICES and EFI_RUNTIM ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:81 | 回复:0
  • CVE-2021-42059
    CVE-2021-42059
    Stack overflow vulnerability that allows a local root user to access UEFI DXE driver and execute arbitrary code.……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:75 | 回复:0
  • CVE-2021-42060
    CVE-2021-42060
    SMM callout vulnerability allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:99 | 回复:0
  • CVE-2021-42113
    CVE-2021-42113
    SMM callout vulnerability allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:96 | 回复:0
  • CVE-2021-42554
    CVE-2021-42554
    SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:84 | 回复:0
  • CVE-2021-43323
    CVE-2021-43323
    An issue was discovered in UsbCoreDxe in Insyde InsydeH2O with kernel 5.5 before 05.51.45, 5.4 before 05.43.45, 5.3 before 05.35.45, 5.2 before 05.26.45, 5.1 before 05.16.45, and 5.0 before 05.08.45. ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:86 | 回复:0
  • CVE-2021-43615
    CVE-2021-43615
    SMM callout vulnerability allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:81 | 回复:0
  • CVE-2022-22818
    CVE-2022-22818
    The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS.……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:77 | 回复:0
  • CVE-2022-23833
    CVE-2022-23833
    An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:96 | 回复:0
  • CVE-2022-24030
    CVE-2022-24030
    SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:121 | 回复:0
  • CVE-2022-24031
    CVE-2022-24031
    An issue was discovered in NvmExpressDxe in Insyde InsydeH2O with kernel 5.1 through 5.5. An SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploit ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:114 | 回复:0
  • CVE-2022-23357
    CVE-2022-23357
    mozilo2.0 was discovered to be vulnerable to directory traversal attacks via the parameter curent_dir.……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:92 | 回复:0
  • CVE-2022-23871
    CVE-2022-23871
    Multiple cross-site scripting (XSS) vulnerabilities in the component outcomes_addProcess.php of Gibbon CMS v22.0.01 allow attackers to execute arbitrary web scripts or HTML via a crafted payload inste ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:102 | 回复:0
  • CVE-2022-23873
    CVE-2022-23873
    Victor CMS v1.0 was discovered to contain a SQL injection vulnerability that allows attackers to inject arbitrary commands via 'user_firstname' parameter.……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:93 | 回复:0
  • CVE-2022-24121
    CVE-2022-24121
    SQL Injection vulnerability discovered in Unified Office Total Connect Now that would allow an attacker to extract sensitive information through a cookie parameter.……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:89 | 回复:0
  • CVE-2022-21726
    CVE-2022-21726
    Tensorflow is an Open Source Machine Learning Framework. The implementation of `Dequantize` does not fully validate the value of `axis` and can result in heap OOB accesses. The `axis` argument can be ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:104 | 回复:0
  • CVE-2022-21727
    CVE-2022-21727
    Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulnerable to an integer overflow weakness. The `axis` argument can be `-1` (the defa ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:91 | 回复:0
  • CVE-2022-21728
    CVE-2022-21728
    Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ReverseSequence` does not fully validate the value of `batch_dim` and can result in a heap OOB read. ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:110 | 回复:0
  • CVE-2022-21730
    CVE-2022-21730
    Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalAvgPoolGrad` does not consider cases where the input tensors are invalid allowing an attacker to read from out ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:111 | 回复:0
  • CVE-2022-21731
    CVE-2022-21731
    Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ConcatV2` can be used to trigger a denial of service attack via a segfault caused by a type confusio ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:82 | 回复:0
  • CVE-2022-21732
    CVE-2022-21732
    Tensorflow is an Open Source Machine Learning Framework. The implementation of `ThreadPoolHandle` can be used to trigger a denial of service attack by allocating too much memory. This is because the ` ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:103 | 回复:0
  • CVE-2022-21733
    CVE-2022-21733
    Tensorflow is an Open Source Machine Learning Framework. The implementation of `StringNGrams` can be used to trigger a denial of service attack by causing an out of memory condition after an integer o ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:79 | 回复:0
  • CVE-2022-21736
    CVE-2022-21736
    Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseTensorSliceDataset` has an undefined behavior: under certain condition it can be made to dereference a `nullptr` v ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:89 | 回复:0
  • CVE-2022-23567
    CVE-2022-23567
    Tensorflow is an Open Source Machine Learning Framework. The implementations of `Sparse*Cwise*` ops are vulnerable to integer overflows. These can be used to trigger large allocations (so, OOM based d ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:90 | 回复:0
  • CVE-2022-23568
    CVE-2022-23568
    Tensorflow is an Open Source Machine Learning Framework. The implementation of `AddManySparseToTensorsMap` is vulnerable to an integer overflow which results in a `CHECK`-fail when building new `Tenso ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:93 | 回复:0
  • CVE-2022-21725
    CVE-2022-21725
    Tensorflow is an Open Source Machine Learning Framework. The estimator for the cost of some convolution operations can be made to execute a division by 0. The function fails to check that the stride a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:82 | 回复:0
  • CVE-2022-21729
    CVE-2022-21729
    Tensorflow is an Open Source Machine Learning Framework. The implementation of `UnravelIndex` is vulnerable to a division by zero caused by an integer overflow bug. The fix will be included in TensorF ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:84 | 回复:0
  • CVE-2022-21734
    CVE-2022-21734
    Tensorflow is an Open Source Machine Learning Framework. The implementation of `MapStage` is vulnerable a `CHECK`-fail if the key tensor is not a scalar. The fix will be included in TensorFlow 2.8.0. ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:110 | 回复:0
  • CVE-2022-21735
    CVE-2022-21735
    Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalMaxPool` can be made to crash a TensorFlow process via a division by 0. The fix will be included in TensorFlow ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:96 | 回复:0
  • CVE-2022-23569
    CVE-2022-23569
    Tensorflow is an Open Source Machine Learning Framework. Multiple operations in TensorFlow can be used to trigger a denial of service via `CHECK`-fails (i.e., assertion failures). This is similar to T ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:93 | 回复:0
  • CVE-2021-44866
    CVE-2021-44866
    An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The file about.php does not perform input validation on the 'id' paramter. An attacker can append SQL queries to the input to ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:105 | 回复:0
  • CVE-2022-21737
    CVE-2022-21737
    Tensorflow is an Open Source Machine Learning Framework. The implementation of `*Bincount` operations allows malicious users to cause denial of service by passing in arguments which would trigger a `C ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:105 | 回复:0
  • CVE-2022-21738
    CVE-2022-21738
    Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseCountSparseOutput` can be made to crash a TensorFlow process by an integer overflow whose result is then used in a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:110 | 回复:0
  • CVE-2022-21739
    CVE-2022-21739
    Tensorflow is an Open Source Machine Learning Framework. The implementation of `QuantizedMaxPool` has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:102 | 回复:0
  • CVE-2022-21740
    CVE-2022-21740
    Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseCountSparseOutput` is vulnerable to a heap overflow. The fix will be included in TensorFlow 2.8.0. We will also ch ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:121 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap