Crypto 漏洞列表

The plugin does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.

The MyCryptoCheckout WordPress plugin before 2.124 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.

The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15. This is due a to limited arbitrary method call to 'crypto_connect_ajax_process::log_in' function in the 'crypto_connect_ajax_process' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.

The plugin does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.

The MyCryptoCheckout WordPress plugin before 2.124 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.

The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15. This is due a to limited arbitrary method call to 'crypto_connect_ajax_process::log_in' function in the 'crypto_connect_ajax_process' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.

Android on Nexus 5X等是美国谷歌（Google）公司和开放手持设备联盟（简称OHA）共同开发的一套运行于Nexus 5X等（智能设备）中并以Linux为基础的开源操作系统。Qualcomm crypto driver是其中的一个Qualcomm加密驱动程序。 Android中的Qualcomm crypto驱动程序中存在远程代码执行漏洞。攻击者可利用该漏洞在内核上下文中执行任意代码，也可能造成拒绝服务。以下产品受到影响：Nexus 5X，6，6P,Android One，Pixel，Pixel XL。