CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2020-26707

An issue was discovered in the add function in Shenzhim AAPTJS 1.3.1 which allows attackers to execute arbitrary code via the filePath parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：92 | 回复：0
CVE-2020-36376

An issue was discovered in the list function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：71 | 回复：0
CVE-2020-36377

An issue was discovered in the dump function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：70 | 回复：0
CVE-2020-36378

An issue was discovered in the packageCmd function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：70 | 回复：0
CVE-2020-36379

An issue was discovered in the remove function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：76 | 回复：0
CVE-2020-36380

An issue was discovered in the crunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：81 | 回复：0
CVE-2020-36381

An issue was discovered in the singleCrunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：77 | 回复：0
CVE-2021-20838

Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：59 | 回复：0
CVE-2021-20839

Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：72 | 回复：0
CVE-2021-41313

Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /sec ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:17 | 阅读：55 | 回复：0
CVE-2021-41035

In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：57 | 回复：0
CVE-2021-21319

Galette is a membership management web application geared towards non profit organizations. In versions prior to 0.9.5, malicious javascript code can be stored to be displayed later on self subscripti ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：54 | 回复：0
CVE-2021-37624

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：66 | 回复：0
CVE-2021-34854

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：54 | 回复：0
CVE-2021-34855

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-priv ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：41 | 回复：0
CVE-2021-34856

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute high-privileged cod ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：52 | 回复：0
CVE-2021-34857

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute high-privileged cod ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：65 | 回复：0
CVE-2021-34859

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer 15.16.8.0. User interaction is required to exploit this vulnerability in that the target mu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：60 | 回复：0
CVE-2021-34860

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：56 | 回复：0
CVE-2021-34861

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerabil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：71 | 回复：0
CVE-2021-34862

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerabil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：42 | 回复：0
CVE-2021-34863

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerabil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：54 | 回复：0
CVE-2021-34864

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：37 | 回复：0
CVE-2021-41176

Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. In affected versions of Pterodactyl a malicious user can trigger a user logout if a signed in user visits a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：51 | 回复：0
CVE-2021-39220

Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：41 | 回复：0
CVE-2021-39221

Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Contacts application prior to version 4.0.3 was vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For explo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：54 | 回复：0
CVE-2021-38258

NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostProcessCallback().……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：46 | 回复：0
CVE-2021-38260

NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostParseDeviceConfigurationDescriptor().……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：43 | 回复：0
CVE-2021-39223

Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments application prior to versions 3.8.6 and 4.2.3 returned verbatim exception messages to the user. This could r ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：41 | 回复：0
CVE-2021-39224

Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud OfficeOnline application prior to version 1.1.1 returned verbatim exception messages to the user. This could result in a f ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：44 | 回复：0
CVE-2021-39225

Nextcloud is an open-source, self-hosted productivity platform. A missing permission check in Nextcloud Deck before 1.2.9, 1.4.5 and 1.5.3 allows another authenticated users to access Deck cards of an ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：53 | 回复：0
CVE-2021-41105

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. When handling SRT ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：39 | 回复：0
CVE-2021-41145

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. FreeSWITCH prior ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：44 | 回复：0
CVE-2021-41177

Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, Nextcloud Server did not implement a database backend for rate-limiting purposes. Any com ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：72 | 回复：0
CVE-2021-41178

Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, a file traversal vulnerability makes an attacker able to download arbitrary SVG images fr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：43 | 回复：0
CVE-2021-41179

Nextcloud is an open-source, self-hosted productivity platform. Prior to Nextcloud Server versions 20.0.13, 21.0.5, and 22.2.0, the Two-Factor Authentication wasn't enforced for pages marked as pu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：38 | 回复：0
CVE-2021-41304

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the /secure/admin/I ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：54 | 回复：0
CVE-2021-41305

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filters via an Insecure Direct Object References (IDOR) vulnerabil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：37 | 回复：0
CVE-2021-41306

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References (IDOR) vulnerability in th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：67 | 回复：0
CVE-2021-41307

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and private filters via an Insecure Direct Object References (ID ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：66 | 回复：0