最新漏洞
漏洞编号漏洞描述厂商时间
CVE-2017-20004
In the standard library in Rust before 1.19.0, there is a synchronization problem in the MutexGuard object. MutexGuards can be used across threads with any types, allowing for memory safety issues through race conditions.

MITRE Corporation2021-04-14
CVE-2018-25008
In the standard library in Rust before 1.29.0, there is weak synchronization in the Arc::get_mut method. This synchronization issue can be lead to memory safety issues through race conditions.

MITRE Corporation2021-04-14
CVE-2019-10881
Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled.

Airbus2021-04-14
CVE-2020-13566
SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability In admin/edit_group.php, when the POST parameter action is “Delete”, the POST parameter delete_group leads to a SQL injection.

Talos2021-04-14
CVE-2020-13568
SQL injection vulnerability exists in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability in admin/edit_group.php, when the POST parameter action is “Submit”, the POST parameter parent_id leads to a SQL injection.

Talos2021-04-14
CVE-2020-27227
An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request with parameters containing specific parameter to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and compromise underlying operating system.

Talos2021-04-14
CVE-2020-27228
An incorrect default permissions vulnerability exists in the installation functionality of OpenClinic GA 5.173.3. Overwriting the binary can result in privilege escalation. An attacker can replace a file to exploit this vulnerability.

Talos2021-04-14
CVE-2020-27233
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the supplierUID parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Talos2021-04-14
CVE-2020-27234
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the serviceUID parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Talos2021-04-14
CVE-2020-27235
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the description parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Talos2021-04-14
CVE-2020-27236
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the compnomenclature parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Talos2021-04-14
CVE-2020-28590
An out-of-bounds read vulnerability exists in the Obj File TriangleMesh::TriangleMesh() functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted obj file could lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.

Talos2021-04-14
CVE-2020-36322
An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950.

MITRE Corporation2021-04-14
CVE-2020-36323
In the standard library in Rust before 1.50.3, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.

MITRE Corporation2021-04-14
CVE-2020-8358
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8359
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8360
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8361
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8362
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8363
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8364
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8365
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8366
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8367
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8368
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8369
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8370
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8371
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8372
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8373
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8374
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8375
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8376
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8377
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8378
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8379
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8380
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8381
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8382
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8383
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8384
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8385
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8386
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8387
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8388
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8389
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8390
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8391
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8392
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8393
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8394
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8395
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8396
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8397
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8398
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8399
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8400
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8401
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8402
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8403
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8404
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8405
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8406
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8407
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8408
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8409
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8410
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8411
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8412
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8413
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8414
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2020-8415
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Lenovo Group Ltd.2021-04-14
CVE-2021-0400
In injectBestLocation and handleUpdateLocation of GnssLocationProvider.java, there is a possible incorrect reporting of location data to emergency services due to improper input validation. This could lead to incorrect reporting of location data to emergency services with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-177561690

Android (associated with Google Inc. or Open Handset Alliance)2021-04-14
CVE-2021-0426
In parsePrimaryFieldFirstUidAnnotation of LogEvent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174485572

Android (associated with Google Inc. or Open Handset Alliance)2021-04-14
CVE-2021-0427
In parseExclusiveStateAnnotation of LogEvent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174488848

Android (associated with Google Inc. or Open Handset Alliance)2021-04-14
CVE-2021-0428
In getSimSerialNumber of TelephonyManager.java, there is a possible way to read a trackable identifier due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-173421434

Android (associated with Google Inc. or Open Handset Alliance)2021-04-14
CVE-2021-0429
In pollOnce of ALooper.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-175074139

Android (associated with Google Inc. or Open Handset Alliance)2021-04-14
CVE-2021-0430
In rw_mfc_handle_read_op of rw_mfc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution via a malicious NFC packet with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-178725766

Android (associated with Google Inc. or Open Handset Alliance)2021-04-14
CVE-2021-0431
In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a paired device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174149901

Android (associated with Google Inc. or Open Handset Alliance)2021-04-14
CVE-2021-0432
In ClearPullerCacheIfNecessary and ForceClearPullerCache of StatsPullerManager.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-173552790

Android (associated with Google Inc. or Open Handset Alliance)2021-04-14
CVE-2021-0433
In onCreate of DeviceChooserActivity.java, there is a possible way to bypass user consent when pairing a Bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege and pairing malicious devices with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171221090

Android (associated with Google Inc. or Open Handset Alliance)2021-04-14
CVE-2021-0435
In avrc_proc_vendor_command of avrc_api.cc, there is a possible leak of heap data due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174150451

Android (associated with Google Inc. or Open Handset Alliance)2021-04-14
CVE-2021-0436
In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds read due to integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-176496160

Android (associated with Google Inc. or Open Handset Alliance)2021-04-14
CVE-2021-0437
In setPlayPolicy of DrmPlugin.cpp, there is a possible double free. This could lead to local escalation of privilege in a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-176168330

Android (associated with Google Inc. or Open Handset Alliance)2021-04-14
CVE-2021-0438
In several functions of InputDispatcher.cpp, WindowManagerService.java, and related files, there is a possible tapjacking attack due to an incorrect FLAG_OBSCURED value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10Android ID: A-152064592

Android (associated with Google Inc. or Open Handset Alliance)2021-04-14
CVE-2021-0439
In setPowerModeWithHandle of com_android_server_power_PowerManagerService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174243830

Android (associated with Google Inc. or Open Handset Alliance)2021-04-14
CVE-2021-0442
In updateInfo of android_hardware_input_InputApplicationHandle.cpp, there is a possible control of code flow due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174768985

Android (associated with Google Inc. or Open Handset Alliance)2021-04-14
CVE-2021-0443
In several functions of ScreenshotHelper.java and related files, there is a possible incorrectly saved screenshot due to a race condition. This could lead to local information disclosure across user profiles with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-170474245

Android (associated with Google Inc. or Open Handset Alliance)2021-04-14
CVE-2021-0444
In onActivityResult of QuickContactActivity.java, there is an unnecessary return of an intent. This could lead to local information disclosure of contact data with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-178825358

Android (associated with Google Inc. or Open Handset Alliance)2021-04-14
CVE-2021-0445
In start of WelcomeActivity.java, there is a possible residual profile due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9Android ID: A-172322502

Android (associated with Google Inc. or Open Handset Alliance)2021-04-14
CVE-2021-0446
In ImportVCardActivity, there is a possible way to bypass user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172252122

Android (associated with Google Inc. or Open Handset Alliance)2021-04-14
CVE-2021-0468
In LK, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege for an attacker who has physical access to the device with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-180427272

Android (associated with Google Inc. or Open Handset Alliance)2021-04-14
CVE-2021-0471
In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-176444786

Android (associated with Google Inc. or Open Handset Alliance)2021-04-14
CVE-2021-21399
Ampache is a web based audio/video streaming application and file manager. Versions prior to 4.4.1 allow unauthenticated access to Ampache using the subsonic API. To successfully make the attack you must use a username that is not part of the site to bypass the auth checks. For more details and workaround guidance see the referenced GitHub security advisory.

GitHub (maintainer security advisories)2021-04-14
CVE-2021-21482
SAP NetWeaver Master Data Management, versions - 710, 710.750, allows a malicious unauthorized user with access to the MDM Server subnet to find the password using a brute force method. If successful, the attacker could obtain access to highly sensitive data and MDM administrative privileges leading to information disclosure vulnerability thereby affecting the confidentiality and integrity of the application. This happens when security guidelines and recommendations concerning administrative accounts of an SAP NetWeaver Master Data Management installation have not been thoroughly reviewed.

SAP SE2021-04-14
CVE-2021-21483
Under certain conditions SAP Solution Manager, version - 720, allows a high privileged attacker to get access to sensitive information which has a direct serious impact beyond the exploitable component thereby affecting the confidentiality in the application.

SAP SE2021-04-14
CVE-2021-21485
An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user.

SAP SE2021-04-14
CVE-2021-21492
SAP NetWeaver Application Server Java(HTTP Service), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate logon group in URLs, resulting in a content spoofing vulnerability when directory listing is enabled.

SAP SE2021-04-14
CVE-2021-21729
Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification, attackers could perform illegal authorization operations by constructing messages.This affects: ZXHN H168N V3.5.0_EG1T5_TE, V2.5.5, ZXHN H108N V2.5.5_BTMT1

ZTE Corporation2021-04-14
CVE-2021-21730
A ZTE product is impacted by improper access control vulnerability. The attacker could exploit this vulnerability to access CLI by brute force attacks.This affects: ZXHN H168N V3.5.0_TY.T6

ZTE Corporation2021-04-14
漏洞编号漏洞链接时间
CNVD-2021-28261Remote Clinic跨站脚本漏洞(CNVD-2021-28261)2021-04-14
CNVD-2021-28263Remote Clinic跨站脚本漏洞(CNVD-2021-28263)2021-04-14
CNVD-2021-28262Remote Clinic跨站脚本漏洞(CNVD-2021-28262)2021-04-14
CNVD-2021-28264Remote Clinic跨站脚本漏洞(CNVD-2021-28264)2021-04-14
CNVD-2021-28265Remote Clinic跨站脚本漏洞2021-04-14
CNVD-2021-28266Eclipse Vertx-web跨站请求伪造漏洞2021-04-14
CNVD-2021-28267Pegasystem Pega Platform跨站脚本漏洞(CNVD-2021-28267)2021-04-14
CNVD-2021-28268Eclipse Jetty HTTP请求走私漏洞2021-04-14
CNVD-2021-28269Eclipse Jetty信息泄露漏洞(CNVD-2021-28269)2021-04-14
CNVD-2021-28270jQuery跨站脚本漏洞(CNVD-2021-28270)2021-04-14
CNVD-2021-28271Readdle Documents app授权控制漏洞2021-04-14
CNVD-2021-28272imlib2整数溢出漏洞(CNVD-2021-28272)2021-04-14
CNVD-2021-28273json-c整数溢出和越界写入漏洞2021-04-14
CNVD-2021-28274Java-WebSocket信任管理问题漏洞2021-04-14
CNVD-2021-28252MediaWiki权限许可和访问控制问题漏洞2021-04-14
CNVD-2021-27989Google Chrome远程代码执行漏洞(CNVD-2021-27989)2021-04-14
CNVD-2021-28253ASUS GPUTweak II缓冲区溢出漏洞(CNVD-2021-28253)2021-04-14
CNVD-2021-28254ASUS GPUTweak II缓冲区溢出漏洞2021-04-14
CNVD-2021-28255Cisco Unified Communications Manager SQL注入漏洞(CNVD-2021-28255)2021-04-14
CNVD-2021-28256WCMS跨站脚本漏洞(CNVD-2021-28256)2021-04-14
CNVD-2021-28257WCMS目录遍历漏洞(CNVD-2021-28257)2021-04-14
CNVD-2021-28258WCMS目录遍历漏洞2021-04-14
CNVD-2021-28259WCMS跨站脚本漏洞2021-04-14
CNVD-2021-28260WCMS服务器端请求伪造漏洞2021-04-14
CNVD-2021-16864狂雨小说cms存在命令执行漏洞2021-04-14
CNVD-2021-16865otter4管理系统存在弱口令漏洞2021-04-14
CNVD-2021-16866鱼塘处CP APP存在信息泄露漏洞2021-04-14
CNVD-2021-16868上海装盟信息科技有限公司家装ERP管理系统存在SQL注入漏洞(CNVD-2021-16868)2021-04-14
CNVD-2021-16870上海装盟信息科技有限公司家装ERP管理系统存在SQL注入漏洞(CNVD-2021-16870)2021-04-14
CNVD-2021-16871上海装盟信息科技有限公司家装ERP管理系统存在SQL注入漏洞(CNVD-2021-16871)2021-04-14
CNVD-2021-16872上海装盟信息科技有限公司家装ERP管理系统存在SQL注入漏洞(CNVD-2021-16872)2021-04-14
CNVD-2021-16873上海装盟信息科技有限公司家装ERP管理系统存在SQL注入漏洞(CNVD-2021-16873)2021-04-14
CNVD-2021-16874上海装盟信息科技有限公司家装ERP管理系统存在SQL注入漏洞(CNVD-2021-16874)2021-04-14
CNVD-2021-16875上海装盟信息科技有限公司家装ERP管理系统存在SQL注入漏洞(CNVD-2021-16875)2021-04-14
CNVD-2021-16879上海装盟信息科技有限公司家装ERP管理系统存在SQL注入漏洞(CNVD-2021-16879)2021-04-14
CNVD-2021-16880上海装盟信息科技有限公司家装ERP管理系统存在SQL注入漏洞(CNVD-2021-16880)2021-04-14
CNVD-2021-16881上海装盟信息科技有限公司家装ERP管理系统存在SQL注入漏洞(CNVD-2021-16881)2021-04-14
CNVD-2021-16883金微手机商城存在SQL注入漏洞(CNVD-2021-16883)2021-04-14
CNVD-2021-16884ZengCMS存在任意文件删除漏洞2021-04-14
CNVD-2021-28000Cisco Catalyst 9800 Series Wireless Controllers IOS XE Software资源管理错误漏洞2021-04-14
CNVD-2021-28002Centreon host-monitoring widget、service-monitoring widget和tactical-overview widget跨站脚本漏洞(CNVD-2021-28002)2021-04-14
CNVD-2021-28003Centreon host-monitoring widget、service-monitoring widget和tactical-overview widget跨站脚本漏洞(CNVD-2021-28003)2021-04-14
CNVD-2021-28004Centreon host-monitoring widget、service-monitoring widget和tactical-overview widget跨站脚本漏洞2021-04-14
CNVD-2021-28005Linux kernel数据伪造问题漏洞2021-04-14
CNVD-2021-28006SchedMD Slurm身份验证绕过漏洞2021-04-14
CNVD-2021-28007Android Airbrush权限提升漏洞2021-04-14
CNVD-2021-28008Nextcloud Server跨站脚本漏洞(CNVD-2021-28008)2021-04-14
CNVD-2021-28009多款WSO2产品代码问题漏洞2021-04-14
CNVD-2021-28010多款TP-Link产品信任管理问题漏洞2021-04-14
CNVD-2021-28035多款NETGEAR产品跨站脚本漏洞(CNVD-2021-28035)2021-04-14
CNVD-2021-28011多款NETGEAR产品跨站请求伪造漏洞(CNVD-2021-28011)2021-04-14
CNVD-2021-28012NETGEAR ReadyNAS Surveillance权限提升漏洞2021-04-14
CNVD-2021-28013NETGEAR ReadyNAS Surveillance跨站请求伪造漏洞2021-04-14
CNVD-2021-28014多款NETGEAR产品跨站脚本漏洞(CNVD-2021-28014)2021-04-14
CNVD-2021-28036多款NETGEAR产品拒绝服务漏洞(CNVD-2021-28036)2021-04-14
CNVD-2021-28037NETGEAR XR500授权问题漏洞2021-04-14
CNVD-2021-28038多款NETGEAR产品授权问题漏洞(CNVD-2021-28038)2021-04-14
CNVD-2021-27990Parrot ANAFI存在未明漏洞(CNVD-2021-27990)2021-04-14
CNVD-2021-27991Parrot ANAFI存在未明漏洞2021-04-14
CNVD-2021-27992bitcoind和Bitcoin-Qt存在未明漏洞(CNVD-2021-27992)2021-04-14
CNVD-2021-27993bitcoind和Bitcoin-Qt缓冲区溢出漏洞2021-04-14
CNVD-2021-27994bitcoind和Bitcoin-Qt存在未明漏洞2021-04-14
CNVD-2021-27995Intel MAX 10 FPGA信息泄露漏洞2021-04-14
CNVD-2021-27996多款Intel产品存在未明漏洞(CNVD-2021-27996)2021-04-14
CNVD-2021-27998FATEK Automation WinProladder整数溢出漏洞2021-04-14
CNVD-2021-27715Apache Solr未授权访问漏洞2021-04-13
CNVD-2021-27716Apache Solr信息泄露漏洞2021-04-13
CNVD-2021-27717Apache Solr服务端请求伪造漏洞2021-04-13
CNVD-2021-27920Subrion CMS跨站脚本漏洞(CNVD-2021-27920)2021-04-13
CNVD-2021-27921Mark Text跨站脚本漏洞(CNVD-2021-27921)2021-04-13
CNVD-2021-27922Nagios Network Analyzer Self-XSS漏洞2021-04-13
CNVD-2021-27923Seafile跨站脚本漏洞2021-04-13
CNVD-2021-27924Mozilla Firefox存在未明漏洞(CNVD-2021-27924)2021-04-13
CNVD-2021-27925Mozilla Firefox存在未明漏洞(CNVD-2021-27925)2021-04-13
CNVD-2021-27926Mozilla Firefox拒绝服务漏洞(CNVD-2021-27926)2021-04-13
CNVD-2021-27927WonderLink Yomi-Search跨站脚本漏洞2021-04-13
CNVD-2021-27928Micro Focus Access Manager Appliance授权问题漏洞2021-04-13
CNVD-2021-27929Mozilla Firefox越界读取漏洞(CNVD-2021-27929)2021-04-13
CNVD-2021-27930Netop Vision Pro不正确授权漏洞2021-04-13
CNVD-2021-27703Mozilla Firefox存在未明漏洞(CNVD-2021-27703)2021-04-13
CNVD-2021-27931Activision Infinity Ward Call of Duty Modern Warfare 2缓冲区溢出漏洞2021-04-13
CNVD-2021-27718NVIDIA Virtual GPU Manager vGPU缓冲区溢出漏洞(CNVD-2021-27718)2021-04-13
CNVD-2021-27719NVIDIA Virtual GPU Manager vGPU竞争条件问题漏洞2021-04-13
CNVD-2021-27720NVIDIA Virtual GPU Manager vGPU输入验证错误漏洞(CNVD-2021-27720)2021-04-13
CNVD-2021-27721NVIDIA Virtual GPU Manager vGPU缓冲区溢出漏洞2021-04-13
CNVD-2021-27722NVIDIA Virtual GPU Manager vGPU存在未明漏洞2021-04-13
CNVD-2021-27932Capsoft Reportexpress ProPlus远程代码执行漏洞2021-04-13
CNVD-2021-27723NVIDIA Virtual GPU Manager和guest drivers vGPU输入验证错误漏洞2021-04-13
CNVD-2021-27933e-Tax Reception System Chrome Extension注入漏洞2021-04-13
CNVD-2021-27724NVIDIA Windows GPU Display Driver NVIDIA Control Panel存在未明漏洞2021-04-13
CNVD-2021-27725NVIDIA Windows GPU Display Driver存在未明漏洞(CNVD-2021-27725)2021-04-13
CNVD-2021-27726NVIDIA Windows GPU Display Driver存在未明漏洞2021-04-13
CNVD-2021-27727NVIDIA Windows GPU Display Driver缓冲区溢出漏洞(CNVD-2021-27727)2021-04-13
CNVD-2021-27728NVIDIA Windows GPU Display Driver代码问题漏洞(CNVD-2021-27728)2021-04-13
CNVD-2021-27934Bitdefender Total Security输入验证错误漏洞2021-04-13
CNVD-2021-27935GitLab gitlab-vscode-extension注入漏洞2021-04-13
CNVD-2021-27936OpenBMC phosphor-host-ipmid权限提升漏洞2021-04-13
CNVD-2021-27937Morgan Stanley Hobbes越界读写漏洞2021-04-13
CNVD-2021-27704Microsoft Windows Modules Installer Service权限提升漏洞2021-04-13
CNVD-2021-27705Microsoft Windows Background Intelligent Transfer Service权限提升漏洞2021-04-13