Archive for October, 2021

CVE-2020-36380

An issue was discovered in the crunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.
Source: NIST
CVE-2020-36380

CVE-2020-36381

An issue was discovered in the singleCrunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.
Source: NIST
CVE-2020-36381

CVE-2020-36378

An issue was discovered in the packageCmd function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.
Source: NIST
CVE-2020-36378

CVE-2020-36379

An issue was discovered in the remove function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.
Source: NIST
CVE-2020-36379

CVE-2020-36376

An issue was discovered in the list function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.
Source: NIST
CVE-2020-36376

CVE-2020-36377

An issue was discovered in the dump function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.
Source: NIST
CVE-2020-36377

CVE-2020-26707

An issue was discovered in the add function in Shenzhim AAPTJS 1.3.1 which allows attackers to execute arbitrary code via the filePath parameter.
Source: NIST
CVE-2020-26707

CVE-2020-26705

The parseXML function in Easy-XML 0.5.0 was discovered to have a XML External Entity (XXE) vulnerability which allows for an attacker to expose sensitive data or perform a denial of service (DOS) via a crafted external entity entered into the XML content as input.
Source: NIST
CVE-2020-26705

CVE-2021-33259

Several web interfaces in D-Link DIR-868LW 1.12b have no authentication requirements for access, allowing for attackers to obtain users’ DNS query history.
Source: NIST
CVE-2021-33259

CVE-2020-25912

A XML External Entity (XXE) vulnerability was discovered in symphonylibtoolkitclass.xmlelement.php in Symphony 2.7.10 which can lead to an information disclosure or denial of service (DOS).
Source: NIST
CVE-2020-25912