CVE-2021-32820 File disclosure in Express Handlebars

Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential...

CVE-2021-32817 File disclosure in express-hbs

express-hbs is an Express handlebars template engine. express-hbs mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability...

PT-2021-19954 · Unknown · Express-Handlebars

Name of the Vulnerable Software and Affected Versions: Express-handlebars affected versions not specified Description: The layout parameter in Express-handlebars may trigger file disclosure vulnerabilities in downstream applications, allowing inclusion of files with existing extensions. Files...

handlebars 代码注入漏洞

handlebars is a semanticized web template system. A code injection vulnerability exists in Express-handlebars, where a layout parameter may trigger a file disclosure vulnerability in a downstream application...

CVE-2021-27386

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7" & 15" incl. SIPLUS variants All versions V15.1 Update 6, SIMATIC HMI Comfort Outdoor Panels V16 7" & 15" incl. SIPLUS variants All versions V16 Update 4, SIMATIC HMI Comfort Panels V15 4" - 22" incl. SIPLUS...

CVE-2021-27384

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7" & 15" incl. SIPLUS variants All versions V15.1 Update 6, SIMATIC HMI Comfort Outdoor Panels V16 7" & 15" incl. SIPLUS variants All versions V16 Update 4, SIMATIC HMI Comfort Panels V15 4" - 22" incl. SIPLUS...

CVE-2021-27386

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7" & 15" incl. SIPLUS variants All versions V15.1 Update 6, SIMATIC HMI Comfort Outdoor Panels V16 7" & 15" incl. SIPLUS variants All versions V16 Update 4, SIMATIC HMI Comfort Panels V15 4" - 22" incl. SIPLUS...

CVE-2021-27385

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7" & 15" incl. SIPLUS variants All versions V15.1 Update 6, SIMATIC HMI Comfort Outdoor Panels V16 7" & 15" incl. SIPLUS variants All versions V16 Update 4, SIMATIC HMI Comfort Panels V15 4" - 22" incl. SIPLUS...

CVE-2021-27384

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7" & 15" incl. SIPLUS variants All versions V15.1 Update 6, SIMATIC HMI Comfort Outdoor Panels V16 7" & 15" incl. SIPLUS variants All versions V16 Update 4, SIMATIC HMI Comfort Panels V15 4" - 22" incl. SIPLUS...

Siemens SIMATIC WinCC 缓冲区错误漏洞

Siemens SmartVNC is an industrial control device from Siemens, Germany. Provides a smartserver function to access the HMI. Siemens SmartVNC has a heap allocation disclosure vulnerability in the client device layout handler that can be exploited by an attacker to cause a denial of service conditio...

Liferay Enterprise Portal 跨站脚本漏洞

Liferay Enterprise Portal is an application system from Liferay USA. It provides a showcase for e-commerce functionality. A cross-site scripting vulnerability exists in Liferay Enterprise Portal. The vulnerability stems from insufficient handling of user-supplied data in the administration page o...

[SECURITY] Fedora 33 Update: pngcheck-2.4.0-8.fc33

pngcheck verifies the integrity of PNG, JNG and MNG files by checking the internal 32-bit CRCs checksums and decompressing the image data; it can optionally dump almost all of the chunk-level information in the image in human-readable form. For example, it can be used to print the basic statist i...

Nvidia vGPU Software 信息泄露漏洞

Nvidia vGPU Software is a management software from Nvidia USA for providing GPU capabilities to virtual machines. The software supports multiple virtual machines to access the host's GPU, providing graphics performance and application compatibility for virtual machines. An information disclosure...

Apple iOS 安全漏洞

Apple iOS is an operating system developed by Apple Inc. for mobile devices. A security vulnerability exists in Apple iOS, where a malicious application may be able to determine the kernel memory layout. The following products and versions are affected: iPhone 6s and later, iPad Pro all models,...

Security update for irssi (moderate)

openSUSE Security Update: Security update for irssi Announcement ID: openSUSE-SU-2021:0595-1 Rating: moderate References: 1184848 Affected Products: openSUSE Backports SLE-15-SP2 An update that contains security fixes can now be installed. Description: This update for irssi fixes the following...

OPENSUSE-SU-2021:0587-1 Security update for irssi

This update for irssi fixes the following issues: irssi was updated to 1.2.3 boo1184848 - Fix the compilation of utf8proc 1021 - Fix wrong call to free. By Zero King 1076 - Fix a colour reset in true colour themes when encountering mIRC colours 1059 - Fix memory leak on malformed CAP requests 112...

CVE-2021-26031

An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate filters on module layout settings could lead to an LFI...

CVE-2021-26031

An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate filters on module layout settings could lead to an LFI...

CVE-2021-27990

Appspace 6.2.4 is vulnerable to a broken authentication mechanism where pages such as /medianet/mail.aspx can be called directly and the framework is exposed with layouts, menus and functionalities...

PT-2021-16924 · Joomla · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! versions 3.0.0 through 3.9.25 Description: An issue was discovered in Joomla where inadequate filters on module layout settings could lead to a Local File Inclusion LFI. Recommendations: For Joomla! versions 3.0.0 through 3.9.25, upda...