78 matches found
XXL-JOB 跨站脚本漏洞
XXL-JOB is a java-based distributed task scheduling platform from the XXL XXL-JOB community. xxl-job version 2.3.0 is vulnerable to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute JavaScript programs...
PT-2022-16867
Name of the Vulnerable Software and Affected Versions node-forge versions prior to 1.3.0 Description The issue concerns the RSA PKCS1 v1.5 signature verification code in node-forge, which is lenient in checking the digest algorithm structure. This leniency can allow a crafted structure to steal...
McAfee Drive Encryption 安全漏洞
Mcafee McAfee Drive Encryption is a full-disk encryption software from McAfee, Inc. that helps protect data on Microsoft Windows tablets, laptops, and desktop PCs against loss of sensitive data, especially loss due to device loss or theft. A security vulnerability exists in the Windows system...
CVE-2021-38710
Static Persistent XSS Vulnerability exists in version 4.3.0 of Yclas when using the install/view/form.php script. An attacker can store XSS in the database through the vulnerable SITENAME parameter...
Thycotic Password Reset Server 信息泄露漏洞
Thycotic Password Reset Server is a password reset server from Thycotic, U.S.A. A security vulnerability exists in versions of Thycotic Password Reset Server prior to 5.3.0, which stems from the password reset server allowing credentials to be exposed. An attacker could exploit the vulnerability ...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection. It used to call Kernelopen to open a local file. If a Ruby project hasa file whose name starts with | and ends with tags, the command followingthe pipe character is executed. A malicious Ruby project could exploit it...
deep-floorplan (=0.0.0) potentially affected by CVE-2020-15210 via tensorflow-gpu (=2.3.0)
tensorflow-gpu PYPI version =2.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - deep-floorplan =0.0.0 Source cves: CVE-2020-15210 Source advisory: OSV:PYSEC-2020-325...
IBM Elastic Storage Server Spectrum Scale Denial of Service Vulnerability (CNVD-2020-52392)
IBM Spectrum Scale is a scalable data and file management solution from IBM USA based on IBM GPFS, an enterprise file management system optimized for petabyte-scale storage management. The product supports helping clients reduce storage costs while improving security and management efficiency in...
Zephyr Code Execution Vulnerability (CNVD-2020-35962)
Zephyr is an open source, small, scalable real-time operating system from the Linux Foundation. A security vulnerability exists in the MQTT packet length decoder in Zephyr 2.2.0 and later versions fixed in version 2.3.0. An attacker could exploit this vulnerability to cause memory corruption and...
Unspecified vulnerability in CrushFTP (CNVD-2020-03729)
CrushFTP is a file transfer server. A security vulnerability exists in CrushFTP 8.3.0 and earlier versions that can be exploited by attackers to steal credentials...
CVE-2019-4130
IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 158280...
Pegasystem PEGA Platform Information Disclosure Vulnerability
Pegasystem PEGA Platform is a suite of application development platforms from Pegasystem UK. The platform is used to develop applications for BPM Business Process Management, Case Management, Real Time Decision Making and CRM Customer Relationship Management. An information disclosure vulnerabili...
RANGER Studio Directus Information Disclosure Vulnerability
RANGER Studio Directus is a set of open source headless CMS and API for managing custom databases from RANGER Studio, U.S.A. The Directus API is one of the components that can add a RESTful API layer to new or existing SQL databases. An information disclosure vulnerability exists in RANGER Studio...
Unspecified Vulnerability in inversoft prime-jwt
inversoft prime-jwt is an open source Java 8-based JWT library . A security vulnerability exists in JWTDecoder.decode in versions prior to inversoft prime-jwt 1.3.0 and commit 0d94dcef0133d699f21d217e922564adbb83a227. No details of the vulnerability are provided at this time...
libzip '_zip_read_eocd64' function denial of service vulnerability
libzip is a C library for reading, creating and modifying zip archives developed by software developers Dieter Baron and Thomas Klausner. A security vulnerability exists in the 'zipreadeocd64' function of the zipopen.c file in versions of libzip prior to 1.3.0. A remote attacker can exploit this...
WordPress PressForward plugin cross-site scripting vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.PressForward plugin is one of the workflow editing plugin. A cross-site scripting vulnerability exists in the...
Cisco ACE 4710 Application Control Engine Command Injection Vulnerability
Cisco ACE 4710 Application Control Engine is the United States Cisco Cisco a set of ACE application switch series and used to increase the security and stability of data center applications load balancing and application delivery solutions. A command injection vulnerability exists in the Cisco AC...
PT-2014-2216 · Iproute2 · Iproute2
Name of the Vulnerable Software and Affected Versions: iproute2 versions prior to 3.3.0 Description: The issue allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by certain scripts. This can be exploited through the configure script or the...