CVE-2021-25646

Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a...

ImpressCMS: Arbitrary File Deletion via Path Traversal in image-edit.php

Summary: The vulnerability is located in the /libraries/image-editor/image-edit.php script: 161. if @copy ICMSIMANAGERFOLDERPATH . '/temp/' . $simagetemp, $categpath . $simage-getVar 'imagename' 162. if @unlink ICMSIMANAGERFOLDERPATH . '/temp/' . $simagetemp 163. $msg = MDAMDBUPDATED; ... 190. el...

Remote Code Execution

moin is vulnerable to remote code execution. An attacker with write permissions is able to upload and execute malicious code via the normal wiki attachment upload functionality in the context of the server process worker by using the vulnerable MoinMoin cache action...

Denial Of Service (DoS)

subversion:xenial is vulnerable to denial of service DoS. Apache Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server...

Microsoft SharePoint Scorecards Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of controls in the Microsoft.PerformancePoint.Scorecards.Client...

CVE-2020-3353 Cisco Identity Services Engine Denial of Service Vulnerability

A vulnerability in the syslog processing engine of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to a race condition that may occur when syslog messages are processed. A...

Microsoft SharePoint Shared Forms Incomplete Blacklist Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of shared forms. It is possible to invoke a shared form in a way that allo...

Centreon Command Injection (CVE-2020-9463)

A command injection vulnerability exists in the Centreon Web Application. Successful attack may result in arbitrary command execution in the context of the server process...

Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2019-1125)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2019-1150)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Advantech DiagAnywhere FILE_OPEN_RO Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech DiagAnywhere. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of FILEOPENRO messages. The issue results from the lack of proper...

Important: subversion

Issue Overview: In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server.CVE-2018-11782 In Apache Subversion versio...

Cross-Site Scripting (XSS)

apache-airflow is vulnerable to cross-site scripting XSS. An administrative user is able to edit the state of objects in the metadata database to contain malicious Javascript, which will execute in a victim's browser when rendered. This vulnerability also allows reading of arbirary files permitte...

PYSEC-2019-216

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process...

CVE-2019-6473

An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process kea-dhcp4, causing the server process to exit. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2...

CVE-2019-6473

An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process kea-dhcp4, causing the server process to exit. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2...

CVE-2019-0203

In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server...

CVE-2018-11782

In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server...

Design/Logic Flaw

In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server...

Design/Logic Flaw

In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server...