EUVD-2025-201090

Envoy's TLS certificate matcher for matchtypedsubjectaltnames may incorrectly treat certificates containing an embedded null byte...

Envoy 代码问题漏洞

Envoy is an Enphase open source gateway program for connecting smart home devices. A code issue vulnerability exists in Envoy versions 1.33.12, 1.34.10, 1.35.6, 1.36.2, and prior versions, which stems from a reentry error in the JWT authentication configuration that could lead to a crash...

Envoy 资源管理错误漏洞

Envoy is an Enphase open source gateway program for connecting smart home devices. A resource management error vulnerability exists in Envoy versions prior to 1.36.2, prior to 1.35.6, prior to 1.34.10, and prior to 1.33.12, which stems from the presence of post-release reuse of Lua filters, which...

EUVD-2021-29032

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-41798

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search results page. CVE-2021-41798 Note...

MediaWiki Cross-Site Scripting Vulnerability (CNVD-2022-05529)

MediaWiki is a free and free-to-use web-based wiki engine from the US-based MediaWiki Foundation. A cross-site scripting vulnerability exists in versions of MediaWiki prior to 1.36.2, which stems from the fact that MediaWiki messages associated with a month are not escaped until they are used on ...

DEBIAN-CVE-2021-41799

MediaWiki before 1.36.2 allows a denial of service resource consumption because of lengthy query processing time. ApiQueryBacklinks action=query&list=backlinks can cause a full table scan...

PT-2021-23482 · Mediawiki +2 · Mediawiki +2

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.36.2 MediaSearch extension versions through 1.36.2 Description: An issue was discovered in Special:MediaSearch in the MediaSearch extension. The suggestion text, a parameter to mediasearch-did-you-mean, was not...

PT-2021-23486 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.36.2 Description: An issue was discovered in the Growth extension in MediaWiki. On any Wiki with the Mentor Dashboard feature enabled, users can login with a mentor account and trigger an XSS payload, such as an...

PT-2021-23484 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.36.2 Description: An issue was discovered in SecurePoll in the Growth extension, where simple polls allow users to create alerts by changing their User-Agent HTTP header and submitting a vote. Recommendations: For...

PT-2021-23487 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.36.2 Description: An issue was discovered in the Growth extension in MediaWiki. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero edits...

PT-2021-23411 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.36.2 Description: The issue allows for XSS due to month-related MediaWiki messages not being escaped before being used on the Special:Search results page. Recommendations: For versions prior to 1.36.2, update to...

MediaWiki 资源管理错误漏洞

MediaWiki is a free and free-to-use web-based wiki engine from the US-based Wikimedia MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems.MediaWiki has a denial of service vulnerability in versions prior to 1.36.2, which stems from...

[ASA-202107-38] firefox-ublock-origin: denial of service

Arch Linux Security Advisory ASA-202107-38 ========================================== Severity: Medium Date : 2021-07-20 CVE-ID : CVE-2021-36773 Package : firefox-ublock-origin Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-2172 Summary ======= The package...

PT-2021-21349 · Unknown +2 · Ublock Origin +2

Name of the Vulnerable Software and Affected Versions: uBlock Origin versions prior to 1.36.2 nMatrix versions prior to 4.4.9 Description: The issue allows crafted web sites to cause a denial of service due to unbounded recursion, which can trigger memory consumption and a loss of all blocking...