Astra Linux - уязвимость в ntfs-3g

A properly crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfsgetattributevalue, in NTFS-3G 2021.8.22...

CVE-2021-35402

PROLiNK PRC2402M 20190909 before 2021-06-13 allows liveapi.cgi?page=satellitelist OS command injection via shell metacharacters in the ip parameter for satellitestatus...

PT-2026-21285

Name of the Vulnerable Software and Affected Versions PROLiNK PRC2402M versions prior to 2021-06-13 Description The PROLiNK PRC2402M router firmware contains a flaw that allows for arbitrary OS command execution. The issue resides in the live api.cgi script when handling the page=satellite list...

Aimeos GrapesJS CMS 跨站脚本漏洞

Aimeos GrapesJS CMS is a content management system for Aimeos Individual Developers. A cross-site scripting vulnerability exists in Aimeos GrapesJS CMS, which stems from the potential injection of JavaScript code when CSP is disabled, potentially leading to a stored cross-site scripting attack. T...

SUSE CVE-2021-30474

aomdsp/graintable.c in libaom in AOMedia before 2021-03-30 has a use-after-free...

ONLYOFFICE 代码问题漏洞

Ascensio System ONLYOFFICE is an office software from Ascensio System, Latvia. A security vulnerability exists in all versions of ONLYOFFICE prior to 2021-11-08 that stems from susceptibility to server-side request forgery SSRF attacks. The Document Editor service can be misused to read arbitrary...

CVE-2022-31504

The ChangeWeDer/BaiduWenkuSpiderflaskWeb repository before 2021-11-29 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

EyesOfNetwork 安全漏洞

EyesOfNetwork EON is an open source, free IT monitoring solution from the EyesOfNetwork community. The solution provides features such as a business process configuration tool, generating pop-up windows when events occur in the active queue, and more. A security vulnerability exists in versions...

PT-2022-6564 · Ffjpeg · Ffjpeg

Name of the Vulnerable Software and Affected Versions: ffjpeg versions prior to 01.01.2021 Description: The issue is a global buffer overflow that could cause a Denial of Service by using a crafted jpeg file. It is similar to a previously known issue. The problem lies in the jfif encode function ...

PT-2022-6565 · Ffjpeg · Ffjpeg

Name of the Vulnerable Software and Affected Versions: ffjpeg versions prior to 01.01.2021 Description: The issue is related to a heap-based buffer overflow in the jfif decode function at ffjpeg/src/jfif.c, which could cause a Denial of Service by using a crafted jpeg file. This can be exploited ...

PT-2022-11359 · Eclipse · Eclipse Wakaama

Name of the Vulnerable Software and Affected Versions: Eclipse Wakaama versions prior to 2021-01-14 Description: The issue arises from the CoAP parsing code in Eclipse Wakaama, which fails to properly sanitize network-received data. This has been the case since the inception of Eclipse Wakaama...

Rust 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in Rust abomonation crate in versions prior to 2021-10-17, which could allow information leakage or ASLR bypass...

PT-2021-16658 · Google · Widevine Trustlet

Name of the Vulnerable Software and Affected Versions: Widevine trustlet versions prior to SMR Oct-2021 Release 1 Description: A possible guessing and confirming a byte memory vulnerability allows attackers to read arbitrary memory addresses. Recommendations: For versions prior to SMR Oct-2021...

CVE-2021-25665

A vulnerability has been identified in Simcenter STAR-CCM+ Viewer All versions V2021.2.1. The starview+.exe application lacks proper validation of user-supplied data when parsing scene files. This could result in an out of bounds write past the end of an allocated structure. An attacker could...

TH Wildau COVID-19 Contact Tracing 授权问题漏洞

TH Wildau COVID-19 Contact Tracing is a web application used for contact tracing in the event of a SARS Cov2 infection. An authorization issue vulnerability exists in TH Wildau COVID-19 Contact Tracing that stems from the product's registration API not validating input. An attacker could use this...

Jetbrains JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Jetbrains, a Czech company. The tool provides continuous unit testing, code quality analysis, and build issue analysis reporting.A security vulnerability exists in versions of JetBrains TeamCity...

CVE-2021-31903

In JetBrains YouTrack before 2021.1.9819, a pull request's title was sanitized insufficiently, leading to XSS...

Xiaomi MIUI 安全漏洞

Xiaomi MIUI is a set of Android-based smartphone operating systems developed by China's Xiaomi Technology Xiaomi. An information disclosure vulnerability exists in Xiaomi Mobile Phone MIUI versions prior to 2021.01.26. The vulnerability can be exploited by an attacker to obtain a list of running...

MuleSoft Mule 代码问题漏洞

Mulesoft MuleSoft Mule is a lightweight integration platform from the US company MuleSoft Mulesoft. The platform supports management of message routing between nodes, data mapping, and more. A security vulnerability exists in MuleSoft Mule 4.x runtime released before February 2, 2021, which...

Pystemon Security Vulnerabilities

pystemon before 2021-02-13 A security vulnerability exists that allows code execution via YAML deserialization...