Lucene search
+L

15 matches found

Tenable Nessus
Tenable Nessus
added 2023/10/20 12:0 a.m.37 views

Ubuntu 20.04 ESM : Smarty vulnerabilities (USN-5348-3)

The remote Ubuntu 20.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5348-3 advisory. USN-5348-1 fixed several vulnerabilities in Smarty. This update provides the fixes for CVE-2021-21408, CVE-2021-26119, CVE-2021-26120 and CVE-2021-29454...

9.8CVSS6.7AI score0.82316EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2023/10/20 12:0 a.m.24 views

Ubuntu 16.04 ESM : Smarty vulnerabilities (USN-5348-2)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5348-2 advisory. USN-5348-1 fixed several vulnerabilities in Smarty. This update provides the fixes for CVE-2021-21408, CVE-2021-26119, CVE-2021-26120 and CVE-2021-29454...

9.8CVSS6.7AI score0.82316EPSS
Exploits2References5
OpenVAS
OpenVAS
added 2023/01/27 12:0 a.m.29 views

Ubuntu: Security Advisory (USN-5348-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.3AI score0.82316EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 2022/12/22 12:0 a.m.42 views

Fedora 36 : php-Smarty (2022-52154efd61)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-52154efd61 advisory. 3.1.47 - 2022-09-14 Security - Applied appropriate javascript and html escaping in mailto plugin to counter injection attacks 454 Fixed - Fixed use ...

9.8CVSS7.5AI score0.82316EPSS
Exploits3References6
OpenVAS
OpenVAS
added 2022/11/11 12:0 a.m.27 views

Fedora: Security Advisory for php-Smarty (FEDORA-2022-d5fc9dcdd7)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS8.2AI score0.82316EPSS
Exploits3References2
Ubuntu
Ubuntu
added 2022/06/21 3:29 p.m.71 views

USN-5348-3: Smarty vulnerabilities

USN-5348-1 fixed several vulnerabilities in Smarty. This update provides the fixes for CVE-2021-21408, CVE-2021-26119, CVE-2021-26120 and CVE-2021-29454 for Ubuntu 20.04 ESM. Original advisory details: David Gnedt and Thomas Konrad discovered that Smarty was incorrectly sanitizing the paths prese...

9.8CVSS7.2AI score0.82316EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2022/05/31 12:0 a.m.43 views

Debian DSA-5151-1 : smarty3 - security update

The remote Debian 10 / 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5151 advisory. - Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.43 and 4.0.3,...

9.8CVSS7AI score0.82316EPSS
Exploits3References15
OpenVAS
OpenVAS
added 2022/05/31 12:0 a.m.42 views

Debian: Security Advisory (DSA-5151-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.8AI score0.04841EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2022/05/06 12:0 a.m.30 views

Debian DLA-2995-1 : smarty3 - LTS security update

The remote Debian 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-2995 advisory. Smarty3, a template engine for PHP, allowed template authors to run restricted static php methods. The same authors could also run arbitrary PHP code by crafting a...

8.8CVSS7AI score0.0222EPSS
Exploits0References8
NVD
NVD
added 2022/01/10 8:15 p.m.23 views

CVE-2021-21408

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch...

8.8CVSS0.0222EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2022/01/10 8:15 p.m.28 views

CVE-2021-21408

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch...

8.8CVSS6.6AI score0.0222EPSS
Exploits0References8
Cvelist
Cvelist
added 2022/01/10 12:0 a.m.51 views

CVE-2021-21408 Access to restricted PHP code by dynamic static class access in smarty

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch...

8.8CVSS9.3AI score0.0222EPSS
Exploits0References9
CVE
CVE
added 2022/01/10 12:0 a.m.138 views

CVE-2021-21408

Smarty (PHP template engine) is affected by CVE-2021-21408. The vulnerability allows template authors to run restricted static PHP methods due to a flaw present in versions before 3.1.43 and 4.0.3. The issue arises from how templates can invoke static methods, enabling potential code execution. R...

8.8CVSS8.6AI score0.0222EPSS
Exploits0References9Affected Software1
Vulnrichment
Vulnrichment
added 2022/01/10 12:0 a.m.4 views

CVE-2021-21408 Access to restricted PHP code by dynamic static class access in smarty

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch...

8.8CVSS7.1AI score0.0222EPSS
Exploits0References9
Debian CVE
Debian CVE
added 2022/01/10 12:0 a.m.39 views

CVE-2021-21408

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch...

8.8CVSS6.1AI score0.0222EPSS
Exploits0
Rows per page
Query Builder