CVE-2021-22096

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries...

CVE-2021-36994

There is a issue that trustlist strings being repeatedly inserted into the linked list in Huawei Smartphone due to race conditions. Successful exploitation of this vulnerability can cause exceptions when managing the system trustlist...

Race condition

There is a issue that trustlist strings being repeatedly inserted into the linked list in Huawei Smartphone due to race conditions. Successful exploitation of this vulnerability can cause exceptions when managing the system trustlist...

CVE-2021-35231 Unquoted Path (SMB Login) Vulnerability

As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. Example vulnerable path:...

CVE-2021-35230

The CVE-2021-35230 entry describes an unquoted service path vulnerability in the Kiwi CatTools Installation Wizard that could allow a local attacker to gain elevated privileges by placing an executable in the path of the affected service or uninstall entry. The vulnerability is local-privilege-es...

CVE-2021-33988

CVE-2021-33988 is a Cross-Site Scripting (XSS) vulnerability reported in Microweber CMS version 1.2.7 accessible via the Login form. The concrete details from connected sources state that an attacker could inject and execute Javascript by placing code in the login request form, enabling a client-...

Cross site scripting

A reflected cross-site scripting XSS vulnerability exists in the i-Panel Administration System Version 2.0 that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console and it is possible to insert a vulnerable malicious button...

openSUSE: Security Advisory for nextcloud (openSUSE-SU-2021:1253-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2021-24619

The Per page add to head WordPress plugin through 1.4.4 does not properly sanitise one of its setting, allowing malicious HTML to be inserted by high privilege users even when the unfilteredhtml capability is disallowed, which could lead to Cross-Site Scripting issues...

CVE-2021-22239

An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later...

Code injection

An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later...

CVE-2021-22239

CVE-2021-22239 affects GitLab CE/EE 14.0 and later, where an unauthorized user could insert metadata when creating a new issue. The connected advisories confirm the issue is an access-restriction bypass tied to issue creation, with multiple sources noting the need to upgrade to a patched release....

CVE-2021-22239

An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later...

CVE-2021-22239

Removed by vendor...

GHSA-XM9M-2VJ8-FMFR Uninitialized memory access in toodee

An issue was discovered in the toodee crate before 0.3.0 for Rust. The row-insertion feature allows attackers to read the contents of uninitialized memory locations...

Double free in toodee

When inserting rows from an iterator at a particular index, toodee would shift items over, duplicating their ownership. The space reserved for the new elements was based on the len returned by the ExactSizeIterator. This could result in elements in the array being freed twice if the iterator...

Data races in cache

An issue was discovered in the cache crate through 2020-11-24 for Rust. Affected versions of this crate unconditionally implement Send/Sync for Cache. This allows users to insert K that is not Send or not Sync. This allows users to create data races by using non-Send types like Arc or Rc as K in...

GHSA-VFQX-HV88-F9CV Double-free in id-map

A double free can occur in getorinsert upon a panic of a user-provided f function. getorinsert reserves space for a value, before calling the user provided insertion function f. If the function f panics then uninitialized or previously freed memory can be dropped...

GHSA-H45V-VGVP-3H5V Out-of-bounds write in stack

ArrayVec::insert allows insertion of an element into the array object into the specified index. Due to a missing check on the upperbound of this index, it is possible to write out of bounds...

GHSA-HR3C-6MMP-6M39 Memory corruption slice-deque

Affected versions of this crate did not properly update the head and tail of the deque when inserting and removing elements from the front if, before insertion or removal, the tail of the deque was in the mirrored memory region, and if, after insertion or removal, the head of the deque is exactly...