1925 matches found
CVE-2021-45007
Summary: CVE-2021-45007 affects Plesk 18.0.37 and is a Cross-Site Request Forgery (CSRF) vulnerability caused by lack of CSRF token validation, enabling an attacker to insert data into the user and admin panels. Affected component/scope: Plesk 18.0.37; site-specific issues noted across Plesk user...
CVE-2021-45007
Plesk 18.0.37 is affected by a Cross Site Request Forgery CSRF vulnerability that allows an attacker to insert data on the user and admin panel. NOTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk users...
CVE-2022-25366
Cryptomator through 1.6.5 allows DYLIB injection because, although it has the flag 0x1000 for Hardened Runtime, it has the com.apple.security.cs.disable-library-validation and com.apple.security.cs.allow-dyld-environment-variables entitlements. An attacker can exploit this by creating a malicious...
CVE-2021-22060
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more...
GHSA-H236-G5GH-VQ6C DOM-based cross-site scripting in Froala Editor
Froala WYSIWYG HTML Editor is a lightweight WYSIWYG HTML Editor written in JavaScript that enables rich text editing capabilities for web applications. A DOM-based cross-site scripting XSS vulnerability exists in versions before 3.2.3 because HTML code in the editor is not correctly sanitized whe...
CLSA-2022-1643639170 Fix CVE(s): CVE-2022-0213, CVE-2022-0261
SECURITY UPDATE: Going over the end of status line buffer - debian/patches/CVE-2022-0213.patch: Check line length when appending a space to NameBuff - CVE-2022-0213 SECURITY UPDATE: Block insert goes over the end of the line - debian/patches/CVE-2022-0261.patch: Handle invalid byte better and fix...
Server side template injection — SSTI vulnerability ⚠️
Server side template injection — SSTI vulnerability ⚠️ Introduction There is hardly any software development or other linked elements that haven’t fallen into the trap of cyber vulnerabilities. Templates, used for HTML code management on the server-side, are amongst them. The attack targeting the...
CVE-2022-0338 Insertion of Sensitive Information into Log File in delgan/loguru
Insertion of Sensitive Information into Log File in Conda loguru prior to 0.5.3...
Mozilla: Out-of-bounds memory access when inserting text in edit mode
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When inserting text in edit mode, some characters might have led to out-of-bounds memory access, causing a potentially exploitable crash...
Mozilla: Out-of-bounds memory access when inserting text in edit mode
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When inserting text in edit mode, some characters might have led to out-of-bounds memory access, causing a potentially exploitable crash...
Mozilla: Out-of-bounds memory access when inserting text in edit mode
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When inserting text in edit mode, some characters might have led to out-of-bounds memory access, causing a potentially exploitable crash...
Mozilla: Out-of-bounds memory access when inserting text in edit mode
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When inserting text in edit mode, some characters might have led to out-of-bounds memory access, causing a potentially exploitable crash...
Mozilla Firefox 缓冲区错误漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a buffer error vulnerability that stems from the fact that when inserting text in edit mode, certain characters may result in out-of-bounds memory access, leading to a cras...
CVE-2021-22060
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more...
CVE-2021-22060
CVE-2021-22060 affects Spring Framework (versions 5.3.0–5.3.13 and 5.2.0–5.2.18, plus older unsupported) where crafted input can cause insertion of extra log entries. It is a follow-up to CVE-2021-22096; the root cause is input handling in the framework that permits log entry insertion. Connected...
CVE-2021-35232 Hard credentials discovered in SolarWinds Web Help Desk which allows to execute Arbitrary Hibernate Queries
Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users ...
CVE-2021-22096
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries...
PT-2021-7276 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to v5.16-rc6 Description: A flaw in the Linux kernel's eBPF verifier allows internal memory locations to be returned to userspace when handling internal data structures. This can be exploited by a local attacker wi...
Business-Dna Solution GmbH TopEase Code Injection Vulnerability
Business-Dna Solution GmbH TopEase is a "Transformational Risk" solution from Business-Dna Solution GmbH, Switzerland. It is used to manage complex projects and initiatives comprehensively, simply, quickly and securely. A code injection vulnerability exists in Business-Dna Solution GmbH TopEase,...
CVE-2021-28709
issues with partially successful P2M updates on x86 This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. x86 HVM and PVH guests may be started in populate-on-demand PoD mode, to provide a way for them to later easily have...