Moderate: Red Hat Security Advisory: Red Hat Decision Manager 7.11.0 security update

An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...

Apache CXF 资源管理错误漏洞

Apache CXF is the United States Apache Apache Foundation's an open source Web services framework. The framework supports multiple Web service standards, multiple front-end programming APIs, etc. Apache CXF has a resource management error vulnerability that can be exploited by an attacker to submi...

GHSA-8H2J-CGX8-6XV7 Cross-Site Request Forgery (CSRF) in FastAPI

Impact FastAPI versions lower than 0.65.2 that used cookies for authentication in path operations that received JSON payloads sent by browsers were vulnerable to a Cross-Site Request Forgery CSRF attack. In versions lower than 0.65.2, FastAPI would try to read the request payload as JSON even if...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Goto WordPress theme prior to version 2.1,...

GHSA-8RF5-92JH-3VC9 Uncaught Exception leading to Denial of Service in json-sanitizer

OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations...

Bryan Davis analytics-quarry-web 跨站脚本漏洞

Wikimedia Quarry analytics-quarry-web is an open source application. Wikimedia Quarry analytics-quarry-web is vulnerable to a cross-site scripting vulnerability. The vulnerability stems from the fact that app.py does not explicitly set the application json content type. No details of the...

GHSA-FJQ3-5PXW-4WJ4 Cross-Site Request Forgery in Webargs

flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Content-Type header is application/json when receiving JSON input. If the request body is valid JSON, it will accept it even if the content type is application/x-www-form-urlencoded. This allows for JSON POST requests to be made...

CVE-2021-30184

GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN Portable Game Notation data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmdpgnload and cmdpgnreplay functions in frontend/cmd.cc...

CVE-2021-30184

GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN Portable Game Notation data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmdpgnload and cmdpgnreplay functions in frontend/cmd.cc...

OESA-2021-1132 wireshark security update

Wireshark is an open source tool for profiling network traffic and analyzing packets. Such a tool is often referred to as a network analyzer, network protocol analyzer or sniffer. Wireshark, formerly known as Ethereal, can be used to examine the details of traffic at a variety of levels ranging...

Npm is-my-json-valid 资源管理错误漏洞

Npm is-my-json-valid is an application of the United States Npm . A JSONSchema is very fast to validate using a code generation mechanism. A resource management error vulnerability exists in is-my-json-valid, which stems from the use of an inefficient regular expression to validate a JSON field...

Prototype Pollution

Overview shvl is a Get and set dot-notated properties within an object Affected versions of this package are vulnerable to Prototype Pollution due to an incomplete fix not protecting against the constructor.prototype vector. PoC js var shvl = require"shvl" let obj = console.log"Before: " +...

Server-side Request Forgery (SSRF)

Overview github.com/pterodactyl/wings/router/downloader is a Wings is Pterodactyl's server control plane, built for the rapidly changing gaming industry and designed to be highly performant and secure. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF. It is...

CVE-2021-20186

It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that if the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS...

Cross site scripting

It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that if the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS...

CVE-2021-20186

It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that if the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS...

CVE-2021-20186

CVE-2021-20186 affects Moodle versions before 3.10.1, 3.9.4, 3.8.7 and 3.5.16 where the TeX notation filter is enabled; inadequate sanitization allows stored XSS. Root cause: insufficient sanitization of TeX content when the filter is active. Vulnerable component: TeX notation filter handling in ...

Moodle 跨站脚本漏洞

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A cross-site scripting vulnerability exists in Moodle versions prior to 3.10.1, 3.9.4, 3.8.7 and 3.5.16, which originates from TeX...

VulnCheck KEV: CVE-2020-7961

Liferay Portal contains a deserialization of untrusted data vulnerability that allows remote attackers to execute code via JSON web services...

Owasp Json-sanitizer 输入验证错误漏洞

Owasp Json-sanitizer is the Owasp Foundation of a Java-based Json can be based on the text content similar to the Json code library to generate data in Json format . An input validation error vulnerability exists in OWASP JSON -sanitizer prior to version 1.2.2, which stems from the fact that a...