5 matches found
Chartist 安全漏洞
Chartist is a Chartist open source library of simple responsive charts built using SVG. A security vulnerability exists in Chartist versions 1.x through 1.3.0 that stems from allowing prototype contamination via extensions...
CVE-2022-35241
In versions 2.x before 2.3.1 and all versions of 1.x, when NGINX Instance Manager is in use, undisclosed requests can cause an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender
A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain...
VMware vRealize Automation and vSphere Integrated Containers Remote Code Execution Vulnerability
VMware vRealize Automation vRA and vSphere Integrated Containers VIC are both products from VMware. vRealize Automation vRA is a suite of cloud automation software. The software supports automated delivery of personalized infrastructure, deployment across multi-vendor, hybrid cloud infrastructure...
1: Class Loader manipulation via request parameters
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrar...