4 matches found
chartbrew 代码注入漏洞
Chartbrew is an open-source data visualization and dashboard building tool developed by Chartbrew. Versions of Chartbrew prior to 4.8.1 contained a code injection vulnerability. This vulnerability stemmed from the faulty API, which allowed remote code execution...
CVE-2020-14190
Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4...
UBUNTU-CVE-2019-3901
A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. As no relevant locks in particular the credguardmutex are held during the ptracemayaccess call, it is possible for the specified target task to perform an execve syscall with setuid execution...
DEBIAN-CVE-2018-19968
An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has...