CVE-2021-41176

CVE-2021-41176 describes a cross-site request forgery (CSRF) vulnerability in Pterodactyl Panel where a signed-in user can be logged out if they visit a malicious site that makes a request to the Panel’s sign-out endpoint. This requires targeting a specific Panel instance and only signs the user ...

Security Bulletin: Vulnerabilities in Urllib3 and react-bootstrap-table affect IBM Spectrum Discover.

Summary Vulnerabilities in Urllib3 and react-bootstrap-table such as problems on the regular expression cause denial of service, improper validations in parameters and problems related to cross-site scripting, may affect IBM Spectrum Discover. Vulnerability Details CVEID: CVE-2021-33503...

Evernote: 2 click Remote Code execution in Evernote Android

This vulnerability is similar to my previous reported vulnerability 1362313 , in here also weakness is path transversal vulnerability which helps me to acheive code execution but the root cause is different. some part of this app is written in java and some parts are written in react native. In...

0.8.18-p11 (=0.8.18-p12), @msvx/component (>=1.0.1 <=1.2.2) +24 more potentially affected by CVE-2021-42227 via kindeditor (=4.1.10)

kindeditor NPM version =4.1.10 is affected by a known vulnerability. The following packages have a transitive dependency on kindeditor and may be impacted: - 0.8.18-p11 =0.8.18-p12 - @msvx/component =1.0.1, =0.0.1, =0.2.3, =0.1.1, =0.0.1, =0.0.3-p12, =4.1.9, =1.3.50, =1.0.0, =0.0.1, =0.2.49,...

CVE-2021-41129

CVE-2021-41129 affects Pterodactyl Panel. A validation flaw in the two‑factor authentication flow (LoginCheckpointController@__invoke) allows a malicious user to alter the confirmation_token to reference a cache entry containing a user_id, potentially authenticating as an arbitrary user with two‑...

Wrong index when accessing incentives

Handle pauliax Vulnerability details Impact Should be incentiveId, not positionId here: Incentive memory incentive = incentivespoolpositionId; Recommended Mitigation Steps Incentive memory incentive = incentivespoolincentiveId; --- The text was updated successfully, but these errors were...

react-here-map-interactive (>=0.0.1 <=0.9.2) potentially affected by CVE-2021-23700 via merge-deep2 (=3.0.6)

merge-deep2 NPM version =3.0.6 is affected by a known vulnerability. The following packages have a transitive dependency on merge-deep2 and may be impacted: - react-here-map-interactive =0.0.1, =0.9.2 Source cves: CVE-2021-23700 Source advisory: SNYK:JS-MERGEDEEP2-1727593...

Missing timelock for critical contract setters of privileged roles

Handle 0xRajeev Vulnerability details Impact Setter functions for critical protocol parameters accessible only by privileged roles e.g. onlyOwner should consider adding timelocks so that users and other privileged roles in the case of a multiSig can detect upcoming changes and have the time to...

@codedungeon/gunner (>=0.38.0 <=0.80.1), @codedungeon/laravel-versions-cli (=0.1.0) +22 more potentially affected by CVE-2021-3807 via ansi-regex (>=4.0.0 <=4.1.0)

ansi-regex NPM version =4.0.0, =0.38.0, =0.0.65, =0.0.0, =0.0.41, =0.0.12, =0.0.0, =0.2.0, =3.3.69, =0.0.3, =0.2.11, =5.1.0, =4.0.58, =3.0.58, =6.0.17, =6.1.110 and more Source cves: CVE-2021-3807 Source advisory: OSV:GHSA-93Q8-GQ69-WQMW...

-react-file-list-components (=1.1.1), 01basicreact (>=0.1.0 <=0.1.9) +38749 more potentially affected by CVE-2021-3757 via immer (>=7.0.0 <=9.0.5)

immer NPM version =7.0.0, =0.1.0, =0.1.0, =0.1.6 - 0beny1s =1.1.6 - 0i0 =1.0.10 - 0scarclassa =1.0.1 - 0scarclassb =1.0.1 - 0scarclassc =1.0.1 - 0scarclassd =1.0.1 - 0scarclasse =1.0.1 - 0scarclassf =1.0.1 - 0scarclassg =1.0.1 - 0scarclassh =1.0.1 - 0scarclassi =1.0.1 - 0scarclassj =1.0.1 and mor...

-react-file-list-components (=1.1.1), 01basicreact (>=0.1.0 <=0.1.9) +38749 more potentially affected by CVE-2021-23436 via immer (>=7.0.0 <=9.0.5)

immer NPM version =7.0.0, =0.1.0, =0.1.0, =0.1.6 - 0beny1s =1.1.6 - 0i0 =1.0.10 - 0scarclassa =1.0.1 - 0scarclassb =1.0.1 - 0scarclassc =1.0.1 - 0scarclassd =1.0.1 - 0scarclasse =1.0.1 - 0scarclassf =1.0.1 - 0scarclassg =1.0.1 - 0scarclassh =1.0.1 - 0scarclassi =1.0.1 - 0scarclassj =1.0.1 and mor...

@breautek/storm (>=2.0.0 <=3.0.0-rc.0), create-react-solution (>=1.2.0 <=4.4.1) +2 more potentially affected by CVE-2021-23421 via merge-change (>=1.5.3 <=1.8.1)

merge-change NPM version =1.5.3, =2.0.0, =1.2.0, =1.5.0, =4.0.0, =4.4.1 Source cves: CVE-2021-23421 Source advisory: OSV:GHSA-F9CV-665R-275H...

CVE-2021-39178

Next.js is a React framework. Versions of Next.js between 10.0.0 and 11.0.0 contain a cross-site scripting vulnerability. In order for an instance to be affected by the vulnerability, the next.config.js file must have images.domains array assigned and the image host assigned in images.domains mus...

CVE-2021-39178

Next.js is a React framework. Versions of Next.js between 10.0.0 and 11.0.0 contain a cross-site scripting vulnerability. In order for an instance to be affected by the vulnerability, the next.config.js file must have images.domains array assigned and the image host assigned in images.domains mus...

Cross site scripting

Next.js is a React framework. Versions of Next.js between 10.0.0 and 11.0.0 contain a cross-site scripting vulnerability. In order for an instance to be affected by the vulnerability, the next.config.js file must have images.domains array assigned and the image host assigned in images.domains mus...

CVE-2021-39178

Concisely, CVE-2021-39178 affects Next.js when using versions 10.0.0–11.0.0 and the next.config.js images.domains array includes a host that can serve user-provided SVGs. If images.loader is not the default or the app runs on Vercel, the vulnerability does not apply. The vulnerability is a cross-...

CVE-2021-39178 XSS in Image Optimization API for Next.js versions between 10.0.0 and 11.1.0

Next.js is a React framework. Versions of Next.js between 10.0.0 and 11.0.0 contain a cross-site scripting vulnerability. In order for an instance to be affected by the vulnerability, the next.config.js file must have images.domains array assigned and the image host assigned in images.domains mus...

Fedora: Security Advisory for rust-tui-react (FEDORA-2021-3cf88e44b4)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

-react-file-list-components (=1.1.1), 01basicreact (>=0.1.0 <=0.1.9) +38749 more potentially affected by CVE-2020-28477 +1 more via immer (>=7.0.0 <=9.0.5)

immer NPM version =7.0.0, =0.1.0, =0.1.0, =0.1.6 - 0beny1s =1.1.6 - 0i0 =1.0.10 - 0scarclassa =1.0.1 - 0scarclassb =1.0.1 - 0scarclassc =1.0.1 - 0scarclassd =1.0.1 - 0scarclasse =1.0.1 - 0scarclassf =1.0.1 - 0scarclassg =1.0.1 - 0scarclassh =1.0.1 - 0scarclassi =1.0.1 - 0scarclassj =1.0.1 and mor...

GHSA-VXF5-WXWP-M7G9 Open Redirect in Next.js

Next.js is an open source website development framework to be used with the React library. In affected versions specially encoded paths could be used when pages/error.js was statically generated, allowing an open redirect to occur to an external site. In general, this redirect does not directly...