CVE-2021-32106

In ICEcoder 8.0 allows, a reflected XSS vulnerability was identified in the multipe-results.php page due to insufficient sanitization of the GET'replace' variable. As a result, arbitrary Javascript code can get executed...

ICEcoder 跨站脚本漏洞

ICEcoder is a browser-based code editor that provides a modern approach to building websites. By allowing you to write code directly in your web browser. A security vulnerability exists in ICEcoder 8.0, which has been found to reflect an XSS vulnerability in the multi- results.php page due to...

CLSA-2021-1623075923 Fix of CVE: CVE-2021-28153

Fixed CVE-2021-28153: gfilereplace with GFILECREATEREPLACEDESTINATION creates empty target for dangling symlink...

OESA-2021-1164 glib2 security update

GLib is a bundle of three formerly five low-level system libraries written in C and developed mainly by GNOME. GLib's code was separated from GTK, so it can be used by software other than GNOME and has been developed in parallel ever since. Security Fixes: An issue was discovered in GNOME GLib...

CVE-2021-1074

NVIDIA GPU Display Driver for Windows installer contains a vulnerability where an attacker with local unprivileged system access may be able to replace an application resource with malicious files. This attack requires a user with system administration rights to execute the installer and requires...

NVIDIA Windows GPU Display Driver 访问控制错误漏洞

NVIDIA GPU Display Driver for Windows is a driver from NVIDIA Corporation that is used for interactive support of graphics card display modules in Windows systems. An access control error vulnerability exists in the NVIDIA Windows GPU Display Driver for Windows, which can be exploited by an...

Mozilla: A crafted OpenPGP key with an invalid user ID could be used to confuse the user

Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature. An attacker may create a crafted version of an OpenPGP key, by either replacing the original user ID, or by adding another user ID. If Thunderbird imports and accepts the crafted key, the Thunderbi...

CVE-2021-21639

Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate the type of object created after loading the data submitted to the config.xml REST API endpoint of a node, allowing attackers with Computer/Configure permission to replace a node with one of a different type...

Updated glib2.0 packages fix security vulnerability

An issue was discovered in GNOME GLib before 2.66.8. When gfilereplace is used with GFILECREATEREPLACEDESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is...

ALPINE-CVE-2021-28153

An issue was discovered in GNOME GLib before 2.66.8. When gfilereplace is used with GFILECREATEREPLACEDESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is...

AZL-6439 CVE-2021-28153 affecting package glib for versions less than 2.60.1-5

An issue was discovered in GNOME GLib before 2.66.8. When gfilereplace is used with GFILECREATEREPLACEDESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is...

Design/Logic Flaw

An issue was discovered in GNOME GLib before 2.66.8. When gfilereplace is used with GFILECREATEREPLACEDESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is...

GNOME Glib 后置链接漏洞

GNOME Glib is a multi-platform toolkit for creating graphical user interfaces and is the underlying core library for GTK+ and GNOME projects. A security vulnerability exists in GNOME GLib before 2.66.8, which stems from the fact that gfilereplace and GFILECREATEREPLACEDESTINATION incorrectly also...

FUEL CMS SQL注入漏洞

FUEL CMS is a content management system based on CodeIgniter. A SQL injection vulnerability exists in the 'fuelreplaceid' parameter in pages/replace/1 in FUEL CMS 1.4.8. An attacker could use this vulnerability to corrupt the application, access or modify data, or exploit a potential vulnerabilit...

PT-2021-5823 · Gnome +9 · Gnome Glib +9

Name of the Vulnerable Software and Affected Versions: GNOME GLib versions prior to 2.66.8 Description: An issue was discovered in GNOME GLib when the g file replace function is used with G FILE CREATE REPLACE DESTINATION to replace a path that is a dangling symlink. It incorrectly creates the...

Shadow Attacks Let Attackers Replace Content in Digitally Signed PDFs

Researchers have demonstrated a novel class of attacks that could allow a bad actor to potentially circumvent existing countermeasures and break the integrity protection of digitally signed PDF documents. Called "Shadow attacks" by academics from Ruhr-University Bochum, the technique uses the...

CVE-2020-13553

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with ...

Advantech WebAccess/SCADA 安全漏洞

Advantech WebAccess/SCADA is a suite of SCADA software from Advantech based on a browser architecture. The software supports dynamic graphical displays and real-time data control, and provides the ability to remotely control and manage automation equipment. A local elevation of privilege...

DEBIAN-CVE-2020-27770

Due to a missing check for 0 value of replaceextent, it is possible for offset p to overflow in SubstituteString, causing potential impact to application availability. This could be triggered by a crafted input file that is processed by ImageMagick. This flaw affects ImageMagick versions prior to...

Authorization

Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys...