Cross site request forgery (csrf)

Dell PowerScale OneFS versions 8.2.2 - 9.1.0.x contain a use of get request method with sensitive query strings vulnerability. It can lead to potential disclosure of sensitive data. Dell recommends upgrading at your earliest opportunity...

[SECURITY] Fedora 34 Update: rust-textwrap-0.14.2-3.fc34

Powerful library for word wrapping, indenting, and dedenting strings...

Fedora: Security Advisory for rust-textwrap (FEDORA-2021-3cf88e44b4)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2021-37326

NetSarang Xshell 7 before Build 0077 includes unintended code strings in paste operations...

CVE-2021-37326

NetSarang Xshell 7 before Build 0077 includes unintended code strings in paste operations...

Code injection

NetSarang Xshell 7 before Build 0077 includes unintended code strings in paste operations...

CVE-2021-37326

CVE-2021-37326 affects NetSarang Xshell 7 prior to Build 0077. The description specifies that paste operations contain unintended code strings, identifying the vulnerable component and root cause. The available documents do not provide exploit details, affected versions beyond the stated pre-0077...

NetSarang Xshell 信息泄露漏洞

NetSarang Xshell is an ssh client from NetSarang. A security vulnerability exists in versions prior to NetSarang Xshell 7 build0077, which stems from the software containing unexpected code strings during paste operations...

[SECURITY] Fedora 34 Update: perl-Encode-3.12-460.fc34

The Encode module provides the interface between Perl strings and the rest of the system. Perl strings are sequences of characters...

PT-2021-24348 · Unknown · Fast-Xml-Parser

Name of the Vulnerable Software and Affected Versions: fast-xml-parser versions prior to 4.1.2 Description: The issue allows for Prototype Pollution via the proto variable. This can be exploited by including proto as a tag or attribute name in an XML string. The estimated number of potentially...

Trendnet多种产品格式化字符串错误漏洞

The Trendnet TRENDnet TEW-755AP and others are a router from Trendnet. The TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 are vulnerable to a formatted string error vulnerability, which arises from a failure to strictly filter the type, number,...

GHSA-CMHX-CQ75-C4MJ Regular Expression Denial of Service in System.Text.RegularExpressions

A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981...

CVE-2021-36159

libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols. The FTP passive mode implementation allows an out-of-bounds read because strtol is used to parse the relevant numbers into address bytes. It does not check if the...

CVE-2021-36159

libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols. The FTP passive mode implementation allows an out-of-bounds read because strtol is used to parse the relevant numbers into address bytes. It does not check if the...

CVE-2021-36159

libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols. The FTP passive mode implementation allows an out-of-bounds read because strtol is used to parse the relevant numbers into address bytes. It does not check if the...

CVE-2021-24430

The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.2.0 did not validate its cachingexcludeurls and cachingincludequerystrings settings before outputting them in a PHP file, which could lead to RCE...

Denial Of Service (DoS)

apk-tools:edge is vulnerable to denial of service. The vulnerability occurs when numeric strings in the FTP and HTTP protocols are mishandled...

ArcGIS Server Manager Stored Cross-Site Scripting Vulnerability

ArcGIS Server is the back-end server software component of ArcGIS Enterprise.ArcGIS Server Manager is an application that is installed with ArcGIS Server and provides an intuitive and convenient interface for managing the server. A stored cross-site scripting vulnerability exists in ArcGIS Server...

CVE-2021-29104

A stored Cross Site Scripting XXS vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote unauthenticated attacker to pass and store malicious strings in the ArcGIS Server Manager application...

CVE-2021-29104

A stored Cross Site Scripting XXS vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote unauthenticated attacker to pass and store malicious strings in the ArcGIS Server Manager application...