mm-wiki 跨站脚本漏洞

mm-wiki is a Chinese phachon individual developers of a lightweight enterprise knowledge sharing and team collaboration software. It can be used to quickly build enterprise Wiki and team knowledge sharing platform. A security vulnerability exists in mm-wiki v0.2.1, which is caused by cross-site...

mm-wiki 跨站请求伪造漏洞

mm-wiki is a Chinese phachon individual developers of a lightweight enterprise knowledge sharing and team collaboration software. It can be used to quickly build enterprise Wiki and team knowledge sharing platform. A security vulnerability exists in mm-wiki version v0.2.1, which originated from a...

CVE-2022-35917

Solana Pay is a protocol and set of reference implementations that enable developers to incorporate decentralized payments into their apps and services. When a Solana Pay transaction is located using a reference key, it may be checked to represent a transfer of the desired amount to the recipient...

Design/Logic Flaw

Solana Pay is a protocol and set of reference implementations that enable developers to incorporate decentralized payments into their apps and services. When a Solana Pay transaction is located using a reference key, it may be checked to represent a transfer of the desired amount to the recipient...

CVE-2022-32430

An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application...

PT-2022-21318 · Unknown · Lin-Cms Springboot

Name of the Vulnerable Software and Affected Versions: Lin CMS Spring Boot version 0.2.1 Description: An access control issue allows attackers to access the backend information and functions within the application. Recommendations: For Lin CMS Spring Boot version 0.2.1, consider restricting acces...

OpenZeppelin 安全漏洞

OpenZeppelin is a software application. A standard for secure blockchain applications. A security vulnerability exists in OpenZeppelin Contracts for Cairo v0.2.0 that stems from a bug in OpenZeppelin Contracts for Cairo v0.2.0 that causes account contracts to be unavailable on the live network...

Design/Logic Flaw

capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious Connection header to start a privilege escalation attack towards the Kubernetes API Server. This...

[ASA-202107-35] dino: directory traversal

Arch Linux Security Advisory ASA-202107-35 ========================================== Severity: Medium Date : 2021-07-20 CVE-ID : CVE-2021-33896 Package : dino Type : directory traversal Remote : Yes Link : https://security.archlinux.org/AVG-2043 Summary ======= The package dino before version...

DEBIAN-CVE-2021-33896

Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal only for creation of new files via URI-encoded path separators...

CVE-2021-33896

Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal only for creation of new files via URI-encoded path separators...

Ruby OS Command Injection Vulnerability

Ruby is a cross-platform, object-oriented, dynamically typed programming language from the individual developer, Yukihiro Matsumoto. A security vulnerability in Ruby ftpd gem 0.2.1 allows remote attackers to execute arbitrary operating system commands...

bootloader (>=0.10.0 <=0.10.13), libertyos_kernel (>=0.14.0 <=0.17.5) +1 more potentially affected by CVE-2020-36208 via conquer-once (=0.2.1)

conquer-once CARGO version =0.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on conquer-once and may be impacted: - bootloader =0.10.0, =0.14.0, =0.1.0, =0.2.6 Source cves: CVE-2020-36208 Source advisory: OSV:RUSTSEC-2020-0101...

Skoranga Node-connection-tester Command Injection Vulnerability

Skoranga Node-connection-tester is a Javascript-based software from the individual developers at Skoranga for testing whether a connection can be established to a remote host and port. A command injection vulnerability exists in connection-tester versions prior to 0.2.1, which originates in...

Malicious Package in radicjs

Version 0.2.1 of radicjs contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and evaluate your...

Prototype Pollution

Overview Affected versions of minimist are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of Object, causing the addition or modification of an existing property that will exist on all objects. Parsing the argument...

PYSEC-2019-174

Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /change-password-by-admin/, /api/settings/add/, /cases/create/, /change-password-by-admin/, /comment/add/, /documents/1/view/, /documents/create/, /opportunities/create/, and /login/...

PYSEC-2019-174

Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /change-password-by-admin/, /api/settings/add/, /cases/create/, /change-password-by-admin/, /comment/add/, /documents/1/view/, /documents/create/, /opportunities/create/, and /login/...

SUSE SLES15 Security Update : helm-mirror (SUSE-SU-2019:0048-2)

This update for helm-mirror to version 0.2.1 fixes the following issues : Security issues fixed : CVE-2018-16873: Fixed a remote command execution bsc1118897 CVE-2018-16874: Fixed a directory traversal in 'go get' via curly braces in import path bsc1118898 CVE-2018-16875: Fixed a CPU denial of...

Path Traversal in simplehttpserver

Versions of simplehttpserver prior to 0.2.1 are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths. Recommendation Upgrade to version 0.2.1 or later...