cn.ac.ios.tis:riscvspeccore_2.12 (>=0.1.0 <=1.0.0), cn.dustlight.flow:flow-zeebe (>=0.1.3-alpha <=0.1.7-alpha) +1037 more potentially affected by CVE-2021-22569 via com.google.protobuf:protobuf-java (>=3.18.0 <=3.18.1)

com.google.protobuf:protobuf-java MAVEN version =3.18.0, =0.1.0, =0.1.3-alpha, =0.0.1-alpha, =0.0.2-alpha - cn.vertxup:vertx-co =0.7.0 - cn.vertxup:vertx-ifx =0.7.0 - cn.vertxup:vertx-import =0.7.0 - cn.vertxup:vertx-pin =0.7.0 - cn.vertxup:vertx-rx =0.7.0 - cn.vertxup:vertx-tp =0.7.0 -...

ae.teletronics.nlp:entityextraction (=1.3), ae.teletronics.nlp:w2vec (=1.0) +20414 more potentially affected by CVE-2021-22569 via com.google.protobuf:protobuf-java (>=2.0.3 <=3.16.0)

com.google.protobuf:protobuf-java MAVEN version =2.0.3, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =1.0.1, =1.0.6, =1.0.6, =1.1, =1.1.1, =1.2, =1.2, =1.2.10 and more Source cves: CVE-2021-22569 Source advisory: OSV:GHSA-WRVW-HG22-4M67...

@esfaenza/core (>=15.2.16 <=19.2.114), @naxxfish/whereis (=0.0.1) +15 more potentially affected by CVE-2021-43862 via jquery.terminal (>=0.10.12 <=2.23.2)

jquery.terminal NPM version =0.10.12, =15.2.16, =0.0.1, =0.1.3, =2.0.0, =3.3.2, =0.0.3, =1.0.4, =0.1.0, =1.0.0, =1.0.2, =0.0.1, =0.0.10 and more Source cves: CVE-2021-43862 Source advisory: OSV:GHSA-X9R5-JXVQ-4387...

CVE-2022-22116

In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting XSS vulnerability via SVG file upload in media upload functionality. A low privileged attacker can inject arbitrary javascript code which will be executed in a victim’s browser when they open the image...

PT-2022-11334 · Unknown +1 · Checkmk Raw Edition +1

Name of the Vulnerable Software and Affected Versions: CheckMK Raw Edition software versions 1.5.0 through 1.6.0 Description: The issue allows for Reflected XSS, enabling an attacker to inject malicious HTML content, including JavaScript or other client-side scripts, into a user's browser. This...

CVE-2021-45944

Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampleddatasample called from sampleddatacontinue and interp...

1942pyc (=7.0.1), 3robotics (=0.0.1) +3254 more potentially affected by CVE-2021-45958 via ujson (>=4.0.2 <=5.12.1)

ujson PYPI version =4.0.2, =0.11.0, =0.10.0, =0.10.0, =0.1.0, =0.1.0, =0.10.0, =0.11.0 - a-pandas-ex-intersection-difference =0.1.0 and more Source cves: CVE-2021-45958 Source advisory: OSV:PYSEC-2022-25...

Ifme 跨站脚本漏洞

Ifme is open source a mental health experience community that encourages people to share their personal stories with trusted allies. Ifme suffers from a cross-site scripting vulnerability in versions v1.0.0 through v7.31.4, which stems from a lack of checksum filtering of user-supplied and output...

Route16 (=0.0.1), adblock (>=0.1.0 <=0.1.18) +145 more potentially affected by unknown CVE via rental (>=0.2.4 <=0.5.6)

rental CARGO version =0.2.4, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.4.0, =0.2.0, =0.12.0, =0.5.0, =0.1.0, =0.7.0, =0.5.0, =0.7.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2021-0134...

Keycloak: Incorrect authorization allows unpriviledged users to create other users

A flaw was found in Keycloak version from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled...

0x-hunter-core (>=1.0.0-33 <=1.0.0-38), 1155-to-20 (>=1.0.0 <=1.0.2) +2718 more potentially affected by CVE-2021-46320 +1 more via @openzeppelin/contracts (>=3.2.0 <=4.4.0)

@openzeppelin/contracts NPM version =3.2.0, =1.0.0-33, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =1.9.1, =3.24.7, =1.7.2, =3.10.3, =0.0.2, =1.4.1, =1.0.0, =1.12.0 - @0xkkkkkkkkkkkkkkk/dodo =2.0.1 and more Source cves: CVE-2021-46320, CVE-2022-39384 Source advisory: OSV:GHSA-9C22-PWXW-P6HX...

log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint...

PT-2021-23497 · Sap · Sap Knowledge Warehouse

Name of the Vulnerable Software and Affected Versions: SAP Knowledge Warehouse versions 7.30 through 7.50 Description: A security issue has been discovered that enables unauthorized attackers to conduct XSS attacks, potentially leading to the disclosure of sensitive data. This is due to the usage...

a3m (=0.1.0), acdh-collatex-utils (>=0.2.0 <=1.3.0) +700 more potentially affected by CVE-2021-43818 via lxml (>=3.2.3 <=4.6.4)

lxml PYPI version =3.2.3, =0.2.0, =1.0.0, =3.0.0, =0.1.0, =1.0.3, =1.0.0a1.post0, =1.10.0, =0.0.4, =0.0.14 and more Source cves: CVE-2021-43818 Source advisory: OSV:PYSEC-2021-852...

UBUNTU-CVE-2021-39938

A vulnerable regular expression pattern in GitLab CE/EE since version 8.15 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to cause uncontrolled resource consumption leading to Denial of Service via specially crafted...

PT-2021-22764 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 11.1 through 14.3.5 GitLab EE versions 14.4 through 14.4.3 GitLab EE versions 14.5 through 14.5.1 Description: The issue allows a user to add comments to a vulnerability that they cannot access due to incorrect authorizatio...

02-infrastructure (=1.0.0), 02vue_toast_demo (>=1.0.0 <=1.0.4) +11750 more potentially affected by CVE-2021-29059 via is-svg (>=2.1.0 <=4.2.2)

is-svg NPM version =2.1.0, =1.0.0, =1.0.4, =5.0.0, =1.0.3, =0.0.1, =1.0.2, =2.0.0, =1.1.8, =1.0.0, =1.0.4 - 4design =0.0.1 and more Source cves: CVE-2021-29059 Source advisory: OSV:GHSA-R8J5-H5CX-65GG...

OESA-2021-1459 bind security update

Domain Name System DNS Server. Security Fixes: In BIND 9.3.0 - 9.11.35, 9.12.0 - 9.16.21, and versions 9.9.3-S1 - 9.11.35-S1 and 9.16.8-S1 - 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 - 9.17.18 of the BIND 9.17 development branch, exploitation of broken...

ai.agnos:reactive-sparql_2.12 (>=0.3.0 <=0.3.1), ai.chronon:aggregator_2.11 (>=local <=thread_contention-0.0.23-dev3) +25285 more potentially affected by CVE-2020-36180 via com.fasterxml.jackson.core:jackson-databind (>=2.7.0 <=2.9.10.7)

com.fasterxml.jackson.core:jackson-databind MAVEN version =2.7.0, =0.3.0, =local, =0.0.6, =0.0.1, =0.0.1, =0.0.6, =0.0.1, =0.0.1, =0.0.6, =0.0.1, =0.42.1, =0.42.1, =0.40.2, =0.42.1, =0.80.6 and more Source cves: CVE-2020-36180 Source advisory: OSV:GHSA-8C4J-34R4-XR8G...

CVE-2021-42986

NoMachine Enterprise Client is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Client above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash via specially crafted I/O...