com.avast:sst-bundle-monix-http4s-blaze_3 (>=0.16.0 <=0.19.3), com.avast:sst-bundle-monix-http4s-ember_3 (>=0.17.0 <=0.19.3) +18 more potentially affected by CVE-2021-41084 via org.http4s:http4s-client_3 (>=0.22.0 <=0.22.4)

org.http4s:http4s-client3 MAVEN version =0.22.0, =0.16.0, =0.17.0, =0.16.0, =0.17.0, =0.16.0, =0.16.0, =0.17.0, =0.17.0, =0.16.0, =4.0.3, =0.22.0, =0.22.0, =0.22.0, =0.22.15 and more Source cves: CVE-2021-41084 Source advisory: OSV:GHSA-5VCM-3XC3-W7X3...

aa-structuretimers (=1.2.2), admin-tool-button (>=1.0.1a0 <=1.0.5a0) +1096 more potentially affected by CVE-2021-35042 via django (>=3.2.0 <=3.2.4)

django PYPI version =3.2.0, =1.0.1a0, =1.4.2, =5.10.1, =2022.9.19, =2.0.0, =0.0.1, =1.0.0, =1.0.6, =3.2.17.0, =1.0.0a4.dev0, =2023.1.0.dev0 and more Source cves: CVE-2021-35042 Source advisory: OSV:GHSA-XPFP-F569-Q3P2...

12g (>=0.0.21 <=1.0.1), 1ib (>=1.0.9 <=1.0.11) +7465 more potentially affected by CVE-2020-26301 via ssh2 (>=0.0.2 <=1.3.0)

ssh2 NPM version =0.0.2, =0.0.21, =1.0.9, =0.0.1, =1.0.0, =1.1.0, =0.4.0, =1.0.26, =0.107.10, =1.19.19, =0.107.0, =0.107.0, =0.107.0, =0.69.0, =0.107.0, =0.97.1, =0.123.2 and more Source cves: CVE-2020-26301 Source advisory: OSV:GHSA-652H-XWHF-Q4H6...

@21epub/resource-lib (>=1.0.0 <=1.0.3), @2fn/helpers (>=1.0.0 <=1.0.1) +2961 more potentially affected by CVE-2021-3801 via prismjs (>=0.0.1 <=1.24.1)

prismjs NPM version =0.0.1, =1.0.0, =1.0.0, =1.0.23, =1.0.1, =1.2.0, =1.0.0, =1.1.4, =1.16.0, =1.1.2, =0.5.19-20200320212412, =1.0.0-beta.10, =1.0.0-beta.14 - @adebawo-damilare/esm-reports-app =5.2.0 - @admin-bro/design-system =1.4.0 - @afzalh/aug07 =1.1.2 and more Source cves: CVE-2021-3801 Sour...

Tremor 资源管理错误漏洞

Tremor is an open source event processing system for unstructured data. A resource management error vulnerability exists in Tremor Tremor-runtime, which arises when the product causes access to freed memory when using patch or merge on a state and assigning the result back to the state state. The...

ALPINE-CVE-2021-36160

A carefully crafted request uri-path can cause modproxyuwsgi to read above the allocated memory and crash DoS. This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 inclusive...

Apache HTTP Server 缓冲区错误漏洞

Apache HTTP Server is an open source web server from the Apache Foundation. Apache HTTP Server versions 2.4.30 to 2.4.48 contain a denial-of-service vulnerability that stems from a network system or product that does not properly validate incoming data. An attacker could exploit this vulnerabilit...

@biconomy/hyphen-contracts (=1.0.4), @devprotocol/protocol-l2 (>=0.0.1 <=0.0.2) +8 more potentially affected by CVE-2021-41264 via @openzeppelin/contracts-upgradeable (>=4.2.0 <=4.3.1)

@openzeppelin/contracts-upgradeable NPM version =4.2.0, =0.0.1, =1.1.2, =1.0.1, =1.1.2, =1.0.0, =0.8.1-pr-brioux-1333.92b26c3a.36, =1.0.5, =2.3.0, =2.3.2 Source cves: CVE-2021-41264 Source advisory: OSV:GHSA-5VP3-V4HC-GX76...

AZL-45225 CVE-2021-23440 affecting package js-jquery 3.5.0-4

This affects the package set-value before =3.0.0 4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays...

cc.jweb:jweb-adai (>=1.0.2 <=1.0.6), cc.jweb:jweb-boot (>=1.0.2 <=1.0.5) +49 more potentially affected by CVE-2021-37579 via org.apache.dubbo:dubbo (>=2.7.0 <=2.7.12)

org.apache.dubbo:dubbo MAVEN version =2.7.0, =1.0.2, =1.0.2, =1.2.1, =1.28.0, =0.0.1, =1.5.1, =2.0.1, =0.1.3, =2.4.0, =2.4.0, =2.4.0, =1.0.0, =1.0.0, =1.0, =1.1 and more Source cves: CVE-2021-37579 Source advisory: OSV:GHSA-Q897-9JXF-JG9R...

acid-store (>=0.12.0 <=0.14.2), aliyundrive-fuse (>=0.1.0 <=0.1.14) +34 more potentially affected by unknown CVE via fuser (>=0.10.0 <=0.15.1)

fuser CARGO version =0.10.0, =0.12.0, =0.1.0, =1.0.0, =0.1.0, =0.6.0, =0.2.5, =0.1.2, =0.8.0, =0.8.2 - iso9660 =0.1.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2021-0154...

Ascensio System ONLYOFFICE Document Server 安全漏洞

Ascensio System ONLYOFFICE Document Server is an online office collaboration suite from Ascensio System, Latvia. The product supports viewing and editing of text, spreadsheets and presentations. A security vulnerability exists in versions 6.1.x through 6.3.0.71 of the Translate plug-in for...

Plesk Obsidian 跨站脚本漏洞

Plesk Obsidian is a hosting control panel from the Swiss company Plesk. A security vulnerability in Plesk Obsidian versions 18.0.0 through 18.0.32 allows an attacker to execute JavaScript code in a victim's browser by using a link to preview a site hosted on the server...

PYSEC-2021-326

The variable import endpoint was not protected by authentication in Airflow =2.0.0, =2.0.0, 2.1.3...

aglow (>=0.1.0rc3 <=0.1.0rc4), ai-flow (>=0.1.0 <=0.3.1) +113 more potentially affected by CVE-2021-32805 via flask-appbuilder (>=1.10.0 <=3.3.0)

flask-appbuilder PYPI version =1.10.0, =0.1.0rc3, =0.1.0, =2022.9.19, =1.0.7, =0.5.1, =0.1.0, =1.0.0, =0.0.7, =0.0.1, =0.1.6, =0.0.2, =1.0.0, =1.10.0, =1.10.3, =2.0.1rc2 and more Source cves: CVE-2021-32805 Source advisory: OSV:GHSA-624F-CQVR-3QW4...

apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path traversal,...

7ghost (>=4.11.0 <=4.11.46), @0x18b2ee/parse-server (>=3.10.1 <=3.11.0) +3385 more potentially affected by CVE-2021-23406 via pac-resolver (>=1.2.6 <=4.2.0)

pac-resolver NPM version =1.2.6, =4.11.0, =3.10.1, =0.1.0, =0.1.0, =0.0.1, =1.6.1, =0.0.1, =1.4.1, =0.2.2, =0.2.2, =0.0.1, =0.1.2 - @adaptcharm/email =1.1.1 and more Source cves: CVE-2021-23406 Source advisory: OSV:GHSA-9J49-MFVP-VMHM...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2021-39187 via parse-server (>=2.0.8 <=3.10.0)

parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2021-39187 Source advisory: OSV:GHSA-XQP8-W826-HH6X...

be.fluid-it.tools.rundeck.plugins:rundeck-httppost-plugin (=0.1-1), com.criteo.rundeck.plugin:rundeck-tag-orchestrator-plugin (=1.3.3) +4 more potentially affected by CVE-2021-39133 via org.rundeck:rundeck-core (>=1.5 <=2.5.2)

org.rundeck:rundeck-core MAVEN version =1.5, =1.0.0, =1, =1.1, =1.3.3 - org.rundeck:rundeckapp =1.5 Source cves: CVE-2021-39133 Source advisory: OSV:GHSA-3JMW-C69H-426C...

CVE-2021-34565

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials...