SAP NetWeaver AS ABAP 代码注入漏洞

SAP NetWeaver AS is a SAP network application server from SAP. It not only provides web services, but is also the basic platform for SAP software. A security vulnerability exists in SAP NetWeaver AS ABAP, which originates from a code injection in the product. The following products and versions a...

PT-2021-15273 · Brave · Brave Desktop

Name of the Vulnerable Software and Affected Versions: Brave Desktop versions 1.17 through 1.26.60 Description: The issue occurs when adblocking is enabled and a proxy browser extension is installed in Brave Desktop. The CNAME adblocking feature makes DNS requests using the system DNS settings...

Joomla! CMS 输入验证错误漏洞

is a set of forum components used in the Joomla! content management system. Joomla! is vulnerable to an input validation error in versions 2.5.0 to 3.9.27, which can be exploited by attackers to cause corruption in the usergroups table...

Joomla! CMS 代码问题漏洞

is a set of forum components used in the Joomla! content management system. A code issue vulnerability exists in versions 2.5.0 to 3.9.27 of Joomla! that could be exploited by a remote, unauthenticated attacker to obtain or guess a session token and gain unauthorized access to a session belonging...

just-safe-set 安全漏洞

just-safe-set is an npm module library. A security vulnerability exists in just-safe-set 1.0.0 through 2.2.1, which can be exploited by an attacker to cause a denial of service and possibly remote code execution...

Joomla! 代码问题漏洞

Joomla! is a set of forum components used in the Joomla! content management system. A code issue vulnerability exists in Joomla! 2.5.0 - 3.9.27. The vulnerability stems from a hard-coded ACL check for superuser missing from the install operation in cominstaller, which can be exploited to execute...

PT-2021-16932 · Joomla · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! versions 3.0.0 through 3.9.27 Description: An issue was discovered in the imagelist view of com media, where inadequate escaping leads to a XSS vulnerability. Recommendations: For versions 3.0.0 through 3.9.27, update to a version tha...

PT-2021-16928 · Joomla · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! versions 3.0.0 through 3.9.27 Description: An issue was discovered in the JForm API, where inadequate escaping in the rules field leads to a XSS vulnerability. Recommendations: For versions 3.0.0 through 3.9.27, update to a version th...

PT-2021-16929 · Joomla · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! versions 2.5.0 through 3.9.27 Description: An issue was discovered in Joomla! where missing validation of input could lead to a broken usergroups table. Recommendations: For Joomla! versions 2.5.0 through 3.9.27, update to a version...

Grok Buffer Overflow Vulnerability

Grok is a regular expression that uses a combination of multiple predefined . A tool used to match split text and map to keywords. Often used to preprocess log data. A security vulnerability exists in Grok versions 7.6.6 through 9.2.0 that stems from a heap-based buffer overflow in the...

LibreSSL 缓冲区错误漏洞

LibreSSL is an open source implementation of the Secure Sockets Layer and Transport Layer security protocols. A security vulnerability exists in LibreSSL that stems from LibreSSL 2.9.1 through 3.2.1 having an out-of-bounds read in asn1itemprintctx called from asn1templateprintctx. No details of t...

Apache Traffic Server 环境问题漏洞

Apache Traffic Server or ATS or TS for short , is a high-performance , modular HTTP proxy and caching server . A security vulnerability exists in Apache Traffic Server versions 7.0.0 - 7.1.12, 8.0.0 - 8.1.1, 9.0.0 - 9.0.1. An attacker can exploit this vulnerability to smuggle requests via invalid...

Avaya Aura Device Services 代码注入漏洞

Avaya Aura Device Services is a software application from Avaya, USA. It provides a feature for managing Avaya endpoints. A security vulnerability exists in Avaya Aura Device Services versions 7.0 through 8.1.4.0, which can be exploited by local users to execute specially written scripts...

Istio 权限许可和访问控制问题漏洞

Istio is a set of open platforms for connecting, managing, and securing microservices. Istio is vulnerable to a privilege permission and access control issue that arises from an application that does not properly impose security restrictions. This vulnerability could allow an attacker to access...

CVE-2021-25652

An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities AVPU. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be...

DEBIAN-CVE-2021-29063

A Regular Expression Denial of Service ReDOS vulnerability was discovered in Mpmath v1.0.0 through v1.2.1 when the mpmathify function is called...

@apollosproject/data-connector-passes (>=0.8.7 <=1.7.1-alpha.8) potentially affected by CVE-2021-32691 via @apollosproject/data-connector-rock (>=0.8.7 <=1.8.0)

@apollosproject/data-connector-rock NPM version =0.8.7, =0.8.7, =1.7.1-alpha.8 Source cves: CVE-2021-32691 Source advisory: OSV:GHSA-R578-PJ6F-R4FF...

Joomla 授权问题漏洞

Joomla is an open source, cross-platform content management system CMS developed using PHP and MySQL by the Open Source Matters team. A security vulnerability exists in Joomla! Core versions 1.5.0 through 1.5.15, which can be exploited by attackers to hijack arbitrary sessions and gain access to...

ckeditor4 vulnerable to cross-site scripting

A cross-site scripting XSS vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --! is mishandled...

wagtail-resume (=1.3.0), wagtail-social-share (>=0.0.6 <=0.1.1) potentially affected by CVE-2021-32681 via wagtail (>=2.12.0 <=2.12.2)

wagtail PYPI version =2.12.0, =0.0.6, =0.1.1 Source cves: CVE-2021-32681 Source advisory: OSV:PYSEC-2021-103...