ckeditor4 vulnerable to cross-site scripting

A cross-site scripting XSS vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --! is mishandled...

wagtail-resume (=1.3.0), wagtail-social-share (>=0.0.6 <=0.1.1) potentially affected by CVE-2021-32681 via wagtail (>=2.12.0 <=2.12.2)

wagtail PYPI version =2.12.0, =0.0.6, =0.1.1 Source cves: CVE-2021-32681 Source advisory: OSV:PYSEC-2021-103...

@generates/cli (>=0.0.2 <=0.0.7), @generates/core (>=0.0.2 <=0.0.7) +40 more potentially affected by CVE-2021-23397 via @ianwalter/merge (>=1.0.2 <=9.0.1)

@ianwalter/merge NPM version =1.0.2, =0.0.2, =0.0.2, =0.0.40, =0.0.2, =0.0.2, =0.0.0, =0.0.1, =2.5.0, =1.0.0, =3.0.0, =2.0.0, =1.1.1, =0.0.1, =0.1.1, =1.0.0 and more Source cves: CVE-2021-23397 Source advisory: SNYK:JS-IANWALTERMERGE-1311022...

ai.stainless:grails-tika (=0.1.0), au.com.turingg:turingg-files (=0.0.1) +1718 more potentially affected by CVE-2021-27807 via org.apache.pdfbox:pdfbox (>=2.0.0 <=2.0.22)

org.apache.pdfbox:pdfbox MAVEN version =2.0.0, =0.2.1, =0.5.0, =0.11.1, =1.0.0, =1.0, =1.3.5, =0.1.8, =1.1.7 - cc.drx:pdf2.13 =ee - cc.drx:poi2.13 =ee and more Source cves: CVE-2021-27807 Source advisory: OSV:GHSA-2H3J-M7GR-25XJ...

CVE-2020-5000

IBM Financial Transaction Manager 3.2.0 through 3.2.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...

expand-hash 安全漏洞

expand-hash is a package. Attribute keys can be expanded recursively into objects using dot notation. A security vulnerability exists in expand-hash versions 0.1.0 through 1.0.1 that results in a denial of service and can lead to remote code execution...

UBUNTU-CVE-2021-33829

A cross-site scripting XSS vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --! is mishandled...

RaspAP 安全漏洞

RaspAP is a simple wireless AP setup and management for Debian-based devices. A security vulnerability exists in RaspAP, which stems from multiple elevation of privilege vulnerabilities in RaspAP from version 1.5 to 2.6.5 that could allow a remote, authenticated attacker to inject arbitrary...

PT-2021-4279

Name of the Vulnerable Software and Affected Versions CKEditor 4 versions 4.14.0 through 4.16.x Description A cross-site scripting XSS vulnerability in the HTML Data Processor allows remote attackers to inject executable JavaScript code through a crafted comment because --! is mishandled. This...

CSME 缓冲区错误漏洞

CSME is known as Intel Management Engine BIOS Extension A buffer error vulnerability exists in IntelR CSME that stems from improper buffer limitations in the subsystem, which could allow an attacker to escalate privileges via local access. The following products and versions are affected: 11.8.86...

PT-2021-11241 · Intland · Codebeamer Alm

Name of the Vulnerable Software and Affected Versions: Intland codeBeamer ALM versions 10.x through 10.1.SP4 Description: An issue with insufficiently protected credentials was found. The CB LOGIN remember-me cookie contains encrypted user credentials, but due to a bug, these credentials are...

CVE-2020-36382

OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigger an assert during the user authentication phase via incorrect authentication token data in an early phase of the user authentication resulting in a denial of service...

0x.plugin.bom:zero-x-plugin-bom (>=0.0.10 <=1.1.0), ae.vigilancer.android-run-app:ae.vigilancer.android-run-app.gradle.plugin (>=1.0.1 <=1.0.2) +34198 more potentially affected by CVE-2020-13956 via org.apache.httpcomponents:httpclient (>=4.0 <=4.5.12)

org.apache.httpcomponents:httpclient MAVEN version =4.0, =0.0.10, =1.0.1, =0.1, =1.4.6, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =0.42.1, =1.4.2, =2.1.0, =2.6.0 - ai.grakn.kgms:client =1.4.3 - ai.grakn.kgms:console =1.4.3 and more Source cves: CVE-2020-13956 Source advisory:...

Unspecified vulnerability in js-extend

js-extend is a module for Npm with extension capabilities. A security vulnerability exists in js-extend versions 0.0.1 through 1.0.1, which can be exploited by an attacker to cause a denial of service and possibly remote code execution...

Apache HTTP Server 缓冲区错误漏洞

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable, and extensible via a simple API. A buffer error vulnerability exists in Apache HTTP Server 2.4.0 to 2.4.46, which can be exploited by remote attackers to perform denial of...

aequitas (>=0.26.0 <=0.42.0), askbot (=0.12.3) +29 more potentially affected by CVE-2021-26813 via markdown2 (>=2.3.0 <=2.3.9)

markdown2 PYPI version =2.3.0, =0.26.0, =0.39.0, =0.1.0, =0.5.29, =3.8.3, =0.0.1, =0.4.1, =0.0.1, =0.7.0a1, =0.7.0a2 - markb =0.2.6 - mnemocards =0.1.1 and more Source cves: CVE-2021-26813 Source advisory: OSV:GHSA-JR9P-R423-9M2R...

UBUNTU-CVE-2020-14340

A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final...

PT-2021-20903 · Go.Uuid · Go.Uuid

Name of the Vulnerable Software and Affected Versions: github.com/satori/go.uuid versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45 Description: A flaw in the github.com/satori/go.uuid package causes the generated UUIDs to be predictable for ...

XWiki Script Injection Vulnerability (GHSA-h353-hc43-95vc)

XWiki is prone to a script injection vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescription...

networking-bagpipe (>=8.0.1 <=10.0.1), networking-baremetal (=1.0.1) +7 more potentially affected by CVE-2021-20267 via neutron (>=12.1.1 <=15.0.0.0rc2)

neutron PYPI version =12.1.1, =8.0.1, =13.0.1, =5.1.0, =13.0.2, =13.0.2, =14.0.1, =14.3.0 Source cves: CVE-2021-20267 Source advisory: OSV:PYSEC-2021-136...