matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-temp-mail-checker (>=0.1.2 <=0.1.5) +6 more potentially affected by CVE-2021-29471 via matrix-synapse (>=0.33.9 <=1.153.0)

matrix-synapse PYPI version =0.33.9, =0.1.1, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2021-29471 Source advisory: OSV:GHSA-X345-32RC-8H85...

Adobe Magento 输入验证错误漏洞

Adobe Magento is the United States of America Odobie Adobe company's set of open source PHP e-commerce system . The system provides features such as rights management, search engine and payment gateway. An input validation error vulnerability exists in Adobe Magento. The vulnerability exists due ...

@depup/strapi (=2.0.2-depup.0), @koj/strapi (>=0.0.0 <=1.4.0) +9 more potentially affected by CVE-2020-27664 via strapi (>=2.0.2 <=3.1.6)

strapi NPM version =2.0.2, =0.0.0, =0.0.1, =0.0.34, =2.0.0, =2.0.0, =0.0.1-alpha.1, =0.0.1-alpha.2 - strapi-plugin-mailjet =0.0.2 Source cves: CVE-2020-27664 Source advisory: OSV:GHSA-7FRV-9PHW-VRVR...

bmoor-cache (>=0.3.0 <=0.6.0), bmoor-comm (>=0.0.1 <=0.6.0) +4 more potentially affected by CVE-2020-7736 via bmoor (>=0.0.5 <=0.5.1)

bmoor NPM version =0.0.5, =0.3.0, =0.0.1, =0.0.1, =0.1.0, =0.0.4, =0.6.0, =0.6.43 Source cves: CVE-2020-7736 Source advisory: OSV:GHSA-H3RX-G5C9-8Q4X...

@1337lawyers/design (>=0.1.0 <=0.12.14), @1337lawyers/gatsby-theme-1337 (=0.0.1) +1450 more potentially affected by CVE-2020-7707 via property-expr (>=1.0.1 <=2.0.2)

property-expr NPM version =1.0.1, =0.1.0, =1.0.0, =0.0.1-alpha.82, =1.0.0, =1.0.12-alpha.0, =1.0.12-alpha.0, =1.0.0, =1.1.0, =1.3.24-alpha.0, =0.0.1-alpha.1, =2.149.0, =2.152.0 - @amorist/gatsby-theme-antd =1.0.0 - @andersonbarros/strapi-plugin-content-type-builder =3.0.0-beta.16.8-0 and more...

@keep2zero/light (>=0.0.1 <=0.0.10), @logique/fastify-adapter (>=0.0.1 <=0.0.3-alpha.4) +9 more potentially affected by CVE-2020-8136 via fastify-multipart (>=0.2.0 <=0.8.2)

fastify-multipart NPM version =0.2.0, =0.0.1, =0.0.1, =0.0.1, =0.0.10, =1.0.20, =4.1.0, =9.0.0, =0.1.0, =5.4.1, =5.4.10 - nestjs-test =5.4.1 Source cves: CVE-2020-8136 Source advisory: OSV:GHSA-P9F8-GQJF-M75J...

aimmo (>=0.61.9 <=0.69.8b430), ambition-edc (>=0.3.68 <=0.3.72) +65 more potentially affected by CVE-2021-32052 via django (>=2.2.0 <=2.2.21)

django PYPI version =2.2.0, =0.61.9, =0.3.68, =0.14.0, =5.2.1, =0.1.0, =4.15.0, =4.15.0, =1.0.1, =1.0.0, =0.0.1, =0.0.1, =2.0.0, =2.2.0 - django-country-filter =0.0.1 and more Source cves: CVE-2021-32052 Source advisory: OSV:PYSEC-2021-8...

GHSA-CF4H-3JHX-XVHQ Arbitrary Code Execution in underscore

The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Execution via the template function, particularly when a variable property is passed as an argument as it is not sanitized...

Fortinet FortiNAC 权限许可和访问控制问题漏洞

Fortinet FortiNAC is a set of network access control solutions from the U.S. company Fita Fortinet. The product is primarily used for network access control and IoT security. FortiNAC suffers from a privilege permission and access control issue vulnerability that arises from an application not...

com.github.mswolfe:spring-query-filter (>=4.2.0 <=4.3.2), io.github.cyjishuang:swagger-mode (=1.0) potentially affected by CVE-2020-5421 via org.springframework:spring-framework-bom (>=4.2.3.RELEASE <=4.3.14.RELEASE)

org.springframework:spring-framework-bom MAVEN version =4.2.3.RELEASE, =4.2.0, =4.3.2 - io.github.cyjishuang:swagger-mode =1.0 Source cves: CVE-2020-5421 Source advisory: OSV:GHSA-RV39-3QH7-9V7W...

PT-2021-4074 · Unknown +1 · Mod Auth Openidc +1

Name of the Vulnerable Software and Affected Versions: mod auth openidc versions 2.4.0 through 2.4.7 Description: The issue is related to an uncontrolled consumption of resources, which can be exploited by a remote attacker to cause a denial-of-service DoS condition. The exact vectors used for th...

F5 BIG-IP 代码注入漏洞

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and other features from F5 USA. A code injection vulnerability exists in BIG-IP, which is caused by improper resource management within TMM. The following...

browserslist 安全漏洞

browserslist is a software application. It is used to share the configuration of target browsers and Node.js versions between different front-end tools. A security vulnerability exists in browserslist from version 4.0.0 to 4.16.5, which stems from vulnerability to regular expression denial of...

PT-2021-15464 · Unknown · Browserslist

Name of the Vulnerable Software and Affected Versions: browserslist versions 4.0.0 through 4.16.5 Description: The issue concerns a Regular Expression Denial of Service ReDoS that occurs during the parsing of queries. Recommendations: For versions 4.0.0 through 4.16.5, update to a version after...

Apple watchOS 路径遍历漏洞

Apple watchOS is an operating system for smartwatches from Apple. A path traversal vulnerability exists in watchOS, which stems from insufficient validation of directory paths. The following products and versions are affected: watchOS: 7.0 18R382, 7.0.1 18R395, 7.0.2 18R402, 7.0.3 18R410, 7.1...

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0x0.icu.anima (=0.1.0) +9334 more potentially affected by CVE-2021-23382 via postcss (>=7.0.0 <=7.0.35)

postcss NPM version =7.0.0, =1.0.1, =1.0.1, =0.1.0, =0.1.2, =0.1.0, =0.1.0, =0.1.1, =1.0.0, =3.4.2 and more Source cves: CVE-2021-23382 Source advisory: SNYK:JS-POSTCSS-1255640...

Vaadin flow 安全漏洞

Vaadin flow is a software application, a Java framework for the Vaadin platform, for building modern websites that look good, perform well, and keep you and your users happy. A security vulnerability exists in Vaadin flow that allows an attacker to guess a security token via a timing attack. The...

SaltStack Salt 操作系统命令注入漏洞

Saltstack SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack Saltstack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt versions 2016.9 through 3002.6, which stems from a comma...

PT-2021-5860 · Libcurl +1 · Libcurl +1

Name of the Vulnerable Software and Affected Versions: libcurl versions 7.61.0 through 7.76.1 Description: The issue is related to the implementation of the Transport Layer Security TLS protocol in the libcurl library, specifically with errors in security settings when using the CURLOPT SSL CIPHE...

GHSA-9W8R-397F-PRFH Infinite Loop in Pygments

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML SML source file, as demonstrated by input that only contains the "exception" keyword...