Oracle E-Business Suite 安全漏洞

Oracle E-Business Suite is an extension of the original Application ERP, including ERP Enterprise Resource Planning, HR Human Resource Management, CRM Customer Relationship Management, and so on, a collection of management software, is a seamless integration of a management suite.Oracle Depot...

biz.grundner.vaadin-in-spring:spring-vaadin (=1.0), com.ahome-it:ahome-tooling-server-vaadin-core (=1.0.112-RELEASE) +102 more potentially affected by CVE-2019-25028 via com.vaadin:vaadin-server (>=7.4.0 <=7.7.2)

com.vaadin:vaadin-server MAVEN version =7.4.0, =1.3, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =1.0.0, =1.0.0.BETA5 - com.mantledillusion.vaadin:vaadin-metrics-observer-7 =1.0.0.ALPHA1 and more Source cves: CVE-2019-25028 Source advisory: OSV:GHSA-Q74R-4XW3-PPX9...

Hashicorp HashiCorp Consul 安全漏洞

Hashicorp HashiCorp Consul is a suite of distributed, highly available data center-aware solutions from HashiCorp Hashicorp USA. The product is used to connect and configure applications across dynamically distributed infrastructures. A security vulnerability exists in Consul that could allow a...

Joomla! local file inclusion vulnerability (CNVD-2021-30597)

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A local file inclusion vulnerability exists in Joomla! versions 3.0.0 through...

Juniper Junos OS Vulnerability (JSA11154)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA11154 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable Network Security, Inc...

@mongodb-js/compass-aggregations (>=0.0.20 <=4.1.0), @mongodb-js/compass-export-to-language (>=2.2.22 <=2.2.24) +4 more potentially affected by CVE-2020-24391 via mongodb-query-parser (>=0.0.1 <=1.5.0)

mongodb-query-parser NPM version =0.0.1, =0.0.20, =2.2.22, =0.0.3, =3.0.0, =1.0.3, =0.0.1, =0.4.2 Source cves: CVE-2020-24391 Source advisory: OSV:GHSA-HXMG-HM46-CF62...

matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-temp-mail-checker (>=0.1.2 <=0.1.5) +6 more potentially affected by CVE-2021-21394 via matrix-synapse (>=0.33.9 <=1.153.0)

matrix-synapse PYPI version =0.33.9, =0.1.1, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2021-21394 Source advisory: OSV:GHSA-W9FG-XFFH-P362...

SiCKRAGE Cross-Site Scripting Vulnerability

SickRage is an automated video library manager for TV programs. A reflected cross-site scripting vulnerability exists in SiCKRAGE versions 9.3.54.dev1 - 10.0.11.dev1. The vulnerability stems from the quicksearch feature not properly validating user input. An attacker can use this vulnerability to...

PYSEC-2021-147

in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting XSS due to user input not being validated properly when processed by the server. Therefore, an attacker can inject arbitrary JavaScript code inside the application, and possibly steal a user’s sensitive...

Echel0n SiCKRAGE 跨站脚本漏洞

SickRage is an automated video library manager for TV programs. A stored cross-site scripting vulnerability exists in SiCKRAGE version 4.2.0 - 10.0.11.dev1. The vulnerability stems from the server processing user input without properly validating user input. An attacker can exploit the...

PT-2021-16856 · Sickrage · Sickrage

Name of the Vulnerable Software and Affected Versions: SiCKRAGE versions 9.3.54.dev1 to 10.0.11.dev1 Description: The issue arises from improper validation of user input in the quicksearch feature, leading to Reflected Cross-Site-Scripting XSS. This allows an attacker to steal a user's sessionID,...

UBUNTU-CVE-2022-24070

Subversion's moddavsvn is vulnerable to memory corruption. While looking up path-based authorization rules, moddavsvn servers may attempt to use memory which has already been freed. Affected Subversion moddavsvn servers 1.10.0 through 1.14.1 inclusive. Servers that do not use moddavsvn are not...

aglow (>=0.1.0rc3 <=0.1.0rc4), ai-flow (>=0.1.0 <=0.3.1) +3 more potentially affected by CVE-2021-26559 via apache-airflow (>=2.0.0 <=2.0.0rc3)

apache-airflow PYPI version =2.0.0, =0.1.0rc3, =0.1.0, =0.3.1 - dataverk-airflow =0.3.12 - gps-building-blocks =1.2.2 - neuro-airflow-plugin =0.0.1 Source cves: CVE-2021-26559 Source advisory: OSV:GHSA-FFW3-6MP6-JMVJ...

Eclipse Mosquitto 代码问题漏洞

Eclipse Mosquitto is an open source EPL/EDL licensed messaging agent that implements the MQTT protocol version 3.1 and 3.1.1. A null pointer dereference vulnerability exists in Eclipse Mosquitto versions 2.0.0 through 2.0.9. The vulnerability can be exploited to cause a null pointer dereference b...

PT-2021-18202

Name of the Vulnerable Software and Affected Versions: pikepdf versions 1.3.0 through 2.9.2 Description: The issue allows XXE XML External Entity attacks when parsing XMP metadata entries in the models/metadata.py file of the pikepdf package for Python. This occurs due to improper handling of XML...

angleview (=0.0.0.dev1), bacant (=3.4.0) +61 more potentially affected by CVE-2020-28463 via reportlab (>=3.1.44 <=3.5.53)

reportlab PYPI version =3.1.44, =0.0.1.dev1, =1.1.1, =1.0.0, =2.0.1.16012810, =2.0.1.16012810, =2.0.1.16012810, =0.7.0, =0.1.0, =0.0.2, =1.1.0, =1.3.0 - invenio-testing =0.1.1 and more Source cves: CVE-2020-28463 Source advisory: OSV:GHSA-MPVW-25MG-59VX...

matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-temp-mail-checker (>=0.1.2 <=0.1.5) +6 more potentially affected by CVE-2021-21332 via matrix-synapse (>=0.33.9 <=1.153.0)

matrix-synapse PYPI version =0.33.9, =0.1.1, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2021-21332 Source advisory: OSV:GHSA-246W-56M2-5899...

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file as demonstrated by input that only contains the "exception" keyword.

...

ai.blip:deckard (>=0.0.23 <=0.0.26), ai.djl.tablesaw:tablesaw (>=0.18.0 <=0.32.0) +39045 more potentially affected by CVE-2020-8908 via com.google.guava:guava (>=r03 <=31.1-jre)

com.google.guava:guava MAVEN version =r03, =0.0.23, =0.18.0, =0.19.0, =3.32.1.6, =3.32.1.6-1-2.1, =3.32.1.6-1-3.0, =3.34.0.3-1-3.1, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =0.0.3, =0.3.0, =0.3.1-rc2 and more Source cves: CVE-2020-8908 Source advisory:...

ALPINE-CVE-2021-20270

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML SML source file, as demonstrated by input that only contains the "exception" keyword...